Spyware alert problems (HJT logfile included) - Page 2

PeepShow · 10-Dec-2006, 04:06 AM **#16**

H K U \ S - 1 - 5 - 2 1 - 2 8 6 1 4 1 2 2 1 7 - 2 2 2 9 3 3 2 1 4 4 - 4 3 7 5 5 5 4 9 4 - 1 0 0 5 \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ E x t \ S t a t s \ { F 9 A E 8 7 A 0 - 8 4 4 A - 0 4 E 0 - 8 2 F C - A B A 9 A 8 B C B B 0 7 } - > A d w a r e . C o o l W e b S e a r c h : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

H K U \ S - 1 - 5 - 2 1 - 2 8 6 1 4 1 2 2 1 7 - 2 2 2 9 3 3 2 1 4 4 - 4 3 7 5 5 5 4 9 4 - 1 0 0 5 \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ E x t \ S t a t s \ { F C A D 8 D F 8 - B 2 9 4 - 7 2 D E - A 4 A 9 - 6 C 6 9 B 0 E E 4 1 6 4 } - > A d w a r e . C o o l W e b S e a r c h : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ s y s t e m 3 2 \ c l c i . e x e - > A d w a r e . C W S : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 4 7 \ A 0 1 4 5 0 3 1 . d l l - > A d w a r e . D u d u : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ s y s t e m 3 2 \ p C a s t C t l . d l l - > A d w a r e . D u d u : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ a d m p a r s e k . d l l - > A d w a r e . E a s y E r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ s y s t e m 3 2 \ a d m p a r s e k . d l l - > A d w a r e . E a s y E r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 9 4 \ A 0 1 5 2 2 8 6 . e x e - > A d w a r e . M a x i f i l e s : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 9 5 \ A 0 1 5 2 3 9 4 . e x e - > A d w a r e . M a x i f i l e s : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 9 7 \ A 0 1 5 2 5 0 2 . e x e - > A d w a r e . M a x i f i l e s : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 9 7 \ A 0 1 5 2 5 4 7 . e x e - > A d w a r e . M a x i f i l e s : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ C o m m o n F i l e s \ R e a l \ W e a t h e r B u g \ M i n i B u g T r a n s p o r t e r . d l l - > A d w a r e . M i n i b u g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ N e w D o t N e t - > A d w a r e . N e w D o t N e t : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ N e w D o t N e t \ n e w d o t n e t 6 _ 3 8 . d l l - > A d w a r e . N e w D o t N e t : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ N e w D o t N e t \ r e a d m e . h t m l - > A d w a r e . N e w D o t N e t : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ N e w D o t N e t \ u n i n s t a l l 6 _ 3 8 . e x e - > A d w a r e . N e w D o t N e t : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ N D N u n i n s t a l l 6 _ 3 8 . e x e - > A d w a r e . N e w D o t N e t : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ V i r u s - B u r s t e r s - > A d w a r e . V i r u s B u r s t e r s : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ V i r u s - B u r s t e r s \ V i r u s - B u r s t e r s . e x e - > A d w a r e . V i r u s B u r s t e r s : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ v g r a p h . d l l - > A d w a r e . W e b d i r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

H K L M \ S O F T W A R E \ C l a s s e s \ C L S I D \ { 1 2 3 5 5 F 3 E - 9 0 C 3 - 4 1 A A - 8 7 0 5 - 1 5 9 6 9 A F 7 F 2 1 0 } - > A d w a r e . W e b d i r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ t t s . e x e - > B a c k d o o r . B i f r o s e . d : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ ! K i l l B o x \ c l c . e x e - > D o w n l o a d e r . A g e n t . a p b : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 5 0 1 \ A 0 1 5 3 3 7 2 . e x e - > D o w n l o a d e r . A g e n t . a p b : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 3 7 \ A 0 1 4 0 5 2 9 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 3 8 \ A 0 1 4 0 5 8 8 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 4 0 \ A 0 1 4 0 6 7 8 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 4 2 \ A 0 1 4 0 8 2 1 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 4 3 \ A 0 1 4 4 6 8 9 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 4 4 \ A 0 1 4 4 9 4 5 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 4 5 \ A 0 1 4 4 9 6 1 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 4 6 \ A 0 1 4 5 0 2 0 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 4 7 \ A 0 1 4 5 0 5 6 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 4 8 \ A 0 1 4 5 0 8 8 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 5 5 \ A 0 1 4 5 3 6 8 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 5 6 \ A 0 1 4 5 3 8 0 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 5 7 \ A 0 1 4 5 5 6 7 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 5 7 \ A 0 1 4 5 6 0 2 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 5 8 \ A 0 1 4 5 6 6 5 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 6 0 \ A 0 1 4 5 8 0 4 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 6 3 \ A 0 1 4 5 9 3 9 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 6 9 \ A 0 1 4 6 0 6 1 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 7 0 \ A 0 1 4 6 1 7 2 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 7 1 \ A 0 1 4 6 2 2 1 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 7 2 \ A 0 1 4 6 2 7 5 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 7 5 \ A 0 1 4 7 8 3 5 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 7 7 \ A 0 1 4 7 9 5 0 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 7 9 \ A 0 1 4 8 0 6 1 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 8 0 \ A 0 1 4 8 1 0 8 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 8 1 \ A 0 1 4 8 1 2 4 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 8 2 \ A 0 1 4 8 2 1 1 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 8 4 \ A 0 1 5 1 2 7 9 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 8 7 \ A 0 1 5 1 3 9 1 . p r x : a u b r i x - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 8 9 \ A 0 1 5 1 5 8 4 . o l d : o n t y v y - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 4 9 1 \ A 0 1 5 2 0 3 4 . p r x : a u b r i x - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 5 0 1 \ A 0 1 5 3 1 5 9 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 3 0 1 7 E 7 A F - D E 9 F - 4 A D 2 - B 0 3 4 - A E F 2 F F D 6 3 6 1 6 } \ R P 5 0 1 \ A 0 1 5 3 2 1 6 . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ H j i m e s v . i n i : b a w q p r - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ H j i m e s v . i n i : q c x o u n - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ K B 8 7 3 3 3 9 . l o g : g x f e e p - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ K B 8 8 4 5 7 5 . l o g : q h k f v s - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ K B 8 8 4 5 7 5 . l o g : z e l n v b - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ K B 8 8 7 7 4 2 . l o g : c r r g t c - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ K B 8 8 8 3 0 2 . l o g : j n q a q o - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ K B 8 9 0 1 7 5 . l o g : m q x w m s - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ K B 8 9 0 1 7 5 . l o g : r k v m k b - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ K B 8 9 6 4 2 4 . l o g : z y r u j t - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ K B 8 9 8 4 6 1 . l o g : q v p y j r - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ K B 9 0 1 0 1 7 . l o g : n n y q c p - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ K B 9 0 1 0 1 7 . l o g : u h g c f n - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ K B 9 0 5 7 4 9 . l o g : y q e m q o - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ K B 9 0 5 9 1 5 . l o g : u s l d n g - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ K B 9 0 5 9 1 5 . l o g : z m o h f x - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ K B 9 1 0 4 3 7 . l o g : n l w e b - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ N e r o D i g i t a l . i n i : w j i r p q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ S c h e d L g U . T x t : i c g u j - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ W i n d o w s U p d a t e . l o g : y j w w f r - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ a p i o m . d l l . b a k - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ a p p m t 3 2 . d l l . b a k - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ c h i p s e t . l o g : z b l h t y - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ c m s e t a c l . l o g : b f p x k u - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ c m s e t a c l . l o g : y a c t r c - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ d e s k t o p . i n i : c u j x f y - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ e x p l o r e r . s c f : r h z d q k - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ j a v a c i . d l l . b a k - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ m s d f m a p . i n i : m h d k q l - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ m s g s o c m . l o g : b y m e b w - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ m s w f 3 2 . d l l . b a k - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ o c g e n . l o g : n o y o z b - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ s e t u p a c t . l o g : m m r f s q - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ s e t u p l o g . t x t : x q s r z v - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ s m s c f g . i n i : m j p o b e - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ s m s c f g . i n i : q u c h c l - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ s t u b 8 5 . i n i : y e s u n p - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ s y s t e m 3 2 \ a p i q c . d l l . b a k - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ s y s t e m 3 2 \ a p p g y . d l l . b a k - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ s y s t e m 3 2 \ i e c z . d l l . b a k - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ s y s t e m 3 2 \ i e d c 3 2 . d l l . b a k - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ s y s t e m 3 2 \ i e p d . d l l . b a k - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ s y s t e m 3 2 \ s d k v w . d l l . b a k - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W i n d o w s \ s y s t e m 3 2 \ s y s a d . d l l . b a k - > D o w n l o a d e r . A g e n t . b c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

PeepShow · 05:04 AM

Sorry JSntgRvr, I just realised this could take all day, the AVG anti spyware is a long long list, I've posted just the beginning of the report so far. Let me try to attach them as flies here.

PeepShow · 10-Dec-2006, 05:00 AM **#18**

This is the first part of the AVG Anti Virus report.

PeepShow · 10-Dec-2006, 05:01 AM **#19**

This is part 2.

PeepShow · 10-Dec-2006, 05:04 AM **#20**

This is the final part of the AVG report. Thanks for your time.

**JSntgRvr** · 10-Dec-2006, 03:42 PM **#21**

Hi, PeepShow

Backup your reistry again with ERUNT.

Download the enclosed file. Save and extract its contents to the desktop (Overwrite the existing one). It is a folder containing a Registry Entries file, Regfix.reg . Once extracted, open the folder and double click on the Regfix.reg file and select Yes when prompted to merge it into the registry.

Please double-click Killbox.exe to run it.
Select:
- Delete on Reboot
- then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

c:\windows\system32\ide21201.vxd
c:\windows\system32\logs1.ini
c:\windows\addyc.dll
c:\windows\n_dcsrxd.log
C:\Documents and Settings\user\Favorites\Fun & Games
F:\Downloads\metro.zip
C:\Windows\apigr32.dll.bak
C:\Windows\cpblpbc35.log
C:\Windows\n_qzcuji.dat:qsimtv
C:\Windows\system32\iepy.dll.bak
C:\Windows\system32\netir32.dll.bak
C:\Windows\system32\syseb32.dll.bak
C:\Windows\system32\__delete_on_reboot__f_o_n_t_e_x_t_d_._d_l_l_
Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Set Explorer to view Hidden Files and Folders:

Right-click your Start button and go to "Explore".
Select Tools from the menu
Select Folder Options
Select the View tab
Click on Show all Files and Folders
Select Apply to All Folders | Yes | Apply | OK.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present) (This could be only one file. I just do not recognize the language):

C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp:
C:\Windows\회벽.bmp:
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp:
C:\Windows\회벽.bmp:
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp:
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp:
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp:
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp
C:\Windows\회벽.bmp

Set Explorer to Defaults:

Right-click your Start button and go to "Explore".
Select Tools from the menu
Select Folder Options
Select the View tab
Click on Restore Defaults
Select Apply to All Folders | Yes | Apply | OK.

Please post a Fresh Hijackthis log.

PeepShow · 10-Dec-2006, 06:52 PM **#22**

Some programs such as ERUNT and HJT on my desktop can't run, says can't find .exe files so is it ok to just download these programs again?

**JSntgRvr** · 10-Dec-2006, 08:54 PM **#23**

Quote:

Originally Posted by PeepShow

Some programs such as ERUNT and HJT on my desktop can't run, says can't find .exe files so is it ok to just download these programs again?

Yes!

PeepShow · 10-Dec-2006, 09:40 PM **#24**

Well I couldn't find the C:\Windows\회벽.bmp file in explorer. This is the log. Thanks for your time!

Logfile of HijackThis v1.99.1
Scan saved at 오전 10:36:50, on 2006-12-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Battery miser\batterymiser.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Documents and Settings\All Users\시작 메뉴\프로그램\시작프로그램\palstart.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\Hijackthis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\fj4asf2q.slt\prefs.js)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [batterymiser] C:\Program Files\Battery miser\batterymiser.exe
O4 - HKLM\..\Run: [imekrmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE TRUTION Web Camera
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.banktown.com
O15 - Trusted Zone: http://*.finger.co.kr
O15 - Trusted Zone: http://*.kcp.co.kr
O15 - Trusted Zone: http://*.telec.co.kr
O15 - Trusted Zone: http://*.vpay.co.kr
O15 - Trusted Zone: http://*.buddybuddy.co.kr (HKLM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136235792901
O16 - DPF: {7B38FE47-3BB4-6E07-277F-0B5A7D2DBBAE} - http://69.50.173.166/1/gdnKR2270.exe
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - http://download.softforum.co.kr/Publ...xw_install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} (WStarter Control) - http://live.pdbox.co.kr:8057/WStarter.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g382103746.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: windwv32 - windwv32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

**JSntgRvr** · 10-Dec-2006, 10:17 PM **#25**

Hi, PeepShow

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O15 - Trusted Zone: http://*.banktown.com
O15 - Trusted Zone: http://*.finger.co.kr
O15 - Trusted Zone: http://*.kcp.co.kr
O15 - Trusted Zone: http://*.telec.co.kr
O15 - Trusted Zone: http://*.vpay.co.kr
O15 - Trusted Zone: http://*.buddybuddy.co.kr (HKLM)
O16 - DPF: {7B38FE47-3BB4-6E07-277F-0B5A7D2DBBAE} - http://69.50.173.166/1/gdnKR2270.exe
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - http://download.softforum.co.kr/Publ...xw_install.cab
O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} (WStarter Control) - http://live.pdbox.co.kr:8057/WStarter.cab
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g382103746.dll (file missing)
O20 - Winlogon Notify: windwv32 - windwv32.dll (file missing)

Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

Close Hijackthis.

The rest of the log looks clear. How is the computer doing?

PeepShow · 10-Dec-2006, 10:31 PM **#26**

Thanks for your help so far JSntgRvr, well about one third of my programs are missing their .exe files so is there any way i can get them back running without having to reinstall everything? Cause a few hard to get software i got from this guy i lost contact with i doubt I will get them anywhere else again. And this 'Windows installer' keeps popping up, esp when i am staring I.E, it tells me to insert a cd to install Microsoft Office XP Professional with FrontPage. What shoud I do?

**JSntgRvr** · 11-Dec-2006, 12:47 PM **#27**

Hi, PeepShow

Quote:

Originally Posted by PeepShow

Thanks for your help so far JSntgRvr, well about one third of my programs are missing their .exe files so is there any way i can get them back running without having to reinstall everything? Cause a few hard to get software i got from this guy i lost contact with i doubt I will get them anywhere else again. And this 'Windows installer' keeps popping up, esp when i am staring I.E, it tells me to insert a cd to install Microsoft Office XP Professional with FrontPage. What shoud I do?

List the programs with missing .exe files
Take a screenshot of the IE error
- You can do this by pressing the PrintScreen key.
- Then go to Start > All Programs > Accessories > Paint
- In Paint, go up to Edit > Paste
- Then Go up to File > Save As. Click the drop-down box to change the "Save As Type" to "JPEG", name it what you want, and save it where you want.
- Then click Add Reply in this topic.
- Click the Browse button.
- Locate the file you just saved, click on it, then click Open.
- Click Add This Attachment.
Post a Combofix log
Post a fresh Hijackthis log.

Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard network printer problem ram registry router security slow software sound toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!