TheTechGuide Forum

General Category => Tech Clinic => Topic started by: mylasthope on April 09, 2005, 06:37:06 PM

Title: Unwanted pop-ups T_T
Post by: mylasthope on April 09, 2005, 06:37:06 PM

Recently I've been getting weird pop-ups from IE when I use Firefox and my computer seems to crash quite often, any help would be much appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 4:32:32 PM, on 4/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/googlesidesearch.html (http://\"http://www.begin2search.com/googlesidesearch.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp (http://\"http://channels.aimtoday.com/search/aimtoolbar.jsp\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp (http://\"http://aimhome.netscape.com/aimhome.adp\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab\")
O16 - DPF: {01F1772C-2F45-41F0-B318-2C10EF6522BB} (WebExplorer2 Control) - http://love.yu.ac.kr/InternetDisk/web/WebExplorer.cab (http://\"http://love.yu.ac.kr/InternetDisk/web/WebExplorer.cab\")
O16 - DPF: {06228E75-DEB1-11D3-B702-00001CD5DA14} (AxINIplugin20 Control) - http://rsvweb.flyasiana.com/initech/plugin/axINIplugin20.cab (http://\"http://rsvweb.flyasiana.com/initech/plugin/axINIplugin20.cab\")
O16 - DPF: {091CDD73-1401-4643-9B9C-65B091C88685} - http://cab.terebi.co.kr:8080/MyLinker.cab (http://\"http://cab.terebi.co.kr:8080/MyLinker.cab\")
O16 - DPF: {0C4A9D28-66B5-4A70-B915-B6AEA5112472} (Icon02 Control) - http://yupki-house.com/enjoy.cab (http://\"http://yupki-house.com/enjoy.cab\")
O16 - DPF: {14B0C13D-497B-4E6A-8E39-596CD9434F30} (sayclub & Hangok music Control) - http://dl.sayclub.com/sayclub/noraeting/saywiz.cab (http://\"http://dl.sayclub.com/sayclub/noraeting/saywiz.cab\")
O16 - DPF: {1C5499CB-3412-42B3-8BC5-A40C5096CF2E} (SearchPlaceMainModule Class) - http://www.live10tv.biz/ChangeModule.cab (http://\"http://www.live10tv.biz/ChangeModule.cab\")
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab (http://\"http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab\")
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - http://www.vpay.co.kr/KVPplugin01.cab (http://\"http://www.vpay.co.kr/KVPplugin01.cab\")
O16 - DPF: {2ED18548-033C-4ADE-A17F-3A1E07396A6B} (IceCastPlayer Control) - http://www.ice.pe.kr/IceCastPlayerX.cab (http://\"http://www.ice.pe.kr/IceCastPlayerX.cab\")
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab\")
O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F6} (MBox Control) - http://kr.music.yahoo.com/m_box/component/MBox.cab (http://\"http://kr.music.yahoo.com/m_box/component/MBox.cab\")
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab (http://\"http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab\")
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {453996D3-16FA-4DEC-87B7-D2C643FCEE56} (WebCtrl Class) - http://mm.sayclub.com/jukeon/upgrade/P3Cube/p3einsvod.cab (http://\"http://mm.sayclub.com/jukeon/upgrade/P3Cube/p3einsvod.cab\")
O16 - DPF: {4A4A66FE-9EEF-4B6A-8613-188E5379D0E3} (Msppifc Control) - http://yahotv.com/msppifc.CAB (http://\"http://yahotv.com/msppifc.CAB\")
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/14631281fcfacf767e19/...RdxIE601_ko.cab (http://\"http://207.188.7.150/14631281fcfacf767e19/netzip/RdxIE601_ko.cab\")
O16 - DPF: {62A859F8-F4A0-4C53-A02C-FE43199815C4} (PopdeskLauncher Class) - http://appupdate.popdesk.co.kr/files/downl...eskLauncher.cab (http://\"http://appupdate.popdesk.co.kr/files/download/PopdeskLauncher.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093926378968 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093926378968\")
O16 - DPF: {64D76536-0173-4873-AEC4-FF0A70DE3781} - http://tjap.bugsmusic.co.kr/setupfile/bugsplay_115.cab (http://\"http://tjap.bugsmusic.co.kr/setupfile/bugsplay_115.cab\")
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} - http://so.bugs.co.kr/BugsOggPlay_11.CAB (http://\"http://so.bugs.co.kr/BugsOggPlay_11.CAB\")
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/register/wowbeta/si.cab (http://\"http://www.blizzard.com/register/wowbeta/si.cab\")
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx (http://\"http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx\")
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://www.cjmall.com/initech/plugin/axINIplugin40.cab (http://\"http://www.cjmall.com/initech/plugin/axINIplugin40.cab\")
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.116/code/PWActiveXImgCtl.CAB (http://\"http://216.249.25.116/code/PWActiveXImgCtl.CAB\")
O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.seevideo.co.kr/pub/cvideox/trace/cvtrace.cab (http://\"http://www.seevideo.co.kr/pub/cvideox/trace/cvtrace.cab\")
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2e52972...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2e529727a6ef04/housecall.antivirus.com/housecall/xscan53.cab\")
O16 - DPF: {76247B71-343A-48C8-BC7E-8F32676D3FFB} - http://koreatender.dis.sholink.co.kr/sholi...er/KRTPSASW.cab (http://\"http://koreatender.dis.sholink.co.kr/sholink/koreatender/KRTPSASW.cab\")
O16 - DPF: {7C65E65F-5ACA-409E-9D44-79AD833919F8} - http://download.softforum.co.kr/XecureExpr...xei_install.cab (http://\"http://download.softforum.co.kr/XecureExpressI/xei_install.cab\")
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab (http://\"http://chat.yahoo.com/cab/yacsui.cab\")
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - http://www.samsungcard.co.kr/XecureDemo/Xe...w50_install.cab (http://\"http://www.samsungcard.co.kr/XecureDemo/XecureObject/xw50_install.cab\")
O16 - DPF: {88231634-38FB-41FA-8249-A3A54416C437} (IPop Control) - http://221.139.0.43:8080/IPop.cab (http://\"http://221.139.0.43:8080/IPop.cab\")
O16 - DPF: {8C478082-E5D8-4D17-A1A0-3EE4746EE22C} (????.lnk) - http://partnership.yagames.net/m_pc/partnerregister.cab (http://\"http://partnership.yagames.net/m_pc/partnerregister.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab\")
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab (http://\"http://www.installengine.com/engine/isetup.cab\")
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab8/dmcc2.cab (http://\"http://cafeimg.hanmail.net/cab8/dmcc2.cab\")
O16 - DPF: {9C23D13E-E310-4E25-A8FC-D704B833BB57} (PrCtl Control) - http://dl.sayclub.com/sayclub/sayctl/PrCtl.cab (http://\"http://dl.sayclub.com/sayclub/sayctl/PrCtl.cab\")
O16 - DPF: {A0D72D13-7114-46C4-9C75-26DD29BFADA8} (INI3dPI00 Control) - http://plugin.inicis.com/INImpi/INI3DPI00.cab (http://\"http://plugin.inicis.com/INImpi/INI3DPI00.cab\")
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (session Class) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab (http://\"http://dl.sayclub.com/sayclub/sayctl/sayax.cab\")
O16 - DPF: {AD66F420-3AB3-43EE-B1E7-304D21084009} (view_card Class) - http://cdn.lettee.com/ecard/play_card/letteecard.cab (http://\"http://cdn.lettee.com/ecard/play_card/letteecard.cab\")
O16 - DPF: {BB86B550-9B1A-4666-824C-E78F0CD0CC4C} - http://yupki-house.com/make.cab (http://\"http://yupki-house.com/make.cab\")
O16 - DPF: {BF22698D-3BED-4CB0-BA3A-64534FBC32B1} (SVWebPlayer Control) - http://www.seevideo.co.kr/pub/seevideo2002/SVWebPlayer.cab (http://\"http://www.seevideo.co.kr/pub/seevideo2002/SVWebPlayer.cab\")
O16 - DPF: {C19A422E-37E6-4044-86C5-92BD5E92B7B7} (PopLiveLauncher Class) - http://appupdate.popdesk.co.kr/files/poplive/PopLive.cab (http://\"http://appupdate.popdesk.co.kr/files/poplive/PopLive.cab\")
O16 - DPF: {C320CD4A-7977-4FD2-BBB7-9E6CC61837C5} (INIwallet01 Control) - https://plugin.inicis.com/INIwallet01.cab (http://\"https://plugin.inicis.com/INIwallet01.cab\")
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.multicastmedia.com/common/m...MINIBrowser.CAB (http://\"http://viewers.multicastmedia.com/common/mbrowser/MINIBrowser.CAB\")
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab (http://\"http://www.live365.com/players/play365.cab\")
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://tjap.bugsmusic.co.kr/setupfile/SetGlb.cab (http://\"http://tjap.bugsmusic.co.kr/setupfile/SetGlb.cab\")
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/samsungcard/npx.cab (http://\"http://update.nprotect.net/nprotect/samsungcard/npx.cab\")
O16 - DPF: {EA764D5F-8548-4608-A8BD-80F4AEBEB0C7} (NavvyMain Class) - http://navvy.net/navvy.cab (http://\"http://navvy.net/navvy.cab\")
O16 - DPF: {EBB9A178-05D2-4DBD-A255-45B9A7EC9F7E} (IdiskLauncher Control) - http://oasis.yu.ac.kr/app/IdiskUpdate.cab (http://\"http://oasis.yu.ac.kr/app/IdiskUpdate.cab\")
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab (http://\"http://messenger.zone.msn.com/binary/SolitaireShowdown.cab\")
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Title: Unwanted pop-ups T_T
Post by: guestolo on April 10, 2005, 01:39:39 AM

Create a fresh restore point so we have something to fall back on, just in case we must restore your computer
Start>>All Programs>>Accessories>>System Tools>>System Restore
Create a New Restore point
Name it and click Create

Next: Download and UNZIP to desktop
Begin.zip
So you now have Begin.reg on the desktop
[attachment=127:attachment]

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/googlesidesearch.html (http://\"http://www.begin2search.com/googlesidesearch.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp (http://\"http://channels.aimtoday.com/search/aimtoolbar.jsp\")

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O16 - DPF: {091CDD73-1401-4643-9B9C-65B091C88685} - http://cab.terebi.co.kr:8080/MyLinker.cab (http://\"http://cab.terebi.co.kr:8080/MyLinker.cab\")
O16 - DPF: {0C4A9D28-66B5-4A70-B915-B6AEA5112472} (Icon02 Control) - http://yupki-house.com/enjoy.cab (http://\"http://yupki-house.com/enjoy.cab\")
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/14631281fcfacf767e19/...RdxIE601_ko.cab (http://\"http://207.188.7.150/14631281fcfacf767e19/...RdxIE601_ko.cab\")
O16 - DPF: {88231634-38FB-41FA-8249-A3A54416C437} (IPop Control) - http://221.139.0.43:8080/IPop.cab (http://\"http://221.139.0.43:8080/IPop.cab\")
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/samsungcard/npx.cab (http://\"http://update.nprotect.net/nprotect/samsungcard/npx.cab\")
O16 - DPF: {EA764D5F-8548-4608-A8BD-80F4AEBEB0C7} (NavvyMain Class) - http://navvy.net/navvy.cab (http://\"http://navvy.net/navvy.cab\")

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Double click on begin.reg and allow to merge to the registry

Restart your computer

Back in Windows

Find and delete this file if it exists
C:\WINDOWS\dlmax.dll
and this folder
C:\Program Files\AWS <-folder

Download and Install the free version of Ad-Aware SE Personal 1.05 (http://\"http://www.lavasoftusa.com/support/download/\")
Ensure you have this version or the paid version
Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
Perform a Full system scan
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer to finish the cleaning process

Post back a fresh Hijackthis log afterwards

Title: Unwanted pop-ups T_T
Post by: mylasthope on April 10, 2005, 12:02:30 PM

Thanks a lot for the help. Couldn't find the AWS folder.

Logfile of HijackThis v1.99.1
Scan saved at 10:00:17 AM, on 4/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp (http://\"http://aimhome.netscape.com/aimhome.adp\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Progra
m Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab\")
O16 - DPF: {01F1772C-2F45-41F0-B318-2C10EF6522BB} (WebExplorer2 Control) - http://love.yu.ac.kr/InternetDisk/web/WebExplorer.cab (http://\"http://love.yu.ac.kr/InternetDisk/web/WebExplorer.cab\")
O16 - DPF: {06228E75-DEB1-11D3-B702-00001CD5DA14} (AxINIplugin20 Control) - http://rsvweb.flyasiana.com/initech/plugin/axINIplugin20.cab (http://\"http://rsvweb.flyasiana.com/initech/plugin/axINIplugin20.cab\")
O16 - DPF: {14B0C13D-497B-4E6A-8E39-596CD9434F30} (sayclub & Hangok music Control) - http://dl.sayclub.com/sayclub/noraeting/saywiz.cab (http://\"http://dl.sayclub.com/sayclub/noraeting/saywiz.cab\")
O16 - DPF: {1C5499CB-3412-42B3-8BC5-A40C5096CF2E} (SearchPlaceMainModule Class) - http://www.live10tv.biz/ChangeModule.cab (http://\"http://www.live10tv.biz/ChangeModule.cab\")
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab (http://\"http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab\")
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - http://www.vpay.co.kr/KVPplugin01.cab (http://\"http://www.vpay.co.kr/KVPplugin01.cab\")
O16 - DPF: {2ED18548-033C-4ADE-A17F-3A1E07396A6B} (IceCastPlayer Control) - http://www.ice.pe.kr/IceCastPlayerX.cab (http://\"http://www.ice.pe.kr/IceCastPlayerX.cab\")
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab\")
O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F6} (MBox Control) - http://kr.music.yahoo.com/m_box/component/MBox.cab (http://\"http://kr.music.yahoo.com/m_box/component/MBox.cab\")
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab (http://\"http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab\")
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {453996D3-16FA-4DEC-87B7-D2C643FCEE56} (WebCtrl Class) - http://mm.sayclub.com/jukeon/upgrade/P3Cube/p3einsvod.cab (http://\"http://mm.sayclub.com/jukeon/upgrade/P3Cube/p3einsvod.cab\")
O16 - DPF: {4A4A66FE-9EEF-4B6A-8613-188E5379D0E3} (Msppifc Control) - http://yahotv.com/msppifc.CAB (http://\"http://yahotv.com/msppifc.CAB\")
O16 - DPF: {62A859F8-F4A0-4C53-A02C-FE43199815C4} (PopdeskLauncher Class) - http://appupdate.popdesk.co.kr/files/downl...eskLauncher.cab (http://\"http://appupdate.popdesk.co.kr/files/download/PopdeskLauncher.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093926378968 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093926378968\")
O16 - DPF: {64D76536-0173-4873-AEC4-FF0A70DE3781} - http://tjap.bugsmusic.co.kr/setupfile/bugsplay_115.cab (http://\"http://tjap.bugsmusic.co.kr/setupfile/bugsplay_115.cab\")
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} - http://so.bugs.co.kr/BugsOggPlay_11.CAB (http://\"http://so.bugs.co.kr/BugsOggPlay_11.CAB\")
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/register/wowbeta/si.cab (http://\"http://www.blizzard.com/register/wowbeta/si.cab\")
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx (http://\"http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx\")
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://www.cjmall.com/initech/plugin/axINIplugin40.cab (http://\"http://www.cjmall.com/initech/plugin/axINIplugin40.cab\")
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.116/code/PWActiveXImgCtl.CAB (http://\"http://216.249.25.116/code/PWActiveXImgCtl.CAB\")
O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.seevideo.co.kr/pub/cvideox/trace/cvtrace.cab (http://\"http://www.seevideo.co.kr/pub/cvideox/trace/cvtrace.cab\")
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2e52972...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2e529727a6ef04/housecall.antivirus.com/housecall/xscan53.cab\")
O16 - DPF: {76247B71-343A-48C8-BC7E-8F32676D3FFB} - http://koreatender.dis.sholink.co.kr/sholi...er/KRTPSASW.cab (http://\"http://koreatender.dis.sholink.co.kr/sholink/koreatender/KRTPSASW.cab\")
O16 - DPF: {7C65E65F-5ACA-409E-9D44-79AD833919F8} - http://download.softforum.co.kr/XecureExpr...xei_install.cab (http://\"http://download.softforum.co.kr/XecureExpressI/xei_install.cab\")
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab (http://\"http://chat.yahoo.com/cab/yacsui.cab\")
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - http://www.samsungcard.co.kr/XecureDemo/Xe...w50_install.cab (http://\"http://www.samsungcard.co.kr/XecureDemo/XecureObject/xw50_install.cab\")
O16 - DPF: {8C478082-E5D8-4D17-A1A0-3EE4746EE22C} (????.lnk) - http://partnership.yagames.net/m_pc/partnerregister.cab (http://\"http://partnership.yagames.net/m_pc/partnerregister.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab\")
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab (http://\"http://www.installengine.com/engine/isetup.cab\")
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab8/dmcc2.cab (http://\"http://cafeimg.hanmail.net/cab8/dmcc2.cab\")
O16 - DPF: {9C23D13E-E310-4E25-A8FC-D704B833BB57} (PrCtl Control) - http://dl.sayclub.com/sayclub/sayctl/PrCtl.cab (http://\"http://dl.sayclub.com/sayclub/sayctl/PrCtl.cab\")
O16 - DPF: {A0D72D13-7114-46C4-9C75-26DD29BFADA8} (INI3dPI00 Control) - http://plugin.inicis.com/INImpi/INI3DPI00.cab (http://\"http://plugin.inicis.com/INImpi/INI3DPI00.cab\")
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (session Class) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab (http://\"http://dl.sayclub.com/sayclub/sayctl/sayax.cab\")
O16 - DPF: {AD66F420-3AB3-43EE-B1E7-304D21084009} (view_card Class) - http://cdn.lettee.com/ecard/play_card/letteecard.cab (http://\"http://cdn.lettee.com/ecard/play_card/letteecard.cab\")
O16 - DPF: {BB86B550-9B1A-4666-824C-E78F0CD0CC4C} - http://yupki-house.com/make.cab (http://\"http://yupki-house.com/make.cab\")
O16 - DPF: {BF22698D-3BED-4CB0-BA3A-64534FBC32B1} (SVWebPlayer Control) - http://www.seevideo.co.kr/pub/seevideo2002/SVWebPlayer.cab (http://\"http://www.seevideo.co.kr/pub/seevideo2002/SVWebPlayer.cab\")
O16 - DPF: {C19A422E-37E6-4044-86C5-92BD5E92B7B7} (PopLiveLauncher Class) - http://appupdate.popdesk.co.kr/files/poplive/PopLive.cab (http://\"http://appupdate.popdesk.co.kr/files/poplive/PopLive.cab\")
O16 - DPF: {C320CD4A-7977-4FD2-BBB7-9E6CC61837C5} (INIwallet01 Control) - https://plugin.inicis.com/INIwallet01.cab (http://\"https://plugin.inicis.com/INIwallet01.cab\")
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.multicastmedia.com/common/m...MINIBrowser.CAB (http://\"http://viewers.multicastmedia.com/common/mbrowser/MINIBrowser.CAB\")
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab (http://\"http://www.live365.com/players/play365.cab\")
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://tjap.bugsmusic.co.kr/setupfile/SetGlb.cab (http://\"http://tjap.bugsmusic.co.kr/setupfile/SetGlb.cab\")
O16 - DPF: {EBB9A178-05D2-4DBD-A255-45B9A7EC9F7E} (IdiskLauncher Control) - http://oasis.yu.ac.kr/app/IdiskUpdate.cab (http://\"http://oasis.yu.ac.kr/app/IdiskUpdate.cab\")
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab (http://\"http://messenger.zone.msn.com/binary/SolitaireShowdown.cab\")
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Title: Unwanted pop-ups T_T
Post by: guestolo on April 10, 2005, 12:49:10 PM

Your log looks good, how's everything?

Just a Note
In Hijackthis, the 016 entries of the log are indicating ActiveX controls installed on the machine
You have a few I don't recognize
Eg....
O16 - DPF: {BB86B550-9B1A-4666-824C-E78F0CD0CC4C} - http://yupki-house.com/make.cab (http://\"http://yupki-house.com/make.cab\")

Most are legitimate, if not all
As you can see, as an example
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2e52972...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2e52972...all/xscan53.cab\")
That one is related too Trend Micro's Housecall online virus scan
So I know it's safe

Any that you don't recognize, could you please have hijackthis fix them
with all other windows closed and then restart your computer
The good thing about ActiveX controls, they will be reinstalled if needed
You can also fix this entry too
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

If everything is running better

You should disable system restore---restart your computer--enable system restore
This will clear all your restore points and ensure you don't restore any nasties
Once reenabled it will create a fresh restore point
How to Disable and Re-enable System Restore feature (http://\"http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm\")

Once back in Windows and System Restore is reenabled

You should set up protection against future attacks

SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial (http://\"http://www.bleepingcomputer.com/forums/index.php?showtutorial=53\")
Download link (http://\"https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD\")

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply enable all protection