Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

New.Net

Started by BuzzLightYear , Dec 24 2004 08:21 PM

  • Please log in to reply

#1
BuzzLightYear
Posted 24 December 2004 - 08:21 PM

BuzzLightYear

    Member

  • Member
  • PipPip
  • 29 posts
Here is my highjack Log. I appreciate your help!!! :tazz: I scanned with spybot and found that I have New.Net on my computer.

Logfile of HijackThis v1.98.0
Scan saved at 11:19:08 AM, on 12/25/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\iVasion\WinPoET\WrOS.EXE
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program files\koreandoumi1.0\netpia.exe
C:\Program Files\TurboPlayer\TurboAgent.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\WINNT\system32\ntvdm.exe
D:\My Downloads\Highjack\HijackThis.exe

O1 - Hosts: Usage Information:
O1 - Hosts: Save Changes - Save any changes you make to hosts file
O1 - Hosts: Reset Default - Will Replace any existing Hosts with a Windows Default one, original file doesn't have to exist
O1 - Hosts: Save Log - Will Save the Hosts as a Text file, Good for Posting
O1 - Hosts: _________________________________________________________________
O1 - Hosts: Enable and Disable - Will Swap Hosts Files On the Fly for those that want to use Hosts, and Temporarily Disable it.
O1 - Hosts: _________________________________________________________________
O1 - Hosts: Scan for Hosts - Will Search your Windows Drive for Hosts Files, useful if Hosts is in wrong location or installed to Alternate location by Trojan.
O1 - Hosts: Delete - Does exactly that, Delete and Hosts File Selected in the Listbox.
O1 - Hosts: _________________________________________________________________
O1 - Hosts: By Option^Explicit, [email protected]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BrowserHook Class - {09F93072-DE5E-4B5A-B347-F80FD7CB7309} - C:\WINNT\system32\webmailHook20040917.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NetpiaLite] c:\Program files\koreandoumi1.0\netpia.exe
O4 - HKLM\..\Run: [TurboAgent] C:\Program Files\TurboPlayer\TurboAgent.exe
O4 - HKLM\..\Run: [스파이맵] "C:\Program Files\spymap\spymap.exe" -update
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ¿ⓒ¿iE­ - {B430274F-B58A-4f0d-87FA-C520DB4D3D1A} - http://line1152.ojak.com (file missing)
O9 - Extra 'Tools' menuitem: &¿ⓒ¿iE­ - {B430274F-B58A-4f0d-87FA-C520DB4D3D1A} - http://line1152.ojak.com (file missing)
O15 - Trusted Zone: http://www.pdbox.co.kr
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: WebTycho Chatroom - http://tychousachat1...ts/chatutil.cab
O16 - DPF: {02354DC5-1E5E-401B-8776-C247E94CE1D2} (SQuery Control) - http://web.pagemoa.com/SQuery.cab
O16 - DPF: {0365D95C-5061-42AB-B118-EAA3CB956E8E} (MaPrintModule_BCCard Control) - http://www.bccard.co...dule_BCCard.cab
O16 - DPF: {091CDD73-1401-4643-9B9C-65B091C88685} (MyLinker Control) - http://sbsi.contents...le/MyLinker.cab
O16 - DPF: {0C8FD7EE-7EA8-4F8D-975F-80E0648A79C5} (Spocx Control) - http://spymap.co.kr/...ivex/spinst.cab
O16 - DPF: {12C14EBC-EABE-4919-A33B-D05F762CBC56} (DaumCafeEditor Control) - http://cafefiles2.ha...mCafeEditor.cab
O16 - DPF: {148F17D2-A980-470A-9A49-2C032BF9BCDC} (MarkAny WebSAFER - SBSi) - http://www.sbs.co.kr.../ppv/MAWS05.cab
O16 - DPF: {196300A5-09A2-4C9D-9B67-3A1F5168A025} (DSWC_IEGC Class) - http://www.ktf.co.kr...ndsoft/DSWC.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.co...On/AlwaysOn.CAB
O16 - DPF: {1F702755-E006-4D20-BC35-783021A94E22} (Nshort Control) - http://www.sazuguide.com/sazuguide.cab
O16 - DPF: {1F831FAB-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {254E97C3-922F-4A12-B8E4-7697A8BF8A34} (Nshort Control) - http://www.gunghapun...gunghapunse.cab
O16 - DPF: {2712EB12-3BD3-4003-8113-D23B30FACC62} (P3BugsLoad Class) - http://player.bugs.c...der20040625.cab
O16 - DPF: {27BCC3E9-D724-493B-A79E-C2E12C03407A} (CfClient Class) - http://www.iloveschool.co.kr/cfcli.cab
O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol....ileControl2.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/a...ic_new/nxpm.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2B3CC8B1-EC8B-4BFE-B9ED-3460E383292E} (NetpiaPIOCX Control) - http://63.105.207.15...tpiaPIIPOCX.ocx
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - https://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {2D341EFF-28C0-4810-BC1E-08B67A1575F9} - http://netmarble-dow...InstallBugs.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {345CA9DC-1600-4CD2-BFCF-7B57DD1A32DA} (NeoworkInstall Control) - http://easyinstall.i...workInstall.cab
O16 - DPF: {3DA11B9D-C8BF-4ADE-A180-159399C536D9} (BtShellDgb20Com Class) - http://dgb.banktown....t/BtCxDgb20.cab
O16 - DPF: {4251B46A-4F66-4429-BA03-D96E548B0699} (Nshort Control) - http://www.dallmados.../dallmadosa.cab
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - http://mpi.dacom.net..._XPayMPIOCX.cab
O16 - DPF: {55CE0824-B8F3-4E6A-9797-17FDA555A8E5} (KvpTopd Control) - http://www.vpay.co.kr/KvpTPd.cab
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://support.korne...peedNewCtrl.cab
O16 - DPF: {630B5ED1-D6B0-4D31-8AE2-7687DF72BA9D} (Extream Class) - http://wmpdownload.n...oad/CDNExtX.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {662B4974-EE36-426D-BD11-E75122E6BE18} (EasyPlugX Control) - http://info.anycert.com/c.wtz?i=94
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr...sOggPlay_11.CAB
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://www.mycredit....INIplugin40.cab
O16 - DPF: {6F4863C1-482C-4744-8946-4AEA34DF1A16} (FreechalOn Class) - http://login.freecha...on/FcOnCtl8.cab
O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.seevideo....ace/cvtrace.cab
O16 - DPF: {739446C7-4B2B-45B1-A0D7-03BC177E9123} (FreeBacon.ctlFreeBacon) - http://khants.cafe24...o/FreeBacon.CAB
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday A|¾i) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.soft.../xw_install.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab8/dmcc2.cab
O16 - DPF: {9699ACAA-934A-4156-A73E-76D004A55B8E} (InlivePlayer Control) - http://home.megapass...ge/ShortCut.cab
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis...INIwallet50.cab
O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.c...der20040708.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://kings.cachene...06/kdfense8.cab
O16 - DPF: {A6961817-0A05-412F-BC05-9D84570E2400} (Icon0091 Control) - http://www.bestcode....91/icon0091.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Pmang & SayClub Login Control) - http://dl.sayclub.co...ayctl/sayax.cab
O16 - DPF: {AE56372B-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackor...ate/ilkactx.cab
O16 - DPF: {BC92F07B-05F7-47A9-A216-1BC9F66BA03F} (eGSignPlus Class) - http://member.moneta...egsign_plus.cab
O16 - DPF: {BF22698D-3BED-4CB0-BA3A-64534FBC32B1} (SVWebPlayer Control) - http://www.seevideo....SVWebPlayer.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.c...der20041008.cab
O16 - DPF: {C5493453-7017-485D-8383-41B3679A8FAB} (KCliCom Class) - http://www.conpia.co...onpiaStudio.cab
O16 - DPF: {C838E9DA-1625-4E14-8B37-C6706B43C423} (IBLeaders IBSheet Control) - http://www.bccard.co...eet/IBSheet.CAB
O16 - DPF: {CE1BF8AA-9C9E-4FF2-810A-AE0657F24FFD} (ActiveForm1 Control) - http://plus.dgb.co.kr/down/XICEDEL.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://touch.imbc.com/ocx/SetGlb.cab
O16 - DPF: {CFA57DD9-E2E0-11D7-A2C5-000139026F01} (CombuycomPG.frmCombuycom) - https://www.siren24....CombuycomPG.CAB
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprote...t/daegu/npx.cab
O16 - DPF: {D0E2D4C6-F65D-4967-A22C-BB0C6245A631} (HanafosDN Control) - http://bin.hanafos.c...1/HanafosDN.cab
O16 - DPF: {D40C2C27-C909-497E-A4FF-D46CCB3D9D55} (JoinsX Control) - http://news.joins.co...insShortCut.cab
O16 - DPF: {D837FF65-FE98-44D9-B90A-74E61EB7801B} (SBXPSASW Control) - http://showbox.dis.s...ox/SBXPSASW.cab
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} (CongnamulMap4Asp Control) - http://kr.maps.yahoo...amulMap4Asp.cab
O16 - DPF: {DA4B05A6-83C5-43A3-8DFB-1072C438F05F} (Nshort Control) - http://www.sajuhot.com/sajuhot.cab
O16 - DPF: {DDA887E8-E6E4-4D48-81E4-817DCA66B8FB} (NethardShort Control) - http://icons.com.ne....rt/NetShort.cab
O16 - DPF: {EADBDB84-2341-4AD0-9FAF-4F1F31CF4A46} (LoginForm Class) - http://pointsok.okca...KMPPClient2.cab
O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co....own/PDBox25.cab
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.bccard.co...NISafeWeb50.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F684B4EA-0F0A-4AE3-9C7B-EEB60DA575F8} (MPICtl Class) - http://mpi.dacom.net...ate_XPayMPI.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B934897B-3CDB-41C8-BE7F-7E04A41A27FB}: NameServer = 168.126.63.1 168.126.63.2
O18 - Filter: text/html - {C77F90FA-4E22-4C94-A8B5-80A5B8CE069A} - C:\Documents and Settings\mycom\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat
O20 - AppInit_DLLs: apitrap.dll
  • 0

Advertisements

#2
-=jonnyrotten=-
Posted 24 December 2004 - 09:44 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
First try uninstalling New.net in add/remove programs in Control Panel. Next try this:

Please run a free online virus scan here (tick the "Auto Clean" checkbox): Needs to be run with Internet Explorer.
http://housecall.antivirus.com/

And a free trojan scan here: (you will have to download the 30 day trial of "The Cleaner" here)
http://www.moosoft.com/

Reboot your PC, and post new log.

-=jonnyrotten=- :tazz:
  • 0

#3
BuzzLightYear
Posted 26 December 2004 - 12:30 AM

BuzzLightYear

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Well, I did all of that. Except I couldn't find New.Net in add/remove programs. I found one virus and two trojans with the two scans that you recommended. I was still not able to remove the New.Net. Here is my new Highjack log. :tazz:

Logfile of HijackThis v1.98.0
Scan saved at 3:23:45 PM, on 12/26/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\iVasion\WinPoET\WrOS.EXE
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program files\koreandoumi1.0\netpia.exe
C:\Program Files\TurboPlayer\TurboAgent.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\My Downloads\Highjack\HijackThis.exe

O1 - Hosts: Usage Information:
O1 - Hosts: Save Changes - Save any changes you make to hosts file
O1 - Hosts: Reset Default - Will Replace any existing Hosts with a Windows Default one, original file doesn't have to exist
O1 - Hosts: Save Log - Will Save the Hosts as a Text file, Good for Posting
O1 - Hosts: _________________________________________________________________
O1 - Hosts: Enable and Disable - Will Swap Hosts Files On the Fly for those that want to use Hosts, and Temporarily Disable it.
O1 - Hosts: _________________________________________________________________
O1 - Hosts: Scan for Hosts - Will Search your Windows Drive for Hosts Files, useful if Hosts is in wrong location or installed to Alternate location by Trojan.
O1 - Hosts: Delete - Does exactly that, Delete and Hosts File Selected in the Listbox.
O1 - Hosts: _________________________________________________________________
O1 - Hosts: By Option^Explicit, [email protected]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BrowserHook Class - {09F93072-DE5E-4B5A-B347-F80FD7CB7309} - C:\WINNT\system32\webmailHook20040917.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NetpiaLite] c:\Program files\koreandoumi1.0\netpia.exe
O4 - HKLM\..\Run: [TurboAgent] C:\Program Files\TurboPlayer\TurboAgent.exe
O4 - HKLM\..\Run: [스파이맵] "C:\Program Files\spymap\spymap.exe" -update
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ¿ⓒ¿iE­ - {B430274F-B58A-4f0d-87FA-C520DB4D3D1A} - http://line1152.ojak.com (file missing)
O9 - Extra 'Tools' menuitem: &¿ⓒ¿iE­ - {B430274F-B58A-4f0d-87FA-C520DB4D3D1A} - http://line1152.ojak.com (file missing)
O15 - Trusted Zone: http://www.pdbox.co.kr
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: WebTycho Chatroom - http://tychousachat1...ts/chatutil.cab
O16 - DPF: {02354DC5-1E5E-401B-8776-C247E94CE1D2} (SQuery Control) - http://web.pagemoa.com/SQuery.cab
O16 - DPF: {0365D95C-5061-42AB-B118-EAA3CB956E8E} (MaPrintModule_BCCard Control) - http://www.bccard.co...dule_BCCard.cab
O16 - DPF: {091CDD73-1401-4643-9B9C-65B091C88685} (MyLinker Control) - http://sbsi.contents...le/MyLinker.cab
O16 - DPF: {0C8FD7EE-7EA8-4F8D-975F-80E0648A79C5} (Spocx Control) - http://spymap.co.kr/...ivex/spinst.cab
O16 - DPF: {12C14EBC-EABE-4919-A33B-D05F762CBC56} (DaumCafeEditor Control) - http://cafefiles2.ha...mCafeEditor.cab
O16 - DPF: {148F17D2-A980-470A-9A49-2C032BF9BCDC} (MarkAny WebSAFER - SBSi) - http://www.sbs.co.kr.../ppv/MAWS05.cab
O16 - DPF: {196300A5-09A2-4C9D-9B67-3A1F5168A025} (DSWC_IEGC Class) - http://www.ktf.co.kr...ndsoft/DSWC.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.co...On/AlwaysOn.CAB
O16 - DPF: {1F702755-E006-4D20-BC35-783021A94E22} (Nshort Control) - http://www.sazuguide.com/sazuguide.cab
O16 - DPF: {1F831FAB-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {254E97C3-922F-4A12-B8E4-7697A8BF8A34} (Nshort Control) - http://www.gunghapun...gunghapunse.cab
O16 - DPF: {2712EB12-3BD3-4003-8113-D23B30FACC62} (P3BugsLoad Class) - http://player.bugs.c...der20040625.cab
O16 - DPF: {27BCC3E9-D724-493B-A79E-C2E12C03407A} (CfClient Class) - http://www.iloveschool.co.kr/cfcli.cab
O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol....ileControl2.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/a...ic_new/nxpm.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2B3CC8B1-EC8B-4BFE-B9ED-3460E383292E} (NetpiaPIOCX Control) - http://63.105.207.15...tpiaPIIPOCX.ocx
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - https://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {2D341EFF-28C0-4810-BC1E-08B67A1575F9} - http://netmarble-dow...InstallBugs.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {345CA9DC-1600-4CD2-BFCF-7B57DD1A32DA} (NeoworkInstall Control) - http://easyinstall.i...workInstall.cab
O16 - DPF: {3DA11B9D-C8BF-4ADE-A180-159399C536D9} (BtShellDgb20Com Class) - http://dgb.banktown....t/BtCxDgb20.cab
O16 - DPF: {4251B46A-4F66-4429-BA03-D96E548B0699} (Nshort Control) - http://www.dallmados.../dallmadosa.cab
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - http://mpi.dacom.net..._XPayMPIOCX.cab
O16 - DPF: {55CE0824-B8F3-4E6A-9797-17FDA555A8E5} (KvpTopd Control) - http://www.vpay.co.kr/KvpTPd.cab
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://support.korne...peedNewCtrl.cab
O16 - DPF: {630B5ED1-D6B0-4D31-8AE2-7687DF72BA9D} (Extream Class) - http://wmpdownload.n...oad/CDNExtX.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {662B4974-EE36-426D-BD11-E75122E6BE18} (EasyPlugX Control) - http://info.anycert.com/c.wtz?i=94
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr...sOggPlay_11.CAB
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://www.mycredit....INIplugin40.cab
O16 - DPF: {6F4863C1-482C-4744-8946-4AEA34DF1A16} (FreechalOn Class) - http://login.freecha...on/FcOnCtl8.cab
O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.seevideo....ace/cvtrace.cab
O16 - DPF: {739446C7-4B2B-45B1-A0D7-03BC177E9123} (FreeBacon.ctlFreeBacon) - http://khants.cafe24...o/FreeBacon.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday A|¾i) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.soft.../xw_install.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab8/dmcc2.cab
O16 - DPF: {9699ACAA-934A-4156-A73E-76D004A55B8E} (InlivePlayer Control) - http://home.megapass...ge/ShortCut.cab
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis...INIwallet50.cab
O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.c...der20040708.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://kings.cachene...06/kdfense8.cab
O16 - DPF: {A6961817-0A05-412F-BC05-9D84570E2400} (Icon0091 Control) - http://www.bestcode....91/icon0091.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Pmang & SayClub Login Control) - http://dl.sayclub.co...ayctl/sayax.cab
O16 - DPF: {AE56372B-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackor...ate/ilkactx.cab
O16 - DPF: {BC92F07B-05F7-47A9-A216-1BC9F66BA03F} (eGSignPlus Class) - http://member.moneta...egsign_plus.cab
O16 - DPF: {BF22698D-3BED-4CB0-BA3A-64534FBC32B1} (SVWebPlayer Control) - http://www.seevideo....SVWebPlayer.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.c...der20041008.cab
O16 - DPF: {C5493453-7017-485D-8383-41B3679A8FAB} (KCliCom Class) - http://www.conpia.co...onpiaStudio.cab
O16 - DPF: {C838E9DA-1625-4E14-8B37-C6706B43C423} (IBLeaders IBSheet Control) - http://www.bccard.co...eet/IBSheet.CAB
O16 - DPF: {CE1BF8AA-9C9E-4FF2-810A-AE0657F24FFD} (ActiveForm1 Control) - http://plus.dgb.co.kr/down/XICEDEL.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://touch.imbc.com/ocx/SetGlb.cab
O16 - DPF: {CFA57DD9-E2E0-11D7-A2C5-000139026F01} (CombuycomPG.frmCombuycom) - https://www.siren24....CombuycomPG.CAB
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprote...t/daegu/npx.cab
O16 - DPF: {D0E2D4C6-F65D-4967-A22C-BB0C6245A631} (HanafosDN Control) - http://bin.hanafos.c...1/HanafosDN.cab
O16 - DPF: {D40C2C27-C909-497E-A4FF-D46CCB3D9D55} (JoinsX Control) - http://news.joins.co...insShortCut.cab
O16 - DPF: {D837FF65-FE98-44D9-B90A-74E61EB7801B} (SBXPSASW Control) - http://showbox.dis.s...ox/SBXPSASW.cab
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} (CongnamulMap4Asp Control) - http://kr.maps.yahoo...amulMap4Asp.cab
O16 - DPF: {DA4B05A6-83C5-43A3-8DFB-1072C438F05F} (Nshort Control) - http://www.sajuhot.com/sajuhot.cab
O16 - DPF: {DDA887E8-E6E4-4D48-81E4-817DCA66B8FB} (NethardShort Control) - http://icons.com.ne....rt/NetShort.cab
O16 - DPF: {EADBDB84-2341-4AD0-9FAF-4F1F31CF4A46} (LoginForm Class) - http://pointsok.okca...KMPPClient2.cab
O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co....own/PDBox25.cab
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.bccard.co...NISafeWeb50.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F684B4EA-0F0A-4AE3-9C7B-EEB60DA575F8} (MPICtl Class) - http://mpi.dacom.net...ate_XPayMPI.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B934897B-3CDB-41C8-BE7F-7E04A41A27FB}: NameServer = 168.126.63.1 168.126.63.2
O18 - Filter: text/html - {C77F90FA-4E22-4C94-A8B5-80A5B8CE069A} - C:\Documents and Settings\mycom\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat
O20 - AppInit_DLLs: apitrap.dll
  • 0

#4
-=jonnyrotten=-
Posted 26 December 2004 - 05:26 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
You may wish to print out a copy of these instructions to follow while you complete this procedure.
Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

O2 - BHO: BrowserHook Class - {09F93072-DE5E-4B5A-B347-F80FD7CB7309} - C:\WINNT\system32\webmailHook20040917.dll
O4 - HKLM\..\Run: [스파이맵] "C:\Program Files\spymap\spymap.exe" -update

O4 - HKCU\..\Run: [internat.exe] internat.exe <<<look to see if this file is located in C:\windows\system32 if it is then leave this entry.

O9 - Extra button: ¿ⓒ¿iE­ - {B430274F-B58A-4f0d-87FA-C520DB4D3D1A} - http://line1152.ojak.com (file missing)
O9 - Extra 'Tools' menuitem: &¿ⓒ¿iE­ - {B430274F-B58A-4f0d-87FA-C520DB4D3D1A} - http://line1152.ojak.com (file missing)
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: WebTycho Chatroom - http://tychousachat1...ts/chatutil.cab
O16 - DPF: {02354DC5-1E5E-401B-8776-C247E94CE1D2} (SQuery Control) - http://web.pagemoa.com/SQuery.cab
O16 - DPF: {0365D95C-5061-42AB-B118-EAA3CB956E8E} (MaPrintModule_BCCard Control) - http://www.bccard.co...dule_BCCard.cab
O16 - DPF: {091CDD73-1401-4643-9B9C-65B091C88685} (MyLinker Control) - http://sbsi.contents...le/MyLinker.cab
O16 - DPF: {0C8FD7EE-7EA8-4F8D-975F-80E0648A79C5} (Spocx Control) - http://spymap.co.kr/...ivex/spinst.cab
O16 - DPF: {12C14EBC-EABE-4919-A33B-D05F762CBC56} (DaumCafeEditor Control) - http://cafefiles2.ha...mCafeEditor.cab
O16 - DPF: {148F17D2-A980-470A-9A49-2C032BF9BCDC} (MarkAny WebSAFER - SBSi) - http://www.sbs.co.kr.../ppv/MAWS05.cab
O16 - DPF: {196300A5-09A2-4C9D-9B67-3A1F5168A025} (DSWC_IEGC Class) - http://www.ktf.co.kr...ndsoft/DSWC.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.co...On/AlwaysOn.CAB
O16 - DPF: {1F702755-E006-4D20-BC35-783021A94E22} (Nshort Control) - http://www.sazuguide.com/sazuguide.cab
O16 - DPF: {1F831FAB-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {254E97C3-922F-4A12-B8E4-7697A8BF8A34} (Nshort Control) - http://www.gunghapun...gunghapunse.cab
O16 - DPF: {2712EB12-3BD3-4003-8113-D23B30FACC62} (P3BugsLoad Class) - http://player.bugs.c...der20040625.cab
O16 - DPF: {27BCC3E9-D724-493B-A79E-C2E12C03407A} (CfClient Class) - http://www.iloveschool.co.kr/cfcli.cab
O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol....ileControl2.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/a...ic_new/nxpm.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2B3CC8B1-EC8B-4BFE-B9ED-3460E383292E} (NetpiaPIOCX Control) - http://63.105.207.15...tpiaPIIPOCX.ocx
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - https://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {2D341EFF-28C0-4810-BC1E-08B67A1575F9} - http://netmarble-dow...InstallBugs.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {345CA9DC-1600-4CD2-BFCF-7B57DD1A32DA} (NeoworkInstall Control) - http://easyinstall.i...workInstall.cab
O16 - DPF: {3DA11B9D-C8BF-4ADE-A180-159399C536D9} (BtShellDgb20Com Class) - http://dgb.banktown....t/BtCxDgb20.cab
O16 - DPF: {4251B46A-4F66-4429-BA03-D96E548B0699} (Nshort Control) - http://www.dallmados.../dallmadosa.cab
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - http://mpi.dacom.net..._XPayMPIOCX.cab
O16 - DPF: {55CE0824-B8F3-4E6A-9797-17FDA555A8E5} (KvpTopd Control) - http://www.vpay.co.kr/KvpTPd.cab
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://support.korne...peedNewCtrl.cab
O16 - DPF: {630B5ED1-D6B0-4D31-8AE2-7687DF72BA9D} (Extream Class) - http://wmpdownload.n...oad/CDNExtX.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {662B4974-EE36-426D-BD11-E75122E6BE18} (EasyPlugX Control) - http://info.anycert.com/c.wtz?i=94
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr...sOggPlay_11.CAB
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://www.mycredit....INIplugin40.cab
O16 - DPF: {6F4863C1-482C-4744-8946-4AEA34DF1A16} (FreechalOn Class) - http://login.freecha...on/FcOnCtl8.cab
O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.seevideo....ace/cvtrace.cab
O16 - DPF: {739446C7-4B2B-45B1-A0D7-03BC177E9123} (FreeBacon.ctlFreeBacon) - http://khants.cafe24...o/FreeBacon.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday A|¾i) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.soft.../xw_install.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab8/dmcc2.cab
O16 - DPF: {9699ACAA-934A-4156-A73E-76D004A55B8E} (InlivePlayer Control) - http://home.megapass...ge/ShortCut.cab
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis...INIwallet50.cab
O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.c...der20040708.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://kings.cachene...06/kdfense8.cab
O16 - DPF: {A6961817-0A05-412F-BC05-9D84570E2400} (Icon0091 Control) - http://www.bestcode....91/icon0091.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Pmang & SayClub Login Control) - http://dl.sayclub.co...ayctl/sayax.cab
O16 - DPF: {AE56372B-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackor...ate/ilkactx.cab
O16 - DPF: {BC92F07B-05F7-47A9-A216-1BC9F66BA03F} (eGSignPlus Class) - http://member.moneta...egsign_plus.cab
O16 - DPF: {BF22698D-3BED-4CB0-BA3A-64534FBC32B1} (SVWebPlayer Control) - http://www.seevideo....SVWebPlayer.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.c...der20041008.cab
O16 - DPF: {C5493453-7017-485D-8383-41B3679A8FAB} (KCliCom Class) - http://www.conpia.co...onpiaStudio.cab
O16 - DPF: {C838E9DA-1625-4E14-8B37-C6706B43C423} (IBLeaders IBSheet Control) - http://www.bccard.co...eet/IBSheet.CAB
O16 - DPF: {CE1BF8AA-9C9E-4FF2-810A-AE0657F24FFD} (ActiveForm1 Control) - http://plus.dgb.co.kr/down/XICEDEL.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://touch.imbc.com/ocx/SetGlb.cab
O16 - DPF: {CFA57DD9-E2E0-11D7-A2C5-000139026F01} (CombuycomPG.frmCombuycom) - https://www.siren24....CombuycomPG.CAB
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprote...t/daegu/npx.cab
O16 - DPF: {D0E2D4C6-F65D-4967-A22C-BB0C6245A631} (HanafosDN Control) - http://bin.hanafos.c...1/HanafosDN.cab
O16 - DPF: {D40C2C27-C909-497E-A4FF-D46CCB3D9D55} (JoinsX Control) - http://news.joins.co...insShortCut.cab
O16 - DPF: {D837FF65-FE98-44D9-B90A-74E61EB7801B} (SBXPSASW Control) - http://showbox.dis.s...ox/SBXPSASW.cab
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} (CongnamulMap4Asp Control) - http://kr.maps.yahoo...amulMap4Asp.cab
O16 - DPF: {DA4B05A6-83C5-43A3-8DFB-1072C438F05F} (Nshort Control) - http://www.sajuhot.com/sajuhot.cab
O16 - DPF: {DDA887E8-E6E4-4D48-81E4-817DCA66B8FB} (NethardShort Control) - http://icons.com.ne....rt/NetShort.cab
O16 - DPF: {EADBDB84-2341-4AD0-9FAF-4F1F31CF4A46} (LoginForm Class) - http://pointsok.okca...KMPPClient2.cab
O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co....own/PDBox25.cab
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.bccard.co...NISafeWeb50.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F684B4EA-0F0A-4AE3-9C7B-EEB60DA575F8} (MPICtl Class) - http://mpi.dacom.net...ate_XPayMPI.cab

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):

C:\WINNT\system32\webmailHook20040917.dll

Also try following instructions found here:

http://www.newdotnet.com/

Reboot normally and post new log. Include any new information pertaining to your system.

-=jonnyrotten=- :tazz:
  • 0

#5
BuzzLightYear
Posted 27 December 2004 - 07:43 PM

BuzzLightYear

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I did everything. I tried everything twice. But still I have New.net showing up on spybot. I ran adaware, I deleted all that stuff. But it won't go away.

Please help... :tazz:

Logfile of HijackThis v1.98.0
Scan saved at 10:45:03 AM, on 12/28/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\iVasion\WinPoET\WrOS.EXE
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program files\koreandoumi1.0\netpia.exe
C:\Program Files\TurboPlayer\TurboAgent.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\My Downloads\Highjack\HijackThis.exe

O1 - Hosts: Usage Information:
O1 - Hosts: Save Changes - Save any changes you make to hosts file
O1 - Hosts: Reset Default - Will Replace any existing Hosts with a Windows Default one, original file doesn't have to exist
O1 - Hosts: Save Log - Will Save the Hosts as a Text file, Good for Posting
O1 - Hosts: _________________________________________________________________
O1 - Hosts: Enable and Disable - Will Swap Hosts Files On the Fly for those that want to use Hosts, and Temporarily Disable it.
O1 - Hosts: _________________________________________________________________
O1 - Hosts: Scan for Hosts - Will Search your Windows Drive for Hosts Files, useful if Hosts is in wrong location or installed to Alternate location by Trojan.
O1 - Hosts: Delete - Does exactly that, Delete and Hosts File Selected in the Listbox.
O1 - Hosts: _________________________________________________________________
O1 - Hosts: By Option^Explicit, [email protected]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BrowserHook Class - {09F93072-DE5E-4B5A-B347-F80FD7CB7309} - c:\Program files\koreandoumi1.0\webmailHook.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NetpiaLite] c:\Program files\koreandoumi1.0\netpia.exe
O4 - HKLM\..\Run: [TurboAgent] C:\Program Files\TurboPlayer\TurboAgent.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: http://www.pdbox.co.kr
O17 - HKLM\System\CCS\Services\Tcpip\..\{B934897B-3CDB-41C8-BE7F-7E04A41A27FB}: NameServer = 168.126.63.1 168.126.63.2
O18 - Filter: text/html - {C77F90FA-4E22-4C94-A8B5-80A5B8CE069A} - C:\Documents and Settings\mycom\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat
O20 - AppInit_DLLs: apitrap.dll
  • 0

#6
-=jonnyrotten=-
Posted 28 December 2004 - 12:04 AM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Reboot into safe mode and remove the following entries with Hijack This:

O2 - BHO: BrowserHook Class - {09F93072-DE5E-4B5A-B347-F80FD7CB7309} - c:\Program files\koreandoumi1.0\webmailHook.dll
O4 - HKLM\..\Run: [NetpiaLite] c:\Program files\koreandoumi1.0\netpia.exe
O15 - Trusted Zone: http://www.pdbox.co.kr
O18 - Filter: text/html - {C77F90FA-4E22-4C94-A8B5-80A5B8CE069A} - C:\Documents and Settings\mycom\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat

Delete the following files found in bold:

c:\Program files\koreandoumi1.0
C:\Documents and Settings\mycom\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat

Also scan with spybot and adaware while in safe mode.

Reboot normally and post new log.

-=jonnyrotten=- :tazz:
  • 0

#7
BuzzLightYear
Posted 03 January 2005 - 07:06 PM

BuzzLightYear

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
It still didn't come off. So what I did was look at the directory that showed on spybot. It was in the registry. So I went into the registry and deleted the new.net key and restarted and new.net didn't show up again. I think the problem is solved. Thanks for all your help.


Logfile of HijackThis v1.98.0
Scan saved at 10:07:38 AM, on 1/4/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\iVasion\WinPoET\WrOS.EXE
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\TurboPlayer\TurboAgent.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
D:\My Downloads\Highjack\HijackThis.exe

O1 - Hosts: Usage Information:
O1 - Hosts: Save Changes - Save any changes you make to hosts file
O1 - Hosts: Reset Default - Will Replace any existing Hosts with a Windows Default one, original file doesn't have to exist
O1 - Hosts: Save Log - Will Save the Hosts as a Text file, Good for Posting
O1 - Hosts: _________________________________________________________________
O1 - Hosts: Enable and Disable - Will Swap Hosts Files On the Fly for those that want to use Hosts, and Temporarily Disable it.
O1 - Hosts: _________________________________________________________________
O1 - Hosts: Scan for Hosts - Will Search your Windows Drive for Hosts Files, useful if Hosts is in wrong location or installed to Alternate location by Trojan.
O1 - Hosts: Delete - Does exactly that, Delete and Hosts File Selected in the Listbox.
O1 - Hosts: _________________________________________________________________
O1 - Hosts: By Option^Explicit, [email protected]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TurboAgent] C:\Program Files\TurboPlayer\TurboAgent.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: http://www.pdbox.co.kr
O20 - AppInit_DLLs: apitrap.dll
  • 0

#8
BuzzLightYear
Posted 03 January 2005 - 07:09 PM

BuzzLightYear

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
On a side note: I see the arcade is back up!!! I'll see you in there!!!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP