Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Hijackthis Log...need Help. Don't Know What The Problem Is

  • This topic is locked This topic is locked
2 replies to this topic

#1 jinah


  • Members
  • 2 posts
  • Local time:01:48 AM

Posted 08 September 2007 - 07:14 PM

I accidentally downloaded something thinking that I needed it...

I'm so bad with computers, i have no idea wats going on!!

Problem: when I turn on the pc and open internet explorer, random ads start popping up... like musicplustv,, perfspot..macy's ... it's crazy.

I've tried Smitfraudfix, and AVG. It seemed to work, then it came up AGAIN.


This is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오전 8:21:30, on 2007-09-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\tg\바탕 화면\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\SOUNDGRAPH\iMON\iMON.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Virus Chaser\Vcrmon.exe
C:\Program Files\IEDoumi\IEdoumi.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\tg\바탕 화면\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Virus Chaser\spiderml.exe
C:\Program Files\Virus Chaser\SpiderNT.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\WebCall World\SerialPhone\MiraPhone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Virus Chaser\Spiderui.exe
C:\Program Files\AdrMc\AdrMc.exe
C:\Documents and Settings\tg\Local Settings\Temporary Internet Files\Content.IE5\VJUMJQYC\HiJackThis[1].exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14FC32E9-58B7-4731-8919-3D0FB9D23D51} - C:\WINDOWS\system32\awvtr.dll
O2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: WebGuide Class - {42A8E7B3-8836-4b6e-9867-8D9934432FBD} - C:\Program Files\WebGuide\WebGuide.dll
O2 - BHO: DMCC4 Class - {46D7627B-2D58-40F0-8AE9-C4D59A2F1C92} - C:\WINDOWS\system32\mdmcc4.dll
O2 - BHO: (no name) - {47B83D78-F986-4E96-9769-2C55EF14DA0B} - C:\WINDOWS\system32\__c00DC5.dat
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: (no name) - {5621007F-BBEE-4674-8077-94C3591DE7C3} - C:\WINDOWS\system32\wvuurpq.dll
O2 - BHO: ToolBand Class - {6D9B1E76-9151-416b-BE88-EE3B2F61E79B} - C:\Program Files\TNExtension\MuukEx.dll (file missing)
O2 - BHO: OK 툴바 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\OkToolbar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: IEdoumi(웹도우미) - {820F89DE-0286-4ED5-9558-7E83D20D6690} - C:\PROGRA~1\IEDoumi\iedoumi.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ToolBand Class - {BAC752A1-7B6A-4336-89A1-212D85C64C43} - C:\Program Files\SGuide\SGuideEx.dll (file missing)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\ooektesq.dll
O2 - BHO: Savecash Class - {CBBA4969-0DFF-437A-9E18-7176A67444F1} - C:\Program Files\WSSaveCash\WSSaveCash.dll
O2 - BHO: Icarus2 - {E2E6833D-ABC0-489c-9D4E-71B59ECB141F} - C:\Program Files\Icarus2\Icarus2.dll
O2 - BHO: (no name) - {FECCE700-8269-47FC-A0FA-98D658FEA055} - C:\WINDOWS\system32\gmgr.dll (file missing)
O3 - Toolbar: OK 툴바 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\OkToolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [iMON] C:\Program Files\SOUNDGRAPH\iMON\iMON.exe
O4 - HKLM\..\Run: [upme] lexplore.exe
O4 - HKLM\..\Run: [ADSpider] C:\Program Files\ADSPider\ADSpider.exe /start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [G2] C:\Program Files\G2\G2Main.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NClean] C:\Program Files\NClean\NCleanMain.exe
O4 - HKLM\..\Run: [유해사이트차단] C:\Program Files\sitelimit\slupd.exe -update
O4 - HKLM\..\Run: [AirPC] C:\Program Files\AirPC\AirPC.exe /hidescan
O4 - HKLM\..\Run: [Vcrmon] C:\Program Files\Virus Chaser\Vcrmon.exe
O4 - HKLM\..\Run: [Mum1000] C:\Program Files\atum\Mum1000.exe
O4 - HKLM\..\Run: [atum] C:\Program Files\atum\atum.exe
O4 - HKLM\..\Run: [Bookmark] C:\Program Files\Bookmark\BookmarkInit.exe /u /m Bookmark.exe
O4 - HKLM\..\Run: [WMSRC] C:\Program Files\Windows Media Player\siratic.exe
O4 - HKLM\..\Run: [OKMaster] C:\Program Files\OKToolbar\OKMaster.exe
O4 - HKLM\..\Run: [System32] C:\WINDOWS\system32\System32.exe
O4 - HKLM\..\Run: [ProM] C:\Program Files\ProM\ProM.exe
O4 - HKLM\..\Run: [novags] novagsx.exe
O4 - HKLM\..\Run: [IEDoumi] "C:\Program Files\IEDoumi\IEdoumi.exe"
O4 - HKLM\..\Run: [mstosvr] C:\Program Files\shopMate\mstosvr.exe
O4 - HKLM\..\Run: [AdrMc] C:\Program Files\AdrMc\aminit.exe
O4 - HKLM\..\Run: [SidebarMaster] C:\Program Files\GoodDay\SidebarMaster.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WebProtect] C:\WINDOWS\system32\ProtMng.exe
O4 - HKLM\..\Run: [HncUpdate] C:\WINDOWS\system32\HncUpdate.exe /A
O4 - HKLM\..\Run: [Icarus2] C:\Program Files\Icarus2\UpdateChk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UpdateWeblink] "C:\Program Files\Weblink\UpdateWeblink.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\tg\바탕 화면\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\vkfpqrjj.dll",forkonce
O4 - HKLM\..\RunServices: [upme] lexplore.exe
O4 - HKCU\..\Run: [MiraPhone] C:\Program Files\WebCall World\SerialPhone\MiraPhoneUpdator.exe
O4 - HKCU\..\Run: [TNExtension] C:\Program Files\TNExtension\TNExtension.exe /WS
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WebGuide] C:\Program Files\WebGuide\WGUIDE.exe /WS
O4 - HKCU\..\Run: [판도라TV미니] C:\Program Files\PandoraTVMini\MiniUpdate.exe
O4 - HKCU\..\Run: [WSSaveCash] C:\Program Files\WSSaveCash\WSSaveCash.exe /WS
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [SOFTWARE\Mctime] C:\WINDOWS\system32\Mctime.exe
O4 - HKCU\..\Run: [SGuide] C:\Program Files\SGuide\SGUIDE.exe /WS
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\동키호테\Donkeyhote.exe -AutoStart
O4 - HKLM\..\Policies\Explorer\Run: [winupx Service] winupx.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java 콘솔 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {42A8E7B3-8836-4b6e-9867-8D9934432FBD} - (no file)
O9 - Extra button: 서치모아 포인트 적립 - {44E1D53E-1DE5-4ED1-B3EB-7AFF44DA5589} - C:\Program Files\WSSaveCash\WSExtension.dll
O9 - Extra button: 뮤크 - {6D9B1E76-9151-416b-BE88-EE3B2F61E79B} - C:\Program Files\TNExtension\MuukEx.dll (file missing)
O9 - Extra button: 무료 백신 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\Okupdmnger.exe (file missing)
O9 - Extra button: Windows Extension - {BAC752A1-7B6A-4336-89A1-212D85C64C43} - C:\Program Files\SGuide\SGuideEx.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.trigem.co.kr/
O15 - Trusted Zone: www.sisclub.com
O15 - Trusted Zone: http://*.buddybuddy.co.kr (HKLM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nmstarter/NMStarter23.cab
O16 - DPF: {02431A5A-0036-4851-AB6A-69783F89364A} (CiEBSWAX Class) - http://www.ebsi.co.kr/ebs/ActiveX/iEBSWAX.cab
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg7.cyworld.nate.com/ImageUpload...mageUpload3.cab
O16 - DPF: {109E02F2-D292-456F-AF67-2680FF768829} (CleanActX Control) - http://www.clean-up.co.kr/in/CleanX.cab
O16 - DPF: {10B69FAD-B2F1-4DB0-BBEC-81DCC529F957} (BTWWebClient Control) - http://download.banktown.com/kbstarActiveX/BTW-sToolkit.cab
O16 - DPF: {15AECD82-DA7D-4EC5-B57F-ED578D84C3F9} (DaumFileControl Control) - http://file.daum.net/down/DaumFile.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab
O16 - DPF: {21FDDE58-51A6-402A-8040-39DA033DC196} (Pull0PlayerX Control) - http://image.pullbbang.com/newTop/Pull0Control.ocx
O16 - DPF: {243C3672-9526-40AA-BE22-988F92CFA591} - http://nclean.co.kr/install/nclean.cab
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - http://www.citibank.co.kr/initech/plugin/INIS60.cab
O16 - DPF: {2D394D05-A066-4678-BA38-E85882B09B2E} (Controller Class) - http://www.cosmotan.com/cabinet/myspeed.cab
O16 - DPF: {2E68BEE5-A640-11D2-AEA4-00AA006E5B34} (HnwActiv Control) - http://pan.kbstar.com/ezgen/hnwactiv_5_0_0_5.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {32D94A9F-9A18-4E12-863D-8AABA8CBDA78} (NateOnMMSAtx3 Class) - http://viewsms.nate.com/NateOnMMS_AX3.cab
O16 - DPF: {39669C5E-2BF4-4FA9-B4D1-C4B7D7A88374} (INKADSREGCtrl Class) - http://www.ddnet.co.kr/drm/INKADRM.cab
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - http://www.citibank.co.kr/js/kor/scsk4.cab
O16 - DPF: {3F628FA3-002C-4905-8AFE-99C2F4AC3A97} (VenusMe Control) - http://www.venuscall.com/VenusMe.cab
O16 - DPF: {4294CF2A-1321-48FF-B48A-DF996CF3A0E1} (UpGameMessageCtrl Control) - http://game.cashup.co.kr/ocx/UpGameMessageCtrl.cab
O16 - DPF: {458F5FA5-E8F8-4D7B-96FA-43419A71B5A7} (ToonsXDaum2 Control) - http://comic.daum.net/download/ToonsXDaum2.cab
O16 - DPF: {4870AABC-331A-4B28-B9C5-E33B90C8F376} (CashUpGame Control) - http://upgame.cashup.co.kr/ocx/CashUpGame.cab
O16 - DPF: {518419D1-F74F-48E5-9D98-599EC0DAFBEA} (MpiPlugin Class) - https://kspay.ksnet.to/ksmpi/KSNetMPI.cab
O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {5AF23F72-BCB5-4E44-AD5B-E752973FB08C} (BankPayNewCtrl Control) - http://www.bankpay.or.kr/BankPayNew.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ZH-CN/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} (Gogs Class) - http://item2.naver.com/music/cab/nbgm.cab
O16 - DPF: {5E90C916-5226-4818-B22B-0CF34EF6F693} (NeoTest Agent Caller ActiveX) - http://www.ebsi.co.kr/ebs/ActiveX/webboard/NeoTest.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {626AACF5-D265-40B2-BBAF-EDB843EC9619} (NHN 만화 뷰어) - http://cdn.naver.com/naver/comic/hcviewer3.cab
O16 - DPF: {6531D99C-0D0E-4293-B3CB-A3E1D0D41847} (AhnASP Control) - http://ahnlabdownload.nefficient.co.kr/asp/cab/AhnASP.cab
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://img.pandora.tv/pan_img/liveupdate/SVPorsche.cab
O16 - DPF: {68B5B09E-9CB4-4E93-A75B-44DD4362120C} (ToonsXContentsPlug Control) - http://comic.daum.net/download/ToonsXContentsPlug.cab
O16 - DPF: {6989C944-3529-4DA8-8C60-187E95F580E2} (SecureSession Class) - http://www.leeum.org/book/include/SecuiJoinsIE.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab
O16 - DPF: {6A599FB1-6CF1-42D8-9293-88B6FCC89E78} (CyberInstaller Control) - http://www.cybermed.co.kr/~distribution/CyberInstaller.cab
O16 - DPF: {6AD54F1E-D241-48B4-ACFF-37BA1B1BF7AD} (SMInstallCom Class) - http://ax.spymedic.co.kr/control/SpyMedicWebInst.cab
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} - http://member.nate.com/initech/plugin/axINIplugin40.cab
O16 - DPF: {6C6A4DD2-4235-4708-9B66-35BB3A4D31E4} (ToonsXNowiz Control) - http://www.nowcartoon.com/TNS/1,0,2,5/ToonsXNowiz.cab
O16 - DPF: {6F4863C1-482C-4744-8946-4AEA34DF1A16} (FreechalOn Class) - http://login.freechal.com/freechalon/FcOnCtl12.cab
O16 - DPF: {6FC8738C-1723-4990-BD6E-5633AD3BC6E8} - http://down.c-zero.co.kr/cab1/CZInstall.CAB
O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) - http://www.letskt.com/imas/IniMasPlugin.cab
O16 - DPF: {765A88D3-EB24-4A26-ACCF-1F754DB281FE} - http://pcbagsa.com/down/pcbaksaActiveFormProj1.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://img.kbstar.com/xecure/xw_install_v7202.cab
O16 - DPF: {857BAFDB-41FC-4A02-86D9-78B884AF6437} (mkdiniswCtrl Class) - http://ahnlabdownload.nefficient.co.kr/asp/cab/mkdinisw.cab
O16 - DPF: {88A583D1-E42F-4DB2-8FCF-AEE7C5D99892} (AirPCInstaller Control) - http://update.airpc.co.kr/airpc/activex/AirPCInstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {90227A18-E482-47B8-83F2-146CABA6ABF7} (Npwsx Control) - http://update.nprotect.net/nprotect/kb/npws/npwsx.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9/dmcc2.cab
O16 - DPF: {95ECBC00-7121-4379-BD64-69B42A0F1123} (MapID Control) - http://www.mapid.net/ActiveX/MapID_V14.cab
O16 - DPF: {95F19BBE-F9AB-4393-B323-8A2071F3859D} (SCapbotCJ Control) - http://download.netmarble.com/web/6n/cp_si...oftCapBotCJ.cab
O16 - DPF: {964DB413-7247-4B0A-80AF-4E1508CDFF4A} - http://down.c-zero.co.kr/cab4/CCInst3.CAB
O16 - DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} (eGSignPlus For_EBS Class) - http://www.ebsi.co.kr/ebs/ActiveX/eGEBS.cab
O16 - DPF: {97154128-DC4C-4D5B-AF7C-CA7356238EC9} (Hanmail FileUpload Control) - http://wwl281.daum.net/hanmail-ax/HM_fileupload.cab
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://www.diodeo.com/DioDeoPlayer.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://ahnlabdownload.nefficient.co.kr/plu...yfirewall20.cab
O16 - DPF: {9BF4F796-4625-4E8E-B1D2-43FD110130C1} (Jxceal40s2 Control) - http://mail.mofat.go.kr/download/JXCealG2.v3.mofat.cab
O16 - DPF: {9C651540-F94A-4AF9-BD85-EEDA21F5F35D} (MegaPlayerVer20 Control) - http://img.megastudy.net/MegaPlayerVer20.Cab
O16 - DPF: {A218BDD8-0547-4DED-8A98-93D552E945F4} (ODMap30 Control) - http://kr.traffic.yahoo.com/Objects/ODMap35.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://kings.nefficient.co.kr/kings/kdfx/k...38/kdfense8.cab
O16 - DPF: {A4BBD40E-CE6B-4028-9EA1-D509155DB6F5} (BMGiwsx Control) - http://www.rtouch.com/bluemapviewer.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {A968671F-9927-4E04-9D12-300CD058811C} (EnDiskControlCtrl Class) - http://update.endisk.com/EnUpdate/EnDiskControl2.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Pmang & SayClub Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {A9A10555-AD70-4A69-A440-9159867E61B9} (muzmvset Class) - http://player.muz.co.kr/package/muzmvset.cab
O16 - DPF: {B27CD839-871B-404F-9AB3-68B942D11BF4} (Oi Control) - http://listen.daum.net/52st.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackorea.net/update/ilkactx.cab
O16 - DPF: {B8C4B31D-6DCE-4DF0-BF73-44686849F67D} (PDRInst1 Class) - http://imgcdn.pandora.tv/pan_img/p3player/...age/pdrinst.cab
O16 - DPF: {B8FBFE7F-529C-48F5-96F6-093180417DA4} (launchIEdoumi) - http://down.iedoumi.com/launchIEdoumi.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,2,0
O16 - DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} (SBSWebPlayer Class) - http://netv.sbs.co.kr/object/player/SBSWebPlayer.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/bugsLoader20041018.cab
O16 - DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} (MOPlayerWnd Class) - http://www.melon.com/cab/Melon.cab
O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://player.muz.co.kr/package/p3muzset.cab
O16 - DPF: {C394A9A2-C51D-4C26-BB2C-6DEB30A890F4} (ActiveDiodeoPlayer Control) - http://www.diodeo.com/ActiveDiodeoPlayer.cab
O16 - DPF: {C3C46E1D-4929-4FE8-853E-5CD43938047D} - http://g2.co.kr/program/install/g2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://video.tvpot.daum.net/package/p3Instal.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/module/npx.cab
O16 - DPF: {D0122112-9444-463A-AE2D-7EF5E2793AEE} (ADZEROInstaller Class) - http://update.ad-zero.com/cab/ADZEROCom.cab
O16 - DPF: {D26A941D-7E89-4098-B583-43291FC14218} (Pull0PlayerX Control) - http://image.pullbbang.com/images/Pull0Control.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D572CD64-9310-4712-8FFC-A4F9DC9D4AC1} (QbicUpdate Control) - http://qbic.hanafos.com/component/QbicUpdate.CAB
O16 - DPF: {D5B33DF9-4DF8-4131-B356-99739A66C30A} (PFileDownloadCtrl Control) - http://club.donkeyhote.co.kr/ocx/PFileDownloadCtrl.cab
O16 - DPF: {D6D424E5-DE1C-4E91-8B59-00F5D860E3BF} (KillRecord Control) - http://dist.cdnetworks.co.kr/cdndist/killr.../KillRecord.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://pg.banktown.com/wallet/inca/keycrypt/npkcx.cab
O16 - DPF: {D733A7E5-C22C-43F3-BCAA-CE53EB8921E5} (InstSSTB Class) - http://www.sportsseoultoolbar.com/update/cab/InstallSST.cab
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.com/ocx/test/Online.cab
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} (CongnamulMap4Asp Control) - http://sims.sktelecom.com/ActiveX/CongnamulMap4Asp_V23.cab
O16 - DPF: {DDE6FED7-88AB-405B-9D77-FD4CDA8B9EB5} (Qbic Control) - http://qbic.hanafos.com/component/Qbic.CAB
O16 - DPF: {DEFFDE5F-E0E2-4D2A-B607-E0DA68AEF9BE} (TSTransf Control) - http://e-tax.interpark.com/interpark/tax/f...TransferPCL.cab
O16 - DPF: {DF88B6BB-3A73-4443-95A4-23A1568CAC80} (Coxgrd Control) - http://www.upiece.co.kr/piece/plugin/coxgrd.cab
O16 - DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} (CongnamulMap Control) - http://www.congnamul.com/ActiveX/CongnamulMap_V16.cab
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanmail.net/activex/dmcm.cab
O16 - DPF: {E4F500BF-C1A3-11D6-9697-0090961B771E} (VCR.Scan) - http://www.viruschaser.com/Kor/vc4w_ocx/Vcrscan.CAB
O16 - DPF: {E7774706-39DA-4CBA-98CF-621DBE973AA3} (DSMWD Control) - http://www.womeg.com/DISTRIBUTE/OCX/SOSWSetup.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
O16 - DPF: {E831AA9C-C980-4F16-B252-09AAF40D0E9B} (Kdfense9 Control) - http://kings.cachenet.com/kdfx218/kbstar/kdfense9.cab
O16 - DPF: {E83A492E-6E57-4273-A340-FB378B3F3A80} (AniCast2 Class) - http://cp.slimcamp.com/player/control/axacast2.cab
O16 - DPF: {E8FB2BD7-3703-483A-8EC1-43DADAFC7668} (ELauncher Control) - http://update.folderplus.com/eWebLink/eLauncher.cab
O16 - DPF: {EE014CB4-0CB6-4C4F-8D15-46AE10B9B059} (SVBookmark Control) - http://www.ebsi.co.kr/ebs/ActiveX/SVBookmark.cab
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) - http://live.pdbox.co.kr:8057/AFCStarter.cab
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} - http://www.skku.ac.kr/initech/plugin/INIS50.cab
O16 - DPF: {F480B021-E226-406F-A23D-22118518B736} (Login Control) - http://update.gample.net/gample/activex/login.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/launcher/...ora_SetUpAX.cab
O16 - DPF: {F61919F5-1292-4447-A904-1943D72ACF04} (CertCheck for KB Control) - http://img.kbstar.com/cab/certCheck.cab
O16 - DPF: {FE347307-8DFA-4BD4-A281-CF83F27287C6} (NeoRSLoaderObj Class) -
O16 - DPF: {FFD77E35-1C34-4EAC-B5A7-414CC5D007DA} (AnsimPlugin Class) - https://kspay.ksnet.to/vistampi/KSNetMPI.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00ABE04.dat
O20 - Winlogon Notify: asnt3 - C:\WINDOWS\SYSTEM32\AsntDll.dll
O20 - Winlogon Notify: awvtr - C:\WINDOWS\system32\awvtr.dll
O20 - Winlogon Notify: winzwr32 - C:\WINDOWS\SYSTEM32\winzwr32.dll
O20 - Winlogon Notify: wvuurpq - C:\WINDOWS\SYSTEM32\wvuurpq.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AsNT2 - ©ieasysoft - C:\WINDOWS\System32\asnt2.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Documents and Settings\tg\바탕 화면\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Debug Log (dbglg) - Unknown owner - C:\WINDOWS\system32\dbglg.exe (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\fbeublhc.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod 서비스 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Virus Chaser Spider NT (spidernt) - New Technology Wave Inc. - C:\Program Files\Virus Chaser\SpiderNT.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 2: (no name) - http://topskins.com/places/nynight/nynight1.jpg
O24 - Desktop Component 3: (no name) - http://topskins.com/placennature/fields/fields4.jpg
O24 - Desktop Component 4: (no name) - http://topskins.com/placennature/bluesky/bluesky4x.jpg
O24 - Desktop Component 5: (no name) - http://topskins.com/placennature/island/island1.jpg
O24 - Desktop Component 6: (no name) - http://topskins.com/placennature/fields/fields1.jpg
O24 - Desktop Component 7: (no name) - http://topskins.com/nature/waves/waves1.jpg
O24 - Desktop Component 8: (no name) - (no file)

End of file - 25379 bytes

Thanks :flowers::thumbsup:

BC AdBot (Login to Remove)


#2 SifuMike


    malware expert

  • Members
  • 15,385 posts
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:48 AM

Posted 11 September 2007 - 02:08 PM

Hello jinah,

I am SifuMike and I will be helping you. Sorry for the delay. We are swamped with logs.

NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again!

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of the SmitfraudFix report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Edited by SifuMike, 11 September 2007 - 02:09 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!

Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike


    malware expert

  • Members
  • 15,385 posts
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:48 AM

Posted 20 September 2007 - 04:02 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!

Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users