Please check this out

Start by running updated versions of ad-aware and Spybot S&D.  Remove all that ad-aware finds and all the red items that Spybot S&D identifies.  Links to both are below my signature.  Post another log when you are through.

I did what you said but my com still has the same problem.

I hate netspry.com  I hate the chinese guy on the web page.

I posted my new log What should I do? 

 

 

Logfile of HijackThis v1.97.7
Scan saved at ?? 2:32:45, on 2004-02-28
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\EasyWinCleaner2002\SpeedDown.exe
C:\Program Files\ADSPider\ADSpider.exe
C:\Program Files\Virus Chaser\Vcrmon.exe
C:\Program Files\npserver\nprotect.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\Virus Chaser\SpiderNT.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\PDBox25.exe
C:\Documents and Settings\Owner\Desktop\??\PDBox25_02.exe
C:\Documents and Settings\Owner\Desktop\??\PDBox25_03.exe
C:\WINDOWS\System32\conime.exe
C:\Documents and Settings\Owner\My Documents\virus\hijack\HijackThis.exe

O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09F93072-DE5E-4B5A-B347-F80FD7CB7309} - C:\WINDOWS\System32\webmailhook.dll
O2 - BHO: WinPage Blocker - {12DF6E3E-6272-4AE8-880B-2158D60791C0} - C:\Program Files\Homepage\WinPage.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HncUpdate] C:\HNC\HncUpdate.exe /A
O4 - HKLM\..\Run: [DownAcc] C:\Program Files\EasyWinCleaner2002\SpeedDown.exe
O4 - HKLM\..\Run: [ADSpider] C:\Program Files\ADSPider\ADSpider.exe /start
O4 - HKLM\..\Run: [Vcrmon] C:\Program Files\Virus Chaser\Vcrmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [nProtect] C:\Program Files\npserver\nprotect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [EasyChk] C:\Program Files\EasyWinCleaner2002\easywincleaner.exe /start
O4 - HKCU\..\Run: [Vcrmon] C:\Program Files\Virus Chaser\Vcrmon.exe
O4 - Startup: Windows Update ?? ??.lnk = C:\Documents and Settings\Owner\My Documents\ie6sp1kor\ie6setup.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: ??? ??iN ?? - res://C:\Program Files\NHN\NaverJump\NaverJump_1_5_1_5.dll /KBIN.HTML
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://pds.hanafos.com
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {0499F9C6-0692-11D6-BF6B-0000E87FCA1A} (HomeWaSeeVC15 Control) - http://wasee.hompy.com/HomeWaSeeVC15.CAB
O16 - DPF: {05717986-A8C7-11D7-A03D-00104BCD089B} (W3IP Control) - http://www.w3ip.com/W3ip.cab
O16 - DPF: {0CE1EA86-D322-11D7-A9D8-00104B1C8CEF} (Ctrl_online Control) - http://hompy.dreamwiz.com/BIN/ocx/_online.cab
O16 - DPF: {124250DD-E2CC-4B5B-AE7E-C9AC8A11DF43} (StreamNote2 Control) - http://lecture1.sdu.ac.kr/sdu_content_htm/2003/2

/032031/s00423/08/1/StreamNote2.cab
O16 - DPF: {14B0C13D-497B-4E6A-8E39-596CD9434F30} (sayclub & Hangok music Control) - http://dl.sayclub.com/sayclub/noraeting/saywiz.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {16B21577-3ABA-49AA-96F9-811B7BCFA9CA} (Dialpad KR VegaLoader Class) - http://www.dialpad.co.kr/dialpadweb/phone/helper.cab
O16 - DPF: {1CF034F9-79AC-427B-9A51-9B909EC3CF85} (WebMSN_IEObj Class) - http://blogimgs.naver.com/msg/Webmsn_comp_1_0_0_6.CAB
O16 - DPF: {1D8FC897-331B-4F61-B3DB-98C40205697C} (ENJOYON Control) - http://www.enjoylife.co.kr/onclub/ENJOYON.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {226906C8-B910-11D3-82A3-0000F81A655B} (Mbayactx Control) - http://vs.messagebay.co.kr/mbay/code/mbayactx.cab
O16 - DPF: {27BCC3E9-D724-493B-A79E-C2E12C03407A} (CfClient Class) - http://www.iloveschool.co.kr/cfcli.cab
O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol.com/down/SimFileControl.cab
O16 - DPF: {2A226D26-9DF3-11D4-8A10-0010B540E6AE} (Vim Control) - http://www.dialpad.co.kr/dialpadweb/VimMpeg.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - https://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {2ED18548-033C-4ADE-A17F-3A1E07396A6B} (IceCastPlayer Control) - http://ad.mukulcast.com/cast/IceCastPlayerX.cab
O16 - DPF: {2F0692E0-771E-41EE-8CC2-4A8D8CCA357F} (Checker Control) - http://connect5.skylove.com/connect/checker.cab
O16 - DPF: {3283DF90-1733-4A79-B1F5-2D05A8E4D448} (HanGamePlugin15 Class) - http://down.hangame.com/dist/activex/HanGamePlugin15.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {450E1410-102D-429B-8716-3F30D6C56502} (iWalletSg Class) - http://www.commerce-pay.com/pg2/include/iWalletSingle.cab
O16 - DPF: {4BC4C3E9-2BBB-4F28-A449-D25CD323109B} (HGAgentClient Control) - http://www.hangame.com/bar/HGAgentClient.cab
O16 - DPF: {4EEA9D91-8F19-45A2-9D24-6E462F3F3C5D} (FileSizeCheck Control) - http://cafe1.godpeople.com/webexec/FileSizeCheck.cab
O16 - DPF: {516867FD-3E25-4FF5-B3B2-F0EA71874BAC} (Csay Control) - http://screenchat.skylove.com/screenclient/csaycert.cab
O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/touch.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0971f4205802bec06800/netzip/RdxIE601_ko.cab
O16 - DPF: {575594D5-8974-4AFE-9919-8FE4AA687DEF} (Nhnplayer Control) - http://chatwww.hangame.com/nhnplayerx.cab
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_9.CAB
O16 - DPF: {672FD177-B140-4DCC-8614-926660D85292} - http://iscu.dis.sholink.co.kr/sholink/iscu/ISCPSASW.cab
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://signup3.hanafos.com/initech/plugin/axINIplugin40.cab
O16 - DPF: {706425BA-67B3-4CCF-8CB4-90203A680B5B} (ActiveTutor Player Control) - http://streamserver1.khcu.ac.kr/lecture/ocx/ATPlayer.cab
O16 - DPF: {784B0583-ABC1-4D3B-9564-357AA32D007C} - http://cdn.naver.com/naver/tms/dy/turbois9.cab
O16 - DPF: {7A43F370-05A1-40E3-8C2F-FF83D0768D46} (dmcco Class) - http://cafefiles2.hanmail.net/dmcc.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - http://download.softforum.co.kr/XecureObject/xw50_install.cab
O16 - DPF: {83A92C4E-194A-496E-A51C-DCB5BF76DCA4} (cts3 control) - http://cts.tv/cts3.cab
O16 - DPF: {87F26D80-28D1-4093-8450-052B6D2DAAAE} (afteru Control) - http://www.afteru.co.kr/afteruX.cab
O16 - DPF: {91853CB8-8253-4E53-BDBB-C6C43D51950E} (AudioTuning Class) - http://www.dialpad.co.kr/dialpadweb/phone/vscp.cab
O16 - DPF: {96C4B2FF-44D6-4BFA-8C91-0A1D1FD797AD} (pianohometotal Control) - http://www.ipianohome.co.kr/activex/pianohometotal.cab
O16 - DPF: {97154128-DC4C-4D5B-AF7C-CA7356238EC9} (Hanmail FileUpload Control) - http://wwl53.daum.net/hanmail-ax/HM_fileupload.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myfirewall/myfirewall20.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37892.2364814815
O16 - DPF: {A3781279-F81D-48F0-B5DC-3624DE663453} - http://www.onnuritv.com/ActiveX/onnuritv.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (session Class) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {B43E46E9-66EB-4C94-B33A-D5B522939E80} (HanChatControl Control) - http://chatwww.hangame.com/HanChatControl.CAB
O16 - DPF: {B81CB889-C7A7-4CF0-B34F-54B3F94BCAD9} (OpenBIRD pcBrowser Control) - http://www.ezdrive.net/ezdrive/pcbrowser/pcBrowser_v1.cab
O16 - DPF: {BE068095-EEF1-485C-AA1B-288860ACFAED} (INIwallet00 Control) - http://plugin.inicis.com/INIwallet00.cab
O16 - DPF: {C370EB53-3DBB-4213-9678-11D7DBAF2D85} (CoxSet2 Control) - http://www.upiece.co.kr/piece/plugin/coxset2.cab
O16 - DPF: {C553F632-DC31-46B9-BA51-4E8E6C4FA1DB} - http://jukeon.dl.sayclub.co.kr/jukeon/RNJUKEON.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://so.bugs.co.kr/SetGlb.cab
O16 - DPF: {CFE2D072-FA47-464C-BD03-46F24AB8D0AF} (AceAgent Control) - http://www.kcu.or.kr/UpDate/AceAgent.cab
O16 - DPF: {D0E2D4C6-F65D-4967-A22C-BB0C6245A631} (HanafosDN Control) - http://bin.hanafos.com/HanafosDN/new2/HanafosDN.cab
O16 - DPF: {D161093F-2DD6-4F80-BA7E-6097407E356C} (wampRe Class) - http://dl.sayclub.com/saycast/Refresher_sc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.com/ocx/Touch.cab
O16 - DPF: {D9701E87-A34D-11D4-BE29-000102598CE4} (VrUpdate Control) - http://download.hauri.net/Kor/online_up/vrupdate.cab
O16 - DPF: {DF17C1B5-882A-4AF9-9C05-044DD39E79A2} (Banktown MyWallet Control 1.2) - http://mywallet.banktown.com/include/MyWallet.cab
O16 - DPF: {E8E20D57-3D5B-4A2D-B710-252900B66685} (Installer Class) - http://down.haduri.com/chat/HaduriInstaller.cab
O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox25.cab
O16 - DPF: {F1AFBD5B-9B1E-4DC6-B6EA-EBC2427981E2} (PDPDSOCtrl_TC Class) - http://ifamily.kbs.co.kr/common/pdp/PDPDSO_TC.cab
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://banking.nonghyup.com/plugin/client/INISafeWeb50.cab
O16 - DPF: {F256FF53-8057-4F7E-996B-963E27CE5EA1} (PdBox2 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox2.cab
O16 - DPF: {FE3B2990-3E0A-40C4-BC69-B61E5F2776E6} (FreechalOn Class) - http://login.freechal.com/freechalon/FcOnCtl7.cab

Close all windows and have hijackthis fix the following:

O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {09F93072-DE5E-4B5A-B347-F80FD7CB7309} - C:\WINDOWS\System32\webmailhook.dll
O2 - BHO: WinPage Blocker - {12DF6E3E-6272-4AE8-880B-2158D60791C0} - C:\Program Files\Homepage\WinPage.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HncUpdate] C:\HNC\HncUpdate.exe /A
O4 - HKLM\..\Run: [ADSpider] C:\Program Files\ADSPider\ADSpider.exe /start
O4 - Startup: Windows Update ?? ??.lnk = C:\Documents and Settings\Owner\My Documents\ie6sp1kor\ie6setup.exe
O8 - Extra context menu item: ??? ??iN ?? - res://C:\Program Files\NHN\NaverJump\NaverJump_1_5_1_5.dll /KBIN.HTML

O14 - IERESET.INF: START_PAGE_URL=http://pds.hanafos.com

The list below are activex plugins which have been installed during your browsing.  I removed the one's I recognized as being legitimate.  Unless you are sure what each of these are, you should fix them as well.  If they are legitmate and needed they will be reinstalled the next time you visit the site.  The list is too long to research one by one.  In fact this is one of the longest lists I have ever seen.

O16 - DPF: {0499F9C6-0692-11D6-BF6B-0000E87FCA1A} (HomeWaSeeVC15 Control) - http://wasee.hompy.com/HomeWaSeeVC15.CAB
O16 - DPF: {05717986-A8C7-11D7-A03D-00104BCD089B} (W3IP Control) - http://www.w3ip.com/W3ip.cab
O16 - DPF: {0CE1EA86-D322-11D7-A9D8-00104B1C8CEF} (Ctrl_online Control) - http://hompy.dreamwiz.com/BIN/ocx/_online.cab
O16 - DPF: {124250DD-E2CC-4B5B-AE7E-C9AC8A11DF43} (StreamNote2 Control) - http://lecture1.sdu.ac.kr/sdu_content_htm/2003/2
/032031/s00423/08/1/StreamNote2.cab
O16 - DPF: {14B0C13D-497B-4E6A-8E39-596CD9434F30} (sayclub & Hangok music Control) - http://dl.sayclub.com/sayclub/noraeting/saywiz.cab
O16 - DPF: {16B21577-3ABA-49AA-96F9-811B7BCFA9CA} (Dialpad KR VegaLoader Class) - http://www.dialpad.co.kr/dialpadweb/phone/helper.cab
O16 - DPF: {1CF034F9-79AC-427B-9A51-9B909EC3CF85} (WebMSN_IEObj Class) - http://blogimgs.naver.com/msg/Webmsn_comp_1_0_0_6.CAB
O16 - DPF: {1D8FC897-331B-4F61-B3DB-98C40205697C} (ENJOYON Control) - http://www.enjoylife.co.kr/onclub/ENJOYON.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {226906C8-B910-11D3-82A3-0000F81A655B} (Mbayactx Control) - http://vs.messagebay.co.kr/mbay/code/mbayactx.cab
O16 - DPF: {27BCC3E9-D724-493B-A79E-C2E12C03407A} (CfClient Class) - http://www.iloveschool.co.kr/cfcli.cab
O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol.com/down/SimFileControl.cab
O16 - DPF: {2A226D26-9DF3-11D4-8A10-0010B540E6AE} (Vim Control) - http://www.dialpad.co.kr/dialpadweb/VimMpeg.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - https://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {2ED18548-033C-4ADE-A17F-3A1E07396A6B} (IceCastPlayer Control) - http://ad.mukulcast.com/cast/IceCastPlayerX.cab
O16 - DPF: {2F0692E0-771E-41EE-8CC2-4A8D8CCA357F} (Checker Control) - http://connect5.skylove.com/connect/checker.cab
O16 - DPF: {3283DF90-1733-4A79-B1F5-2D05A8E4D448} (HanGamePlugin15 Class) - http://down.hangame.com/dist/activex/HanGamePlugin15.cab
O16 - DPF: {4BC4C3E9-2BBB-4F28-A449-D25CD323109B} (HGAgentClient Control) - http://www.hangame.com/bar/HGAgentClient.cab
O16 - DPF: {4EEA9D91-8F19-45A2-9D24-6E462F3F3C5D} (FileSizeCheck Control) - http://cafe1.godpeople.com/webexec/FileSizeCheck.cab
O16 - DPF: {516867FD-3E25-4FF5-B3B2-F0EA71874BAC} (Csay Control) - http://screenchat.skylove.com/screenclient/csaycert.cab
O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/touch.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0971f4205802bec06800/netzip/RdxIE601_ko.cab
O16 - DPF: {575594D5-8974-4AFE-9919-8FE4AA687DEF} (Nhnplayer Control) - http://chatwww.hangame.com/nhnplayerx.cab
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_9.CAB
O16 - DPF: {672FD177-B140-4DCC-8614-926660D85292} - http://iscu.dis.sholink.co.kr/sholink/iscu/ISCPSASW.cab
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://signup3.hanafos.com/initech/plugin/axINIplugin40.cab
O16 - DPF: {706425BA-67B3-4CCF-8CB4-90203A680B5B} (ActiveTutor Player Control) - http://streamserver1.khcu.ac.kr/lecture/ocx/ATPlayer.cab
O16 - DPF: {784B0583-ABC1-4D3B-9564-357AA32D007C} - http://cdn.naver.com/naver/tms/dy/turbois9.cab
O16 - DPF: {7A43F370-05A1-40E3-8C2F-FF83D0768D46} (dmcco Class) - http://cafefiles2.hanmail.net/dmcc.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - http://download.softforum.co.kr/XecureObject/xw50_install.cab
O16 - DPF: {83A92C4E-194A-496E-A51C-DCB5BF76DCA4} (cts3 control) - http://cts.tv/cts3.cab
O16 - DPF: {87F26D80-28D1-4093-8450-052B6D2DAAAE} (afteru Control) - http://www.afteru.co.kr/afteruX.cab
O16 - DPF: {91853CB8-8253-4E53-BDBB-C6C43D51950E} (AudioTuning Class) - http://www.dialpad.co.kr/dialpadweb/phone/vscp.cab
O16 - DPF: {96C4B2FF-44D6-4BFA-8C91-0A1D1FD797AD} (pianohometotal Control) - http://www.ipianohome.co.kr/activex/pianohometotal.cab
O16 - DPF: {97154128-DC4C-4D5B-AF7C-CA7356238EC9} (Hanmail FileUpload Control) - http://wwl53.daum.net/hanmail-ax/HM_fileupload.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myfirewall/myfirewall20.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37892.2364814815
O16 - DPF: {A3781279-F81D-48F0-B5DC-3624DE663453} - http://www.onnuritv.com/ActiveX/onnuritv.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (session Class) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {B43E46E9-66EB-4C94-B33A-D5B522939E80} (HanChatControl Control) - http://chatwww.hangame.com/HanChatControl.CAB
O16 - DPF: {B81CB889-C7A7-4CF0-B34F-54B3F94BCAD9} (OpenBIRD pcBrowser Control) - http://www.ezdrive.net/ezdrive/pcbrowser/pcBrowser_v1.cab
O16 - DPF: {BE068095-EEF1-485C-AA1B-288860ACFAED} (INIwallet00 Control) - http://plugin.inicis.com/INIwallet00.cab
O16 - DPF: {C370EB53-3DBB-4213-9678-11D7DBAF2D85} (CoxSet2 Control) - http://www.upiece.co.kr/piece/plugin/coxset2.cab
O16 - DPF: {C553F632-DC31-46B9-BA51-4E8E6C4FA1DB} - http://jukeon.dl.sayclub.co.kr/jukeon/RNJUKEON.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://so.bugs.co.kr/SetGlb.cab
O16 - DPF: {CFE2D072-FA47-464C-BD03-46F24AB8D0AF} (AceAgent Control) - http://www.kcu.or.kr/UpDate/AceAgent.cab
O16 - DPF: {D0E2D4C6-F65D-4967-A22C-BB0C6245A631} (HanafosDN Control) - http://bin.hanafos.com/HanafosDN/new2/HanafosDN.cab
O16 - DPF: {D161093F-2DD6-4F80-BA7E-6097407E356C} (wampRe Class) - http://dl.sayclub.com/saycast/Refresher_sc.cab
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.com/ocx/Touch.cab
O16 - DPF: {D9701E87-A34D-11D4-BE29-000102598CE4} (VrUpdate Control) - http://download.hauri.net/Kor/online_up/vrupdate.cab
O16 - DPF: {DF17C1B5-882A-4AF9-9C05-044DD39E79A2} (Banktown MyWallet Control 1.2) - http://mywallet.banktown.com/include/MyWallet.cab
O16 - DPF: {E8E20D57-3D5B-4A2D-B710-252900B66685} (Installer Class) - http://down.haduri.com/chat/HaduriInstaller.cab
O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox25.cab
O16 - DPF: {F1AFBD5B-9B1E-4DC6-B6EA-EBC2427981E2} (PDPDSOCtrl_TC Class) - http://ifamily.kbs.co.kr/common/pdp/PDPDSO_TC.cab
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://banking.nonghyup.com/plugin/client/INISafeWeb50.cab
O16 - DPF: {F256FF53-8057-4F7E-996B-963E27CE5EA1} (PdBox2 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox2.cab
O16 - DPF: {FE3B2990-3E0A-40C4-BC69-B61E5F2776E6} (FreechalOn Class) - http://login.freechal.com/freechalon/FcOnCtl7.cab

Post aonther log when through.

Thank you but I couldn't remove "Netspry.com"

here is the list of my logfile..

Note that I sent you a private message asking for some additional information.

Let's try ad-aware again but follow these instructions:

Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

then......

click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

then.........

go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and "Let windows remove files in use at next reboot"

then...... click "proceed" to save your settings.

Now to scan it´s just to click the "Scan" button.

When scan is finished, mark everything for removal and get rid of it. .(Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

Message Edited by Yellowhammer on 02-28-2004 09:03 PM

Logfile of HijackThis v1.97.7
Scan saved at ?? 8:35:47, on 2004-02-28
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\EasyWinCleaner2002\SpeedDown.exe
C:\Program Files\Virus Chaser\Vcrmon.exe
C:\Program Files\npserver\nprotect.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\Virus Chaser\SpiderNT.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\My Documents\virus\hijack\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DownAcc] C:\Program Files\EasyWinCleaner2002\SpeedDown.exe
O4 - HKLM\..\Run: [Vcrmon] C:\Program Files\Virus Chaser\Vcrmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [nProtect] C:\Program Files\npserver\nprotect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [EasyChk] C:\Program Files\EasyWinCleaner2002\easywincleaner.exe /start
O4 - HKCU\..\Run: [Vcrmon] C:\Program Files\Virus Chaser\Vcrmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)

You are amazing~ I have no problem with Netspry.com

Thank you so much

You are welcome.  I am glad we finally got it.