1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My search engines hijacked

Discussion in 'Virus & Other Malware Removal' started by k-stop, Jan 28, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. k-stop

    k-stop Thread Starter

    Joined:
    Aug 17, 2003
    Messages:
    37
    Hi. I wonder if you could help me with this. Lately each time I try to use Google or Yahoo search, another website pops up. Each time it is different but with the exact same interface. I downloaded Hijack This! and here is the logfile:

    *******************
    Logfile of HijackThis v1.99.1
    Scan saved at 오후 1:59:33, on 2007-01-28
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\conime.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ESTsoft\ALZip\ALZip.exe
    C:\Documents and Settings\user\Local Settings\Temp\_AZTMP0_\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE"
    O4 - HKLM\..\Run: [HncUpdate] C:\WINDOWS\system32\HncUpdate.exe /A
    O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java 콘솔 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
    O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
    O15 - Trusted IP range: http://192.168.1.55
    O16 - DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} (HLiveRobotWeb Control) - http://fx.hauri.net/HProduct/livesuite/shinhancard/CLIENT/LiveSuite/web/HLiveRobotWeb.cab
    O16 - DPF: {0CD2EC08-3CF6-4BC4-BF48-824F4C1994F1} (SecureSession Class) - http://www.samsungfn.com/contents/trustnet/TNWebToolkitForIE.cab
    O16 - DPF: {2F8A9AB6-4A0B-47F1-95D9-2A0F100064E1} (MAGETDATA Class) - http://mpi.dacom.net/XMPI/js/XACSDATA.cab
    O16 - DPF: {325A2282-C738-4265-B43D-587926879609} (TrustedZone Control) - http://www.iros.go.kr/iris/TrustedZoneCtrl.cab
    O16 - DPF: {32D94A9F-9A18-4E12-863D-8AABA8CBDA78} (NateOnMMSAtx3 Class) - http://viewsms.nate.com/NateOnMMS_AX3.cab
    O16 - DPF: {3DAE9C86-4D54-4D33-A82D-E4F9150E2D86} (NateOnMMSAtx2 Class) - http://viewsms.nate.com/NateOnMMS_AX2.cab
    O16 - DPF: {474AD63A-9B7E-40FE-8E4E-7067CC0F8D3D} (IB_OnAir.IBOnAir) - http://ionair.sbs.co.kr/onair/IB_OnAir.CAB
    O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - http://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPIOCX.cab
    O16 - DPF: {5C899971-E9D6-4496-8077-98378408E340} (MPControl Control) - http://mplay.sbs.co.kr/players/SBSiMPControl.cab
    O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} (Gogs Class) - http://bridge.item2.naver.com/music/cab/nbgm.cab
    O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Published/XecureWeb/v7.0.9.5/xw_install.cab
    O16 - DPF: {9675ABBF-8D0B-4956-868C-934B5A7928D4} (Npv Control) - http://update.nprotect.net/nprotect2004/lotte/npv.cab
    O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://kings.cachenet.com/kdfx222/kdfense8.cab
    O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - http://www.woori.com/authPopup/ilkactx.cab
    O16 - DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} (VineTransfer Control) - http://chbib.chb.co.kr/infovine/VineTransfer.cab
    O16 - DPF: {C71BF87F-710C-4F96-8B90-A17190B6BDAE} (SSOATL Class) - http://song.ysc.ac.kr/ssologin/newlogin/SSOCX.cab
    O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/hyundaicard/npx.cab
    O16 - DPF: {D95F5F60-5BB7-4655-BACE-FC5371EFC3E0} (Npx2 Control) - http://update.nprotect.net/nprotect/bccard/npx2.cab
    O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - http://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
    O16 - DPF: {F08583A3-5B72-4CCC-8F9F-8BD3738C7C33} (UserAuthOcx Control) - http://www.naver.com/UserAuthOcx.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1FF1320A-1544-4FC1-A200-C1BE9ACC65E5}: NameServer = 85.255.116.23,85.255.112.74
    O17 - HKLM\System\CCS\Services\Tcpip\..\{76926A49-CF24-4341-B03E-6FC2167FA31B}: NameServer = 85.255.116.23,85.255.112.74
    O17 - HKLM\System\CCS\Services\Tcpip\..\{820E14EE-E0DD-494E-B6E0-F4490E38A6BD}: NameServer = 85.255.116.23,85.255.112.74
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C3D8D026-F0DE-4DC8-B2F6-7E88236FBE4B}: NameServer = 85.255.116.23,85.255.112.74
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.23 85.255.112.74
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1FF1320A-1544-4FC1-A200-C1BE9ACC65E5}: NameServer = 85.255.116.23,85.255.112.74
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.23 85.255.112.74
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1FF1320A-1544-4FC1-A200-C1BE9ACC65E5}: NameServer = 85.255.116.23,85.255.112.74
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.23 85.255.112.74
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O18 - Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O18 - Filter hijack: application/octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O18 - Filter: application/vnd-backup-octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O18 - Filter: application/vnd-viewer - {CD4527E8-4FC7-48DB-9806-10537B501237} - (no file)
    O18 - Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O18 - Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O18 - Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    **********************
    Any assistance would be GREATLY appreciated! Thanks.

    k-stop
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You appear to not have an active ANtiVirus

    Get the free AVG AntiVirus 7.5 install it, check for updates and run a full scan

    AVG 7.5 - http://free.grisoft.com/freeweb.php/doc/2/
    =================

    Please click here http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html to download the latest version of JAVA Install the application, then go to the Add/Remove Programs options in the Control Panel and Remove ALL previous versions of JAVA.
    ==========================

    Please download FixWareout from one of these mirrors:
    http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
    http://downloads.subratam.org/Fixwareout.exe

    Note: You must have an active Internet connection when running this fix, in order to download the Brute Force Uninstaller (BFU).

    Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
    The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
    Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
    Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.
    =====================================
    Fix these with HiJackThis – mark them, close IE, click fix checked

    O17 - HKLM\System\CCS\Services\Tcpip\..\{1FF1320A-1544-4FC1-A200-C1BE9ACC65E5}: NameServer = 85.255.116.23,85.255.112.74

    O17 - HKLM\System\CCS\Services\Tcpip\..\{76926A49-CF24-4341-B03E-6FC2167FA31B}: NameServer = 85.255.116.23,85.255.112.74

    O17 - HKLM\System\CCS\Services\Tcpip\..\{820E14EE-E0DD-494E-B6E0-F4490E38A6BD}: NameServer = 85.255.116.23,85.255.112.74

    O17 - HKLM\System\CCS\Services\Tcpip\..\{C3D8D026-F0DE-4DC8-B2F6-7E88236FBE4B}: NameServer = 85.255.116.23,85.255.112.74

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.23 85.255.112.74

    O17 - HKLM\System\CS1\Services\Tcpip\..\{1FF1320A-1544-4FC1-A200-C1BE9ACC65E5}: NameServer = 85.255.116.23,85.255.112.74

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.23 85.255.112.74

    O17 - HKLM\System\CS2\Services\Tcpip\..\{1FF1320A-1544-4FC1-A200-C1BE9ACC65E5}: NameServer = 85.255.116.23,85.255.112.74

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.23 85.255.112.74
    ====================

    Boot and post a new hijack log from normal NOT safe mode

    ==========================

    Download Superantispyware

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.
     
  3. k-stop

    k-stop Thread Starter

    Joined:
    Aug 17, 2003
    Messages:
    37
    After downloading AVG and then JAVA (while deleting the previous version), I downloaded FixWareout and here is the log:

    ixwareout
    Last edited 1/27/2007
    Post this report in the forums please
    ...
    Prerun check
    뻣뻣?HKLM run and Winlogon System values
    C:\WINDOWS\system32\kdclg.exe will be moved to C:\WINDOWS\temp\kdclg.ren at reboot.
    뻣뻣?System restarted
    ...
    Reg Entries that were deleted
    ...
    Random Runs removed from HKLM
    ...

    PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

    뻣뻣?Searching by size/names...

    뻣뻣?
    Search five digit cs, dm kd and jb files.
    This WILL/CAN also list Legit Files, Submit them at Virustotal

    Other suspects.

    뻣뻣?Misc files.

    뻣뻣?Checking for older varients covered by the Rem3 tool.

    뻣뻣?Postrun check
    뻣뻣?HKLM run
    뻣뻣?Winlogon System value
    "system"=""
    뻣뻣?


    뻣뻣?Current runs

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "AGRSMMSG"="AGRSMMSG.exe"
    "LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
    "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "SENS Keyboard V4 Launcher"="\"C:\\Program Files\\SAMSUNG\\SENS Keyboard V4 Launcher\\SENSKBD.EXE\""
    "HncUpdate"="C:\\WINDOWS\\system32\\HncUpdate.exe /A"
    "imekrmig7.0"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\IME\\IMKR7\\IMEKRMIG.EXE\""
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

    ***********************
    latest scan of Hijack This:

    Logfile of HijackThis v1.99.1
    Scan saved at 오전 10:54:33, on 2007-01-29
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\conime.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE
    C:\WINDOWS\system32\HncUpdate.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ESTsoft\ALZip\ALZip.exe
    C:\Program Files\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE"
    O4 - HKLM\..\Run: [HncUpdate] C:\WINDOWS\system32\HncUpdate.exe /A
    O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java 콘솔 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
    O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
    O15 - Trusted IP range: http://192.168.1.55
    O16 - DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} (HLiveRobotWeb Control) - http://fx.hauri.net/HProduct/livesuite/shinhancard/CLIENT/LiveSuite/web/HLiveRobotWeb.cab
    O16 - DPF: {0CD2EC08-3CF6-4BC4-BF48-824F4C1994F1} (SecureSession Class) - http://www.samsungfn.com/contents/trustnet/TNWebToolkitForIE.cab
    O16 - DPF: {2F8A9AB6-4A0B-47F1-95D9-2A0F100064E1} (MAGETDATA Class) - http://mpi.dacom.net/XMPI/js/XACSDATA.cab
    O16 - DPF: {325A2282-C738-4265-B43D-587926879609} (TrustedZone Control) - http://www.iros.go.kr/iris/TrustedZoneCtrl.cab
    O16 - DPF: {32D94A9F-9A18-4E12-863D-8AABA8CBDA78} (NateOnMMSAtx3 Class) - http://viewsms.nate.com/NateOnMMS_AX3.cab
    O16 - DPF: {3DAE9C86-4D54-4D33-A82D-E4F9150E2D86} (NateOnMMSAtx2 Class) - http://viewsms.nate.com/NateOnMMS_AX2.cab
    O16 - DPF: {474AD63A-9B7E-40FE-8E4E-7067CC0F8D3D} (IB_OnAir.IBOnAir) - http://ionair.sbs.co.kr/onair/IB_OnAir.CAB
    O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - http://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPIOCX.cab
    O16 - DPF: {5C899971-E9D6-4496-8077-98378408E340} (MPControl Control) - http://mplay.sbs.co.kr/players/SBSiMPControl.cab
    O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} (Gogs Class) - http://bridge.item2.naver.com/music/cab/nbgm.cab
    O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Published/XecureWeb/v7.0.9.5/xw_install.cab
    O16 - DPF: {9675ABBF-8D0B-4956-868C-934B5A7928D4} (Npv Control) - http://update.nprotect.net/nprotect2004/lotte/npv.cab
    O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://kings.cachenet.com/kdfx222/kdfense8.cab
    O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - http://www.woori.com/authPopup/ilkactx.cab
    O16 - DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} (VineTransfer Control) - http://chbib.chb.co.kr/infovine/VineTransfer.cab
    O16 - DPF: {C71BF87F-710C-4F96-8B90-A17190B6BDAE} (SSOATL Class) - http://song.ysc.ac.kr/ssologin/newlogin/SSOCX.cab
    O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/hyundaicard/npx.cab
    O16 - DPF: {D95F5F60-5BB7-4655-BACE-FC5371EFC3E0} (Npx2 Control) - http://update.nprotect.net/nprotect/bccard/npx2.cab
    O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - http://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
    O16 - DPF: {F08583A3-5B72-4CCC-8F9F-8BD3738C7C33} (UserAuthOcx Control) - http://www.naver.com/UserAuthOcx.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O18 - Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O18 - Filter hijack: application/octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O18 - Filter: application/vnd-backup-octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O18 - Filter: application/vnd-viewer - {CD4527E8-4FC7-48DB-9806-10537B501237} - (no file)
    O18 - Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O18 - Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O18 - Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  4. k-stop

    k-stop Thread Starter

    Joined:
    Aug 17, 2003
    Messages:
    37
    SUPERAntiSpyware Scan Log
    Generated 01/29/2007 at 12:35 PM

    Application Version : 3.5.1016

    Core Rules Database Version : 3174
    Trace Rules Database Version: 1184

    Scan type : Complete Scan
    Total Scan Time : 01:24:58

    Memory items scanned : 338
    Memory threats detected : 0
    Registry items scanned : 4567
    Registry threats detected : 1
    File items scanned : 34477
    File threats detected : 29

    Unclassified.Unknown Origin/System
    [HncUpdate] C:\WINDOWS\SYSTEM32\HNCUPDATE.EXE
    C:\WINDOWS\SYSTEM32\HNCUPDATE.EXE
    C:\DOCUMENTS AND SETTINGS\ALL USERS\시작 메뉴\프로그램\한글과컴퓨터\한글과컴퓨터 자동 업데이트.LNK

    Adware.Tracking Cookie
    C:\Documents and Settings\user\Cookies\[email protected][2].txt
    C:\Documents and Settings\user\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Cookies\[email protected][2].txt
    C:\Documents and Settings\user\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Cookies\[email protected][2].txt
    C:\Documents and Settings\user\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Cookies\[email protected][2].txt
    C:\Documents and Settings\user\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Cookies\[email protected][2].txt
    C:\Documents and Settings\user\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\user\Local Settings\Temp\Cookies\use[email protected][1].txt
    C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt

    ************************

    Logfile of HijackThis v1.99.1
    Scan saved at 오후 1:56:42, on 2007-01-29
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE"
    O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java 콘솔 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
    O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
    O15 - Trusted IP range: http://192.168.1.55
    O16 - DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} (HLiveRobotWeb Control) - http://fx.hauri.net/HProduct/livesuite/shinhancard/CLIENT/LiveSuite/web/HLiveRobotWeb.cab
    O16 - DPF: {0CD2EC08-3CF6-4BC4-BF48-824F4C1994F1} (SecureSession Class) - http://www.samsungfn.com/contents/trustnet/TNWebToolkitForIE.cab
    O16 - DPF: {2F8A9AB6-4A0B-47F1-95D9-2A0F100064E1} (MAGETDATA Class) - http://mpi.dacom.net/XMPI/js/XACSDATA.cab
    O16 - DPF: {325A2282-C738-4265-B43D-587926879609} (TrustedZone Control) - http://www.iros.go.kr/iris/TrustedZoneCtrl.cab
    O16 - DPF: {32D94A9F-9A18-4E12-863D-8AABA8CBDA78} (NateOnMMSAtx3 Class) - http://viewsms.nate.com/NateOnMMS_AX3.cab
    O16 - DPF: {3DAE9C86-4D54-4D33-A82D-E4F9150E2D86} (NateOnMMSAtx2 Class) - http://viewsms.nate.com/NateOnMMS_AX2.cab
    O16 - DPF: {474AD63A-9B7E-40FE-8E4E-7067CC0F8D3D} (IB_OnAir.IBOnAir) - http://ionair.sbs.co.kr/onair/IB_OnAir.CAB
    O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - http://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPIOCX.cab
    O16 - DPF: {5C899971-E9D6-4496-8077-98378408E340} (MPControl Control) - http://mplay.sbs.co.kr/players/SBSiMPControl.cab
    O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} (Gogs Class) - http://bridge.item2.naver.com/music/cab/nbgm.cab
    O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Published/XecureWeb/v7.0.9.5/xw_install.cab
    O16 - DPF: {9675ABBF-8D0B-4956-868C-934B5A7928D4} (Npv Control) - http://update.nprotect.net/nprotect2004/lotte/npv.cab
    O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://kings.cachenet.com/kdfx222/kdfense8.cab
    O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - http://www.woori.com/authPopup/ilkactx.cab
    O16 - DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} (VineTransfer Control) - http://chbib.chb.co.kr/infovine/VineTransfer.cab
    O16 - DPF: {C71BF87F-710C-4F96-8B90-A17190B6BDAE} (SSOATL Class) - http://song.ysc.ac.kr/ssologin/newlogin/SSOCX.cab
    O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/hyundaicard/npx.cab
    O16 - DPF: {D95F5F60-5BB7-4655-BACE-FC5371EFC3E0} (Npx2 Control) - http://update.nprotect.net/nprotect/bccard/npx2.cab
    O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - http://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
    O16 - DPF: {F08583A3-5B72-4CCC-8F9F-8BD3738C7C33} (UserAuthOcx Control) - http://www.naver.com/UserAuthOcx.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O18 - Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O18 - Filter hijack: application/octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O18 - Filter: application/vnd-backup-octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O18 - Filter: application/vnd-viewer - {CD4527E8-4FC7-48DB-9806-10537B501237} - (no file)
    O18 - Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O18 - Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O18 - Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  5. k-stop

    k-stop Thread Starter

    Joined:
    Aug 17, 2003
    Messages:
    37
    Many thanks! Things seem to be back to normal right now. Please advise if there is anything else I need to do. I recall reading your assistance on the guy who had his Yahoo search engine hijacked and that helped as well.

    Will definitely be donating to the site! It is a godsend!

    k-stop
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Delete this file

    C:\WINDOWS\temp\kdclg.ren

    DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

    Use the clear files and Unnecessary files buttons – I do not recommend
    using the Duplicates files button
    as many dupes are there on purpose.

    Not all files will delete – that is normal.

    In the unnecessary button I check the top 4 entries
    ===================

    Clean [​IMG]

    Turn off restore points, boot, turn them back on – here’s how

    http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam
     
  7. k-stop

    k-stop Thread Starter

    Joined:
    Aug 17, 2003
    Messages:
    37
    Thank you. All the steps were completed. Had already deleted the C:\WINDOWS\temp\kdclg.ren file from reading similar posts on other threads. Ran and re-ran a few of the programs to make sure.

    As promised, also made a donation to techguy.org and feel like I have a new computer! Keep up the good work.

    k-stop
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Thanks!
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/538974

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice