dkim18
asked on
Analyzing log file
Hi Experts,
my friends computer is acting up since after installing a program according to her. So, she tried to uninstall, but from the add/remove program section, but he got something like executable file corrupted error message.
Here is the log file by using the following link:
http://www.download.com/HijackThis/3000-8022_4-10379544.html
++++++++++++
Logfile of HijackThis v1.99.1
Scan saved at ¿ÀÀü 2:49:03, on 2007-10-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\system32\conime .exe
C:\WINDOWS\System32\Ati2ev xx.exe
c:\Program Files\Codec Pack\v13\codecsnd.exe
c:\Program Files\Adapte\bin\v13\cdrv1 3.exe
C:\WINDOWS\System32\svchos t.exe
C:\PROGRA~1\FASOOD~1\fph.e xe
C:\Program Files\Common Files\Real\Update_OB\reals ched.exe
C:\WINDOWS\booster.exe
C:\Program Files\Adapte\bin\v13\cdrv1 3.exe
C:\WINDOWS\system32\2048\d concnfg.ex e
C:\WINDOWS\Wsync.exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\DOWNLO~1\CONFLI CT.3\myspr un.exe
C:\Program Files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\rhfh.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\PExtService\ppext.ex e
C:\WINDOWS\system32\wuaucl t.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\musafir\Local Settings\Temp\Temporary Internet Files\Content.IE5\8TIJ6ZCD \hijackthi s[1]\Hijac kThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.d ll
O2 - BHO: WebDC - {4AAA2F98-2D2F-4938-AFB1-3 EC1B51C41D 9} - C:\Program Files\Fasoo DRM\f_webdc.dll
O2 - BHO: Windows IExplorer7 - {6CD1CD02-5DC1-4117-AF32-8 7B26783B5F 0} - C:\WINDOWS\system32\scro.d ll
O2 - BHO: ppext - {CE52C857-01EB-4FA2-996E-5 2C8D687963 2} - C:\PROGRA~1\PEXTSE~1\ppext .dll
O2 - BHO: BHOster Class - {F64C2181-0062-4ED8-B6B0-7 2BB47BA711 C} - C:\Program Files\IBS\Boos.dll
O3 - Toolbar: ³×À̹ö Åø¹Ù(&N) - {D09CFF09-A42A-4EDC-9804-E 61224F59CA 1} - C:\Program Files\NHN\NaverToolbar\Nav erTB_0_1_2 0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\program files\google\googletoolbar 2.dll
O3 - Toolbar: ibooster - {ECC9289B-F12B-4495-9F43-D D511701603 5} - C:\Program Files\ibooster\iboosterbar .dll
O3 - Toolbar: iBooster - {911B96F6-B36E-4862-AA9A-A A410E54008 9} - C:\Program Files\IBS\CBooster.dll
O4 - HKLM\..\Run: [SpeedUp] "C:\WINDOWS\DOWNLO~1\CONFL ICT.3\Spee dUp2.exe"
O4 - HKLM\..\Run: [Dr.Fasoo] "C:\Program Files\Fasoo DRM\f_drscan.exe"
O4 - HKLM\..\Run: [FPH Exe] "C:\PROGRA~1\FASOOD~1\fph. exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals ched.exe" -osboot
O4 - HKLM\..\Run: [Opti_Regi] C:\Program Files\Opti_Regi\Opti_Regi. exe b
O4 - HKLM\..\Run: [ILJPL] C:\WINDOWS\booster.exe
O4 - HKLM\..\Run: [mfree] C:\Program Files\Internet Explorer\PLUGINS\mfree.exe
O4 - HKLM\..\Run: [cdrv13] c:\Program Files\Adapte\bin\v13\cdrv1 3.exe
O4 - HKLM\..\Run: [hpctl13] c:\Program Files\Common Files\LGT\Engine\v13\hpctl 13.exe
O4 - HKLM\..\Run: [UIOE] C:\WINDOWS\system32\Ukum\U spss.exe
O4 - HKLM\..\Run: [SRIL] C:\WINDOWS\system32\2048\d concnfg.ex e
O4 - HKLM\..\Run: [booSync] C:\WINDOWS\Wsync.exe
O4 - HKLM\..\Run: [windefend] C:\Program Files\windefend.exe
O4 - HKLM\..\Run: [XProtect] C:\Program Files\Common Files\Microsoft Shared\MSInfo\XProtect.exe
O4 - HKLM\..\Run: [AntiSpyware SpyxPro] C:\Program Files\SpyxPro\spsvc.exe /run
O4 - HKLM\..\Run: [PPService] c:\program files\pextservice\ppextup. exe start
O4 - HKLM\..\Run: [NProtects] C:\Windows\Config\NProtect s.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon .exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe
O4 - HKCU\..\Run: [KWSGuide] C:\Program Files\KWSSolution\KWSGuide .exe
O4 - HKCU\..\Run: [rhfh] c:\rhfh.exe
O4 - HKCU\..\Run: [Ahnup] C:\Program Files\Internet Explorer\SIGNUP\Ahnup.exe
O8 - Extra context menu item: Microsoft Excel·Î ³»º¸³»±â(&X) - res://C:\PROGRA~1\MICROS~2 \OFFICE11\ EXCEL.EXE/ 3000
O8 - Extra context menu item: ³×À̹ö °Ë»ö - res://C:\Program Files\NHN\NaverToolbar\Nav erTB_0_1_2 0.dll /SEARCH.HTML
O8 - Extra context menu item: ³×À̹ö »çÀü °Ë»ö - res://C:\Program Files\NHN\NaverToolbar\Nav erTB_0_1_2 0.dll /DIC.HTML
O8 - Extra context menu item: ³×À̹ö ÀÏÇÑ ¹ø¿ª - res://C:\Program Files\NHN\NaverToolbar\Nav erTB_0_1_2 0.dll /JKTRANS.HTML
O9 - Extra button: ¸®¼Ä¡ - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~1\MICROS~2\OFFIC E11\REFIEB AR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.allthegate.com
O15 - Trusted Zone: http://*.auction.co.kr
O15 - Trusted Zone: http://*.ddm.com
O15 - Trusted Zone: http://*.ddmclub.co.kr
O15 - Trusted Zone: http://*.kcp.co.kr
O15 - Trusted Zone: http://*.telec.co.kr
O15 - Trusted Zone: http://*.vpay.co.kr
O15 - Trusted Zone: http://*.yessign.or.kr
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8 D8CADEFE4F 9} (CyImage2Ctl Class) - http://cyimg7.cyworld.com/ImageUpload/CyImageUpload_10217.cab
O16 - DPF: {08AC405D-A4A0-448B-8AAF-9 D2903CC4A5 1} (EmpasSM Control) - http://download.empas.com/rel/note/x1_0_7_3/empassm.cab
O16 - DPF: {17492023-C23A-453E-A040-C 7C580BBF70 0} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {18771CED-CFBF-48CD-A673-C 36327B48A6 C} (Recorder2.UCRecorder) - http://academy.winglish.com/academy/recorders/recorder2/Recorder2.CAB
O16 - DPF: {1DE9BB01-B121-401D-8877-B CD5ED5B7EE 5} (Tpwin Control) - http://www.cgntv.net/ActiveX/AlwaysOn.CAB
O16 - DPF: {2A8C9C77-DA27-4D81-BBC9-8 73A892CEE3 8} (CHZERO REMOTE CTRL) - http://www.chzero.com/urimap/urimap_activex/OCX/IMAPOCX_WEB/IMAPOCX_WEB.CAB
O16 - DPF: {39FC0CF9-86F3-4502-B773-D 16706EDEC8 3} (SCSK Control) - https://acs2.hanabank.com/visa3d/SCObject/scsk4.cab
O16 - DPF: {6066F243-425A-4AD8-A2AE-6 BD1DE56FAE E} (PCID Class) - http://webclinic.ahnlab.com/webcomponent/speedup_plus/plugin/speedup.cab
O16 - DPF: {6414512B-B978-451D-A0D8-F CFDF33E833 C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123484748101
O16 - DPF: {6531D99C-0D0E-4293-B3CB-A 3E1D0D4184 7} (AhnASP Control) - http://ahnlabdownload.nefficient.co.kr/asp/cab/AhnASP.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-0 0C04F0CD40 4} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Published/XecureWeb/v7.0.9.2/xw_install.cab
O16 - DPF: {8C99859C-05D9-4CA5-B7DB-B CE80E4185B C} (AGSWallet Control) - http://www.allthegate.com/plugin/AGSWallet.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B 20FCA5CC97 6} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab
O16 - DPF: {9675ABBF-8D0B-4956-868C-9 34B5A7928D 4} - https://acs1.lottecard.co.kr/visa3d/kdfense/npv.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-E CE78EE28A3 3} (SysMonOCX Control) - http://webclinic.ahnlab.com/webcomponent/speedup_plus/plugin/speedup.cab
O16 - DPF: {9CDD57AC-CA86-464C-B920-3 228A388CC7 8} (NaverFileControl Control) - http://file.naver.com/down/NaverFile.cab
O16 - DPF: {ADBB74A2-C368-4C58-B065-0 BA3247019D 1} (JwEditor Pro for HMC groupware system) - http://autoway.hmc.co.kr/AutowayDotNet_Hmc/Base/OCX/JwEditorPro_HMCGW.cab
O16 - DPF: {C16EE000-B9F5-42FF-8ABA-A 87D38264B4 2} (JwUpdown2_Unicode for HMC) - http://autoway.hmc.co.kr/AutowayDotNet_Hmc/Base/OCX/JwUpdown2Uni_HMCGW.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2 789778A5B0 9} - http://update.nprotect.net/keycrypt/police/npkcx.cab
O16 - DPF: {E7D2B321-435E-4037-BCCB-6 694459B1DB E} (Mfile File Share Control7) - http://mfile.co.kr/mmsv/MfileWebControl2.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8 E305202313 F} - C:\PROGRA~1\MSNMES~1\MSGRA P~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8 E305202313 F} - C:\PROGRA~1\MSNMES~1\MSGRA P~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-9 4D524869DB 5} - C:\WINDOWS\system32\WPDShS erviceObj. dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2ev xx.exe
O23 - Service: codecsnd13 - Unknown owner - c:\Program Files\Codec Pack\v13\codecsnd.exe
O23 - Service: dliesvcs - Unknown owner - C:\WINDOWS\system32\dliesv cs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterServi ce.exe
O23 - Service: Pml Driver OEM12 - HP - C:\WINDOWS\system32\OEMipm 12.exe
++++++++++++++++++
Please let me know if you see anything suspicious.
thx
my friends computer is acting up since after installing a program according to her. So, she tried to uninstall, but from the add/remove program section, but he got something like executable file corrupted error message.
Here is the log file by using the following link:
http://www.download.com/HijackThis/3000-8022_4-10379544.html
++++++++++++
Logfile of HijackThis v1.99.1
Scan saved at ¿ÀÀü 2:49:03, on 2007-10-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\conime
C:\WINDOWS\System32\Ati2ev
c:\Program Files\Codec Pack\v13\codecsnd.exe
c:\Program Files\Adapte\bin\v13\cdrv1
C:\WINDOWS\System32\svchos
C:\PROGRA~1\FASOOD~1\fph.e
C:\Program Files\Common Files\Real\Update_OB\reals
C:\WINDOWS\booster.exe
C:\Program Files\Adapte\bin\v13\cdrv1
C:\WINDOWS\system32\2048\d
C:\WINDOWS\Wsync.exe
C:\WINDOWS\system32\ctfmon
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\DOWNLO~1\CONFLI
C:\Program Files\Google\GoogleToolbar
C:\Program Files\Internet Explorer\iexplore.exe
C:\rhfh.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\PExtService\ppext.ex
C:\WINDOWS\system32\wuaucl
C:\WINDOWS\explorer.exe
C:\Documents and Settings\musafir\Local Settings\Temp\Temporary Internet Files\Content.IE5\8TIJ6ZCD
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: WebDC - {4AAA2F98-2D2F-4938-AFB1-3
O2 - BHO: Windows IExplorer7 - {6CD1CD02-5DC1-4117-AF32-8
O2 - BHO: ppext - {CE52C857-01EB-4FA2-996E-5
O2 - BHO: BHOster Class - {F64C2181-0062-4ED8-B6B0-7
O3 - Toolbar: ³×À̹ö Åø¹Ù(&N) - {D09CFF09-A42A-4EDC-9804-E
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O3 - Toolbar: ibooster - {ECC9289B-F12B-4495-9F43-D
O3 - Toolbar: iBooster - {911B96F6-B36E-4862-AA9A-A
O4 - HKLM\..\Run: [SpeedUp] "C:\WINDOWS\DOWNLO~1\CONFL
O4 - HKLM\..\Run: [Dr.Fasoo] "C:\Program Files\Fasoo DRM\f_drscan.exe"
O4 - HKLM\..\Run: [FPH Exe] "C:\PROGRA~1\FASOOD~1\fph.
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [Opti_Regi] C:\Program Files\Opti_Regi\Opti_Regi.
O4 - HKLM\..\Run: [ILJPL] C:\WINDOWS\booster.exe
O4 - HKLM\..\Run: [mfree] C:\Program Files\Internet Explorer\PLUGINS\mfree.exe
O4 - HKLM\..\Run: [cdrv13] c:\Program Files\Adapte\bin\v13\cdrv1
O4 - HKLM\..\Run: [hpctl13] c:\Program Files\Common Files\LGT\Engine\v13\hpctl
O4 - HKLM\..\Run: [UIOE] C:\WINDOWS\system32\Ukum\U
O4 - HKLM\..\Run: [SRIL] C:\WINDOWS\system32\2048\d
O4 - HKLM\..\Run: [booSync] C:\WINDOWS\Wsync.exe
O4 - HKLM\..\Run: [windefend] C:\Program Files\windefend.exe
O4 - HKLM\..\Run: [XProtect] C:\Program Files\Common Files\Microsoft Shared\MSInfo\XProtect.exe
O4 - HKLM\..\Run: [AntiSpyware SpyxPro] C:\Program Files\SpyxPro\spsvc.exe /run
O4 - HKLM\..\Run: [PPService] c:\program files\pextservice\ppextup.
O4 - HKLM\..\Run: [NProtects] C:\Windows\Config\NProtect
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbar
O4 - HKCU\..\Run: [KWSGuide] C:\Program Files\KWSSolution\KWSGuide
O4 - HKCU\..\Run: [rhfh] c:\rhfh.exe
O4 - HKCU\..\Run: [Ahnup] C:\Program Files\Internet Explorer\SIGNUP\Ahnup.exe
O8 - Extra context menu item: Microsoft Excel·Î ³»º¸³»±â(&X) - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: ³×À̹ö °Ë»ö - res://C:\Program Files\NHN\NaverToolbar\Nav
O8 - Extra context menu item: ³×À̹ö »çÀü °Ë»ö - res://C:\Program Files\NHN\NaverToolbar\Nav
O8 - Extra context menu item: ³×À̹ö ÀÏÇÑ ¹ø¿ª - res://C:\Program Files\NHN\NaverToolbar\Nav
O9 - Extra button: ¸®¼Ä¡ - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O15 - Trusted Zone: http://*.allthegate.com
O15 - Trusted Zone: http://*.auction.co.kr
O15 - Trusted Zone: http://*.ddm.com
O15 - Trusted Zone: http://*.ddmclub.co.kr
O15 - Trusted Zone: http://*.kcp.co.kr
O15 - Trusted Zone: http://*.telec.co.kr
O15 - Trusted Zone: http://*.vpay.co.kr
O15 - Trusted Zone: http://*.yessign.or.kr
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8
O16 - DPF: {08AC405D-A4A0-448B-8AAF-9
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {18771CED-CFBF-48CD-A673-C
O16 - DPF: {1DE9BB01-B121-401D-8877-B
O16 - DPF: {2A8C9C77-DA27-4D81-BBC9-8
O16 - DPF: {39FC0CF9-86F3-4502-B773-D
O16 - DPF: {6066F243-425A-4AD8-A2AE-6
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {6531D99C-0D0E-4293-B3CB-A
O16 - DPF: {7E9FDB80-5316-11D4-B02C-0
O16 - DPF: {8C99859C-05D9-4CA5-B7DB-B
O16 - DPF: {938527D1-CDB7-4147-998A-B
O16 - DPF: {9675ABBF-8D0B-4956-868C-9
O16 - DPF: {9BDBC41E-C335-4263-83C0-E
O16 - DPF: {9CDD57AC-CA86-464C-B920-3
O16 - DPF: {ADBB74A2-C368-4C58-B065-0
O16 - DPF: {C16EE000-B9F5-42FF-8ABA-A
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2
O16 - DPF: {E7D2B321-435E-4037-BCCB-6
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-9
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2ev
O23 - Service: codecsnd13 - Unknown owner - c:\Program Files\Codec Pack\v13\codecsnd.exe
O23 - Service: dliesvcs - Unknown owner - C:\WINDOWS\system32\dliesv
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
O23 - Service: Pml Driver OEM12 - HP - C:\WINDOWS\system32\OEMipm
++++++++++++++++++
Please let me know if you see anything suspicious.
thx
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.