We help IT Professionals succeed at work.

Analyzing log file

dkim18
dkim18 asked
on
1,023 Views
Last Modified: 2008-01-09
Hi Experts,

my friends computer is acting up since after installing a program according to her. So, she tried to uninstall, but from the add/remove program section, but he got something like executable file corrupted error message.

Here is the log file by using the following link:

http://www.download.com/HijackThis/3000-8022_4-10379544.html

++++++++++++
Logfile of HijackThis v1.99.1
Scan saved at ¿ÀÀü 2:49:03, on 2007-10-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\System32\Ati2evxx.exe
c:\Program Files\Codec Pack\v13\codecsnd.exe
c:\Program Files\Adapte\bin\v13\cdrv13.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FASOOD~1\fph.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\booster.exe
C:\Program Files\Adapte\bin\v13\cdrv13.exe
C:\WINDOWS\system32\2048\dconcnfg.exe
C:\WINDOWS\Wsync.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\DOWNLO~1\CONFLICT.3\mysprun.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\rhfh.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\PExtService\ppext.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\musafir\Local Settings\Temp\Temporary Internet Files\Content.IE5\8TIJ6ZCD\hijackthis[1]\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebDC - {4AAA2F98-2D2F-4938-AFB1-3EC1B51C41D9} - C:\Program Files\Fasoo DRM\f_webdc.dll
O2 - BHO: Windows IExplorer7 - {6CD1CD02-5DC1-4117-AF32-87B26783B5F0} - C:\WINDOWS\system32\scro.dll
O2 - BHO: ppext - {CE52C857-01EB-4FA2-996E-52C8D6879632} - C:\PROGRA~1\PEXTSE~1\ppext.dll
O2 - BHO: BHOster Class - {F64C2181-0062-4ED8-B6B0-72BB47BA711C} - C:\Program Files\IBS\Boos.dll
O3 - Toolbar: ³×À̹ö Åø¹Ù(&N) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\NHN\NaverToolbar\NaverTB_0_1_20.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ibooster - {ECC9289B-F12B-4495-9F43-DD5117016035} - C:\Program Files\ibooster\iboosterbar.dll
O3 - Toolbar: iBooster - {911B96F6-B36E-4862-AA9A-AA410E540089} - C:\Program Files\IBS\CBooster.dll
O4 - HKLM\..\Run: [SpeedUp] "C:\WINDOWS\DOWNLO~1\CONFLICT.3\SpeedUp2.exe"
O4 - HKLM\..\Run: [Dr.Fasoo] "C:\Program Files\Fasoo DRM\f_drscan.exe"
O4 - HKLM\..\Run: [FPH Exe] "C:\PROGRA~1\FASOOD~1\fph.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Opti_Regi] C:\Program Files\Opti_Regi\Opti_Regi.exe b
O4 - HKLM\..\Run: [ILJPL] C:\WINDOWS\booster.exe
O4 - HKLM\..\Run: [mfree] C:\Program Files\Internet Explorer\PLUGINS\mfree.exe
O4 - HKLM\..\Run: [cdrv13] c:\Program Files\Adapte\bin\v13\cdrv13.exe
O4 - HKLM\..\Run: [hpctl13] c:\Program Files\Common Files\LGT\Engine\v13\hpctl13.exe
O4 - HKLM\..\Run: [UIOE] C:\WINDOWS\system32\Ukum\Uspss.exe
O4 - HKLM\..\Run: [SRIL] C:\WINDOWS\system32\2048\dconcnfg.exe
O4 - HKLM\..\Run: [booSync] C:\WINDOWS\Wsync.exe
O4 - HKLM\..\Run: [windefend] C:\Program Files\windefend.exe
O4 - HKLM\..\Run: [XProtect] C:\Program Files\Common Files\Microsoft Shared\MSInfo\XProtect.exe
O4 - HKLM\..\Run: [AntiSpyware SpyxPro] C:\Program Files\SpyxPro\spsvc.exe /run
O4 - HKLM\..\Run: [PPService] c:\program files\pextservice\ppextup.exe start
O4 - HKLM\..\Run: [NProtects] C:\Windows\Config\NProtects.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [KWSGuide] C:\Program Files\KWSSolution\KWSGuide.exe
O4 - HKCU\..\Run: [rhfh] c:\rhfh.exe
O4 - HKCU\..\Run: [Ahnup] C:\Program Files\Internet Explorer\SIGNUP\Ahnup.exe
O8 - Extra context menu item: Microsoft Excel·Î ³»º¸³»±â(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ³×À̹ö °Ë»ö - res://C:\Program Files\NHN\NaverToolbar\NaverTB_0_1_20.dll /SEARCH.HTML
O8 - Extra context menu item: ³×À̹ö »çÀü °Ë»ö - res://C:\Program Files\NHN\NaverToolbar\NaverTB_0_1_20.dll /DIC.HTML
O8 - Extra context menu item: ³×À̹ö ÀÏÇÑ ¹ø¿ª - res://C:\Program Files\NHN\NaverToolbar\NaverTB_0_1_20.dll /JKTRANS.HTML
O9 - Extra button: ¸®¼­Ä¡ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.allthegate.com
O15 - Trusted Zone: http://*.auction.co.kr
O15 - Trusted Zone: http://*.ddm.com
O15 - Trusted Zone: http://*.ddmclub.co.kr
O15 - Trusted Zone: http://*.kcp.co.kr
O15 - Trusted Zone: http://*.telec.co.kr
O15 - Trusted Zone: http://*.vpay.co.kr
O15 - Trusted Zone: http://*.yessign.or.kr
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg7.cyworld.com/ImageUpload/CyImageUpload_10217.cab
O16 - DPF: {08AC405D-A4A0-448B-8AAF-9D2903CC4A51} (EmpasSM Control) - http://download.empas.com/rel/note/x1_0_7_3/empassm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {18771CED-CFBF-48CD-A673-C36327B48A6C} (Recorder2.UCRecorder) - http://academy.winglish.com/academy/recorders/recorder2/Recorder2.CAB
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.cgntv.net/ActiveX/AlwaysOn.CAB
O16 - DPF: {2A8C9C77-DA27-4D81-BBC9-873A892CEE38} (CHZERO REMOTE CTRL) - http://www.chzero.com/urimap/urimap_activex/OCX/IMAPOCX_WEB/IMAPOCX_WEB.CAB
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - https://acs2.hanabank.com/visa3d/SCObject/scsk4.cab
O16 - DPF: {6066F243-425A-4AD8-A2AE-6BD1DE56FAEE} (PCID Class) - http://webclinic.ahnlab.com/webcomponent/speedup_plus/plugin/speedup.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123484748101
O16 - DPF: {6531D99C-0D0E-4293-B3CB-A3E1D0D41847} (AhnASP Control) - http://ahnlabdownload.nefficient.co.kr/asp/cab/AhnASP.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Published/XecureWeb/v7.0.9.2/xw_install.cab
O16 - DPF: {8C99859C-05D9-4CA5-B7DB-BCE80E4185BC} (AGSWallet Control) - http://www.allthegate.com/plugin/AGSWallet.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab
O16 - DPF: {9675ABBF-8D0B-4956-868C-934B5A7928D4} - https://acs1.lottecard.co.kr/visa3d/kdfense/npv.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://webclinic.ahnlab.com/webcomponent/speedup_plus/plugin/speedup.cab
O16 - DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} (NaverFileControl Control) - http://file.naver.com/down/NaverFile.cab
O16 - DPF: {ADBB74A2-C368-4C58-B065-0BA3247019D1} (JwEditor Pro for HMC groupware system) - http://autoway.hmc.co.kr/AutowayDotNet_Hmc/Base/OCX/JwEditorPro_HMCGW.cab
O16 - DPF: {C16EE000-B9F5-42FF-8ABA-A87D38264B42} (JwUpdown2_Unicode for HMC) - http://autoway.hmc.co.kr/AutowayDotNet_Hmc/Base/OCX/JwUpdown2Uni_HMCGW.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://update.nprotect.net/keycrypt/police/npkcx.cab
O16 - DPF: {E7D2B321-435E-4037-BCCB-6694459B1DBE} (Mfile File Share Control7) - http://mfile.co.kr/mmsv/MfileWebControl2.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: codecsnd13 - Unknown owner - c:\Program Files\Codec Pack\v13\codecsnd.exe
O23 - Service: dliesvcs - Unknown owner - C:\WINDOWS\system32\dliesvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver OEM12 - HP - C:\WINDOWS\system32\OEMipm12.exe

++++++++++++++++++

Please let me know if you see anything suspicious.

thx
Comment
Watch Question

CERTIFIED EXPERT
Expert of the Year 2004
Top Expert 2004
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Adam LeinssSystems Administrator
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT
Top Expert 2007
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.