hijack log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

nsk

Thread Starter
Joined
Oct 1, 2003
Messages
2
Hello. Here's the result of Hijack This scan of my computer.
Seems like there are a lot more lines than other logs posted here..
Any help would be great. Thanks.

Logfile of HijackThis v1.97.2
Scan saved at ¿ÀÀü 3:02:11, on 03-10-01
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\WINDOWS\SYSTEM\MSHTA.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\EXIF LAUNCHER\QUICKDCF.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\MSHTA.EXE
C:\WINDOWS\SYSTEM\MSHTA.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\WINDOWS\SYSTEM\MSHTA.EXE
C:\WINDOWS\SYSTEM\MSHTA.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\MSHTA.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\ESTSOFT\ALZIP\ALZIP.EXE
D:\ASHLEY\Àß³ª¿Â°Å\HIJACKTHIS.EXE

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D-00400515CAAA} - (no file)
O2 - BHO: DWMHelper - {6AAC21F7-0980-40B2-88DC-FC0E1F1F7202} - C:\PROGRA~1\DAMOIM\DWM\DWMHEL~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: ????? - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\PROGRAM FILES\NHN\NAVERJUMP\NAVERJUMP_1_5_1_5.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [·¹Áö½ºÆ®¸® °Ë»ç] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [winmain] winmain.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" "+b1"
O4 - Startup: WINSOCK.DLL
O4 - Startup: WIN.INI
O4 - Startup: HWINFO.EXE
O4 - Startup: NETDET.INI
O4 - Startup: BILING.SYS
O4 - Startup: SUBACK.BIN
O4 - Startup: W98SETUP.BIN
O4 - Startup: LICENSE.TXT
O4 - Startup: SUPPORT.TXT
O4 - Startup: MPLAYER.EXE
O4 - Startup: RUNHELP.CAB
O4 - Startup: JAUTOEXP.DAT
O4 - Startup: NDDEAPI.DLL
O4 - Startup: NDDENB.DLL
O4 - Startup: SCRIPT.DOC
O4 - Startup: CLSPACK.EXE
O4 - Startup: DOSREP.EXE
O4 - Startup: DRWATSON.EXE
O4 - Startup: EXPLORER.EXE
O4 - Startup: EXTRAC32.EXE
O4 - Startup: FONTVIEW.EXE
O4 - Startup: GRPCONV.EXE
O4 - Startup: ODBC.INI
O4 - Startup: ISO10646.EXE
O4 - Startup: JVIEW.EXE
O4 - Startup: NETDDE.EXE
O4 - Startup: PIDSET.EXE
O4 - Startup: SETDEBUG.EXE
O4 - Startup: SIGVERIF.EXE
O4 - Startup: TUNEUP.EXE
O4 - Startup: UPWIZUN.EXE
O4 - Startup: WINREP.EXE
O4 - Startup: WJVIEW.EXE
O4 - Startup: BACKGRND.GIF
O4 - Startup: CLOUD.GIF
O4 - Startup: CONTENT.GIF
O4 - Startup: HLPBELL.GIF
O4 - Startup: HLPCD.GIF
O4 - Startup: HLPGLOBE.GIF
O4 - Startup: HLPLOGO.GIF
O4 - Startup: HLPSTEP1.GIF
O4 - Startup: HLPSTEP2.GIF
O4 - Startup: HLPSTEP3.GIF
O4 - Startup: WINLOGO.GIF
O4 - Startup: HTMLHELP.HTM
O4 - Startup: README.HTM
O4 - Startup: READM_01.HTZ
O4 - Startup: READM_02.HTZ
O4 - Startup: DOSREP.INI
O4 - Startup: HTMLHELP.INI
O4 - Startup: MSDFMAP.INI
O4 - Startup: SYSTEM.INI
O4 - Startup: OLDOSAPP.INI
O4 - Startup: DELUXECD.MDB
O4 - Startup: DOSPRMPT.PIF
O4 - Startup: EXPLORER.SCF
O4 - Startup: ODBCINST.INI
O4 - Startup: COUNTRY.SYS
O4 - Startup: CONFIG.TXT
O4 - Startup: DISPLAY.TXT
O4 - Startup: FAQ.TXT
O4 - Startup: GENERAL.TXT
O4 - Startup: HARDWARE.TXT
O4 - Startup: MOUSE.TXT
O4 - Startup: MSDOSDRV.TXT
O4 - Startup: NETWORK.TXT
O4 - Startup: PRINTERS.TXT
O4 - Startup: PROGRAMS.TXT
O4 - Startup: RECOVER.TXT
O4 - Startup: TIPS.TXT
O4 - Startup: REGTLIB.EXE
O4 - Startup: TELEPHON.INI
O4 - Startup: MSBATCH.INF
O4 - Startup: SMARTDRV.EXE
O4 - Startup: HIMEM.SYS
O4 - Startup: RAMDRIVE.SYS
O4 - Startup: HIDCI.DLL
O4 - Startup: LOGOS.SYS
O4 - Startup: LOGOW.SYS
O4 - Startup: 1STBOOT.BMP
O4 - Startup: ¹°¹æ¿ï.bmp
O4 - Startup: Æĵ¿.bmp
O4 - Startup: ¼¼·ÎÁÙ.bmp
O4 - Startup: ŸÀÏ.bmp
O4 - Startup: °ËÁ¤ ½û±â.bmp
O4 - Startup: ä³Î È_¸é º¸È£±â.SCR
O4 - Startup: WIN.COM
O4 - Startup: ICSLOG.OLD
O4 - Startup: MORICONS.DLL
O4 - Startup: MSOWS412.DLL
O4 - Startup: WAVEMIX.INI
O4 - Startup: ACCSTAT.EXE
O4 - Startup: ASD.EXE
O4 - Startup: CALC.EXE
O4 - Startup: CLEANMGR.EXE
O4 - Startup: CONTROL.EXE
O4 - Startup: CVT1.EXE
O4 - Startup: CVTAPLOG.EXE
O4 - Startup: DEFRAG.EXE
O4 - Startup: EMM386.EXE
O4 - Startup: MM2ENT.EXE
O4 - Startup: NOTEPAD.EXE
O4 - Startup: PACKAGER.EXE
O4 - Startup: PBRUSH.EXE
O4 - Startup: PROGMAN.EXE
O4 - Startup: REGEDIT.EXE
O4 - Startup: RG2CATDB.EXE
O4 - Startup: RUNDLL.EXE
O4 - Startup: RUNDLL32.EXE
O4 - Startup: SCANDSKW.EXE
O4 - Startup: SCANREGW.EXE
O4 - Startup: CTDEL.INI
O4 - Startup: SNDREC32.EXE
O4 - Startup: SNDVOL32.EXE
O4 - Startup: TASKMAN.EXE
O4 - Startup: TASKMON.EXE
O4 - Startup: VCMUI.EXE
O4 - Startup: WELCOME.EXE
O4 - Startup: WINFILE.EXE
O4 - Startup: WINHELP.EXE
O4 - Startup: WINHLP32.EXE
O4 - Startup: WININIT.EXE
O4 - Startup: WINVER.EXE
O4 - Startup: WRITE.EXE
O4 - Startup: WUPDMGR.EXE
O4 - Startup: WINUPD.ICO
O4 - Startup: IOS.INI
O4 - Startup: SCANREG.INI
O4 - Startup: µ¾ÀÚ¸®.bmp
O4 - Startup: ASPI2HLP.SYS
O4 - Startup: CMD640X.SYS
O4 - Startup: CMD640X2.SYS
O4 - Startup: DBLBUFF.SYS
O4 - Startup: IFSHLP.SYS
O4 - Startup: SFCSYNC.TXT
O4 - Startup: TWAIN.LOG
O4 - Startup: TWAIN_32.DLL
O4 - Startup: CDPLAYER.EXE
O4 - Startup: DIALER.EXE
O4 - Startup: KODAKIMG.EXE
O4 - Startup: KODAKPRV.EXE
O4 - Startup: TOUR98.EXE
O4 - Startup: TWUNK_16.EXE
O4 - Startup: TWUNK_32.EXE
O4 - Startup: SERVICES.TXT
O4 - Startup: COMMAND.COM
O4 - Startup: ICSLOG.TXT
O4 - Startup: POWERPNT.INI
O4 - Startup: SETVER.EXE
O4 - Startup: SYSTEM.I~I
O4 - Startup: WIN
O4 - Startup: QTW.INI
O4 - Startup: HWINFO.DAT
O4 - Startup: CONTROL.INI
O4 - Startup: NAMSEOK.PWL
O4 - Startup: MSOFFICE.INI
O4 - Startup: SYSTEM.CB
O4 - Startup: WIN386.SWP
O4 - Startup: NDISLOG.TXT
O4 - Startup: PROTOCOL.INI
O4 - Startup: PROTOCOL
O4 - Startup: SERVICES
O4 - Startup: SNMPAPI.DLL
O4 - Startup: NETWORKS
O4 - Startup: ARP.EXE
O4 - Startup: FTP.EXE
O4 - Startup: HOSTS.SAM
O4 - Startup: LMHOSTS.SAM
O4 - Startup: NETSTAT.EXE
O4 - Startup: PING.EXE
O4 - Startup: ROUTE.EXE
O4 - Startup: TELNET.EXE
O4 - Startup: TRACERT.EXE
O4 - Startup: WINIPCFG.EXE
O4 - Startup: CTCCW.DLL
O4 - Startup: IPCONFIG.EXE
O4 - Startup: NBTSTAT.EXE
O4 - Startup: INETMIB1.DLL
O4 - Startup: °ÔÀÓ¿ë MS-DOS ¸ðµå.pif
O4 - Startup: °ÔÀÓ¿ë MS-DOS ¸ðµå (EMS ¹× XMS Áö¿ø).pif
O4 - Startup: °ø±â ¹æ¿ï.bmp
O4 - Startup: ÀÌÁýÆ®.bmp
O4 - Startup: ¹°¶¼»õ °ÝÀÚ.bmp
O4 - Startup: »ï°¢Çü.bmp
O4 - Startup: ÆĶõ ¸®ºª.bmp
O4 - Startup: ¼³Ä¡.bmp
O4 - Startup: progman.ini
O4 - Startup: brndlog.txt
O4 - Startup: folder.htt
O4 - Startup: OEWABLog.txt
O4 - Startup: SchedLog.Txt
O4 - Startup: Default.sf0
O4 - Startup: Default.sfc
O4 - Startup: brndlog.bak
O4 - Startup: DOSSTART.BAT
O4 - Startup: uninst.exe
O4 - Startup: IsUninst.exe
O4 - Startup: CTDEL.EXE
O4 - Startup: MSIMGSIZ.DAT
O4 - Startup: CTDelLau.INI
O4 - Startup: UnInstall.dll
O4 - Startup: tmpdelis.bat
O4 - Startup: CTDelLau.exe
O4 - Startup: CTRES32.DLL
O4 - Startup: CTRES.DLL
O4 - Startup: DEFMIXER.REG
O4 - Startup: SBWIN.INI
O4 - Startup: NET.EXE
O4 - Startup: NET.MSG
O4 - Startup: NETH.MSG
O4 - Startup: WINPOPUP.EXE
O4 - Startup: hh.dat
O4 - Startup: WININIT.SAV
O4 - Startup: ctsyn.ini
O4 - Startup: RunOnceEx Log.txt
O4 - Startup: wplog.txt
O4 - Startup: BBDFBADJ
O4 - Startup: LOADQM.EXE
O4 - Startup: Directx.log
O4 - Startup: MODEMDET.TXT
O4 - Startup: MYTV.INI
O4 - Startup: IOS.LOG
O4 - Startup: hh.exe
O4 - Startup: SYSTEM.DAT
O4 - Startup: $$TEMP$$.$$$
O4 - Startup: VIRTUOSA.INI
O4 - Startup: USER.DAT
O4 - Startup: gsview32.ini
O4 - Startup: IE4 Error Log.txt
O4 - Startup: Internet Explorer ¹è°æ ¹«´Ì.bmp
O4 - Startup: hpfsched.exe
O4 - Startup: WORDPAD.INI
O4 - Startup: PCDLIB32.DLL
O4 - Startup: Sti_Trace.log
O4 - Startup: hpfsched.ini
O4 - Startup: reg.prm
O4 - Startup: hpinfo.lnk
O4 - Startup: Active Setup Log.txt
O4 - Startup: AdvpackExt.log
O4 - Startup: Active Setup Log.BAK
O4 - Startup: AdvpackExt.BAK
O4 - Startup: IE Setup Log.Txt
O4 - Startup: Channel Screen Saver.SCR
O4 - Startup: SUSFAIL.TXT
O4 - Startup: MDACSET.log
O4 - Startup: wscript.exe
O4 - Startup: Bind List Log.txt
O4 - Startup: vbaddin.ini
O4 - Startup: od-stnd59.exe
O4 - Startup: wininit.ini
O4 - Startup: ST6UNST.000
O4 - Startup: KPCMS.INI
O4 - Startup: ICSSetup.Log
O4 - Startup: winamp.ini
O4 - Startup: unvise32qt.exe
O4 - Startup: TWUNK003.MTX
O4 - Startup: COMMAND.PIF
O4 - Startup: hosts
O4 - Startup: $_hpcst$.hpc
O4 - Startup: MUSICMAN.INI
O4 - Startup: GLIDE2X.OVL
O4 - Startup: CTREC.INI
O4 - Startup: MSVCRT.DLL
O4 - Startup: IsUn0412.exe
O4 - Startup: screengenie.scr
O4 - Startup: WMSysPrx.prx
O4 - Startup: unacc.exe
O4 - Startup: QTFont.qfn
O4 - Startup: screengenie.xml
O4 - Startup: MORPHEUSOS.INI
O4 - Startup: MORPHEUS.INI
O4 - Startup: UnGins.exe
O4 - Startup: Unnero.exe
O4 - Startup: Unnero.cfg
O4 - Startup: QTFont.for
O4 - Startup: twain.dll
O4 - Startup: .plugin140_01.trace
O4 - Startup: java.exe
O4 - Startup: javaw.exe
O4 - Startup: wmplibrary_v_0_12.db
O4 - Startup: WININIT.BAK
O4 - Startup: msvcr70.dll
O4 - Startup: MSVCP60.DLL
O4 - Startup: Reg Save Log.txt
O4 - Startup: ttuninst.exe
O4 - Startup: wmsetup.log
O4 - Startup: videoimp.ini
O4 - Startup: ST6UNST.EXE
O4 - Startup: yessignCA.pub
O4 - Startup: Setup1.exe
O4 - Startup: dvvb.ini
O4 - Startup: Twain001.Mtx
O4 - Startup: Twunk002.MTX
O4 - Startup: yacs.log
O4 - Startup: Windows Update.log
O4 - Startup: winmain.exe
O4 - Startup: od-stnd67.exe
O4 - Startup: IFinst27.exe
O4 - Startup: rzSplit.Ini
O4 - Startup: ShellIconCache
O4 - Startup: pcconfig.dat
O4 - Startup: ieuninst.exe
O4 - Startup: Q330994.exe
O4 - Startup: loader.exe
O4 - Startup: CuckooDel.exe
O4 - Startup: od-asia6.exe
O4 - Startup: iedll.exe
O4 - Startup: system.css
O4 - Startup: RawSex.exe
O4 - Startup: $$temp$$.hwp
O4 - Startup: od-stnd236.exe
O4 - Startup: li-anald00017.exe
O4 - Startup: flg_tmp
O4 - Startup: od-stnd257.exe
O4 - Startup: flg
O4 - Startup: SetupPestPatrolBeta.mif
O4 - Startup: IEPatchUninstall.log
O8 - Extra context menu item: ³×À̹ö Áö½ÄiN °Ë»ö - res://C:\PROGRAM FILES\NHN\NAVERJUMP\NAVERJUMP_1_5_1_5.DLL /KBIN.HTML
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://193.125.201.50/?trk=
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - http://download.softforum.co.kr/XecureObject/xw50_install.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://tjap.bugsmusic.co.kr/setupfile/SetGlb.cab
O16 - DPF: {64D76536-0173-4873-AEC4-FF0A70DE3781} (BugsPlay Control) - http://tjap.bugsmusic.co.kr/setupfile/bugsplay_115.cab
O16 - DPF: {C999F4F2-016E-481C-98EF-6D165647434E} (CallMSG Class) - http://www.damoim.net/_lib/MSGCOM_2/DMCallMSG.cab
O16 - DPF: {C9037B70-F7E2-41D1-98B9-4FAA692529DB} (WebMSG Class) - http://www.damoim.net/_lib/MSGCOM_2/WebMessenger.cab
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://www.cjmall.com/initech/plugin/axINIplugin40.cab
O16 - DPF: Hihome FTP v1 - http://w35.hihome.com/CanPos/upload.cab
O16 - DPF: {C8B6FBA7-43CA-4466-9EE0-71797CEA00AA} (CuckooRun Control) - http://cdn.dearyou.com/2/cuckoo/cuckoorun.cab
O16 - DPF: {B5A1E63B-0242-4B7D-B564-8A17538DA241} (DDGClientX Control) - http://www.dearyou.com/ddgClient/DDGClientX.cab
O16 - DPF: {F256FF53-8057-4F7E-996B-963E27CE5EA1} (PdBox2 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox2.cab
O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol.com/down/SimFileControl.cab
O16 - DPF: {B0C9EAC7-BD8C-44AD-B89C-86EDFDAA7C56} (ToonsXYahoo Control) - http://kr.comics.yahoo.com/down/ToonsXYahoo.cab
O16 - DPF: {E6248D0C-9254-46E9-B97A-3BDB24BAB1BF} (YamChatInstallerCtrl Class) - http://chat.dearyou.com/ocx/YamChatInstaller.cab
O16 - DPF: {226906C8-B910-11D3-82A3-0000F81A655B} (Mbayactx Control) - http://vs.messagebay.co.kr/mbay/daum/mbayactx.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_6.CAB
O16 - DPF: {E5F55B7A-89D5-4387-B665-43437B3E293D} (X2Run Control) - http://www.x2game.com/Control/X2Run.Cab
O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} (AutoPatchOCX Control) - http://www.x2game.com/Control/AutoPatchOCX.cab
O16 - DPF: {4BC4C3E9-2BBB-4F28-A449-D25CD323109B} (HGAgentClient Control) - http://bar.hangame.naver.com/bar/HGAgentClient.cab
O16 - DPF: {14399F4E-7698-468C-B988-66486085A306} (HgbLauncher Class) - http://down.hangame.com/iservice/messenger/inst/ver1011/launcher.cab
O16 - DPF: {956C9F5B-0EEB-41B5-9D7B-FAD968AF9469} (HanGamePlugin13 Class) - http://down.hangame.com/dist/activex/HanGamePlugin13.cab
O16 - DPF: {741509F4-A5F2-478F-A84C-EBEF12041F45} (TvOnline Control) - http://www.everyzone.com/TvOnline/TvOnline.cab
O16 - DPF: {8C6582F6-F192-4D55-8326-2D742FC4E2A6} (HanGamePlugin14 Class) - http://down.hangame.com/dist/activex/HanGamePlugin14.cab
O16 - DPF: {93B4395A-3A54-4DEB-ADDA-67052A9E407A} (PhotoJoy Control) - http://www.photojoy.com/EzPicto/PhotoJoyX.cab
O16 - DPF: {CB78A39D-39B0-41AB-A519-664B15ED58AD} (FileUpload Control) - http://www2.okfoto.co.kr/control/fileupload.cab
O16 - DPF: {DBCEFBFE-B49D-4D6C-B024-FE1903C0366E} (XBTSessionManager Control) - http://login.bugsmusic.co.kr/reg/cab/XBTSessionManager.CAB
O16 - DPF: {3283DF90-1733-4A79-B1F5-2D05A8E4D448} (HanGamePlugin15 Class) - http://down.hangame.com/dist/activex/HanGamePlugin15.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/03a70ebb12be5607d205/netzip/RdxIE601.cab
O16 - DPF: {575594D5-8974-4AFE-9919-8FE4AA687DEF} (Nhnplayer Control) - http://www.wepicast.com/caster/nhnplayerx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {ED1DE51C-2677-450A-8BC1-764218137696} (Install Class) - http://www.damoim.net/_lib/DMAU.cab
O16 - DPF: {5E9100DE-8D7C-4C41-A79B-8C18BD114DEC} (NewChatloveDown Control) - http://musiccast.web114.com/arisoocast/NewChatloveDown.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37894.9440972222
 
Joined
Oct 9, 2001
Messages
9,396
Run hijackthis again and put a checkmark against these entries....double check
in case you miss anything....
.....then,close all browser and outlook windows and "fix checked"

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D-00400515CAAA} - (no file)
O2 - BHO: DWMHelper - {6AAC21F7-0980-40B2-88DC-FC0E1F1F7202} - C:\PROGRA~1\DAMOIM\DWM\DWMHEL~1.DLL
O3 - Toolbar: ????? - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\PROGRAM FILES\NHN\NAVERJUMP\NAVERJUMP_1_5_1_5.DLL (file missing)
O4 - HKLM\..\Run: [winmain] winmain.exe

There are a lot more to "fix" but first lets do this.

Go here:http://housecall.trendmicro.com/
and do an no-line A/V scan.

Download Spybot - Search & Destroy http://www.safer-networking.org/
After installing, first press Online, and search for, put a check mark at, and install all updates.
Next, close all IE windows, hit 'Check for Problems', and have SpyBot remove all it marks in red.

Then.... download Ad-Aware at www.lavasoft.usa.com
After installing AAW, and before running the program, update by using the Globe icon.
Shut down and restart Ad-Aware.
Now press "Scan Now", then 'next', and let Ad-Aware scan your drives.
It will find a number of "bad" files and registry keys. Click 'Next' again.
Rightclick in that pane and choose "select all and click 'next'.
It will ask you whether you'd like to remove all checked items. Click OK.
Finally, close Ad-Aware, and reboot.

Post a 2nd hijackthis logfile.

;)
 

dvk01

Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
First Name
Derek
run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

R3 - Default URLSearchHook is missing
O2 - BHO: DWMHelper - {6AAC21F7-0980-40B2-88DC-FC0E1F1F7202} - C:\PROGRA~1\DAMOIM\DWM\DWMHEL~1.DLL
O3 - Toolbar: ????? - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\PROGRAM FILES\NHN\NAVERJUMP\NAVERJUMP_1_5_1_5.DLL (file missing)
O4 - HKLM\..\Run: [winmain] winmain.exe
O4 - Startup: WINSOCK.DLL
O4 - Startup: WIN.INI
O4 - Startup: HWINFO.EXE
O4 - Startup: NETDET.INI
O4 - Startup: BILING.SYS
O4 - Startup: SUBACK.BIN
O4 - Startup: W98SETUP.BIN
O4 - Startup: LICENSE.TXT
O4 - Startup: SUPPORT.TXT
O4 - Startup: MPLAYER.EXE
O4 - Startup: RUNHELP.CAB
O4 - Startup: JAUTOEXP.DAT
O4 - Startup: NDDEAPI.DLL
O4 - Startup: NDDENB.DLL
O4 - Startup: SCRIPT.DOC
O4 - Startup: CLSPACK.EXE
O4 - Startup: DOSREP.EXE
O4 - Startup: DRWATSON.EXE
O4 - Startup: EXPLORER.EXE
O4 - Startup: EXTRAC32.EXE
O4 - Startup: FONTVIEW.EXE
O4 - Startup: GRPCONV.EXE
O4 - Startup: ODBC.INI
O4 - Startup: ISO10646.EXE
O4 - Startup: JVIEW.EXE
O4 - Startup: NETDDE.EXE
O4 - Startup: PIDSET.EXE
O4 - Startup: SETDEBUG.EXE
O4 - Startup: SIGVERIF.EXE
O4 - Startup: TUNEUP.EXE
O4 - Startup: UPWIZUN.EXE
O4 - Startup: WINREP.EXE
O4 - Startup: WJVIEW.EXE
O4 - Startup: BACKGRND.GIF
O4 - Startup: CLOUD.GIF
O4 - Startup: CONTENT.GIF
O4 - Startup: HLPBELL.GIF
O4 - Startup: HLPCD.GIF
O4 - Startup: HLPGLOBE.GIF
O4 - Startup: HLPLOGO.GIF
O4 - Startup: HLPSTEP1.GIF
O4 - Startup: HLPSTEP2.GIF
O4 - Startup: HLPSTEP3.GIF
O4 - Startup: WINLOGO.GIF
O4 - Startup: HTMLHELP.HTM
O4 - Startup: README.HTM
O4 - Startup: READM_01.HTZ
O4 - Startup: READM_02.HTZ
O4 - Startup: DOSREP.INI
O4 - Startup: HTMLHELP.INI
O4 - Startup: MSDFMAP.INI
O4 - Startup: SYSTEM.INI
O4 - Startup: OLDOSAPP.INI
O4 - Startup: DELUXECD.MDB
O4 - Startup: DOSPRMPT.PIF
O4 - Startup: EXPLORER.SCF
O4 - Startup: ODBCINST.INI
O4 - Startup: COUNTRY.SYS
O4 - Startup: CONFIG.TXT
O4 - Startup: DISPLAY.TXT
O4 - Startup: FAQ.TXT
O4 - Startup: GENERAL.TXT
O4 - Startup: HARDWARE.TXT
O4 - Startup: MOUSE.TXT
O4 - Startup: MSDOSDRV.TXT
O4 - Startup: NETWORK.TXT
O4 - Startup: PRINTERS.TXT
O4 - Startup: PROGRAMS.TXT
O4 - Startup: RECOVER.TXT
O4 - Startup: TIPS.TXT
O4 - Startup: REGTLIB.EXE
O4 - Startup: TELEPHON.INI
O4 - Startup: MSBATCH.INF
O4 - Startup: SMARTDRV.EXE
O4 - Startup: HIMEM.SYS
O4 - Startup: RAMDRIVE.SYS
O4 - Startup: HIDCI.DLL
O4 - Startup: LOGOS.SYS
O4 - Startup: LOGOW.SYS
O4 - Startup: 1STBOOT.BMP
O4 - Startup: ¹°¹æ¿ï.bmp
O4 - Startup: Æĵ¿.bmp
O4 - Startup: ¼¼·ÎÁÙ.bmp
O4 - Startup: ŸÀÏ.bmp
O4 - Startup: °ËÁ¤ ½û±â.bmp
O4 - Startup: ä³Î È_¸é º¸È£±â.SCR
O4 - Startup: WIN.COM
O4 - Startup: ICSLOG.OLD
O4 - Startup: MORICONS.DLL
O4 - Startup: MSOWS412.DLL
O4 - Startup: WAVEMIX.INI
O4 - Startup: ACCSTAT.EXE
O4 - Startup: ASD.EXE
O4 - Startup: CALC.EXE
O4 - Startup: CLEANMGR.EXE
O4 - Startup: CONTROL.EXE
O4 - Startup: CVT1.EXE
O4 - Startup: CVTAPLOG.EXE
O4 - Startup: DEFRAG.EXE
O4 - Startup: EMM386.EXE
O4 - Startup: MM2ENT.EXE
O4 - Startup: NOTEPAD.EXE
O4 - Startup: PACKAGER.EXE
O4 - Startup: PBRUSH.EXE
O4 - Startup: PROGMAN.EXE
O4 - Startup: REGEDIT.EXE
O4 - Startup: RG2CATDB.EXE
O4 - Startup: RUNDLL.EXE
O4 - Startup: RUNDLL32.EXE
O4 - Startup: SCANDSKW.EXE
O4 - Startup: SCANREGW.EXE
O4 - Startup: CTDEL.INI
O4 - Startup: SNDREC32.EXE
O4 - Startup: SNDVOL32.EXE
O4 - Startup: TASKMAN.EXE
O4 - Startup: TASKMON.EXE
O4 - Startup: VCMUI.EXE
O4 - Startup: WELCOME.EXE
O4 - Startup: WINFILE.EXE
O4 - Startup: WINHELP.EXE
O4 - Startup: WINHLP32.EXE
O4 - Startup: WININIT.EXE
O4 - Startup: WINVER.EXE
O4 - Startup: WRITE.EXE
O4 - Startup: WUPDMGR.EXE
O4 - Startup: WINUPD.ICO
O4 - Startup: IOS.INI
O4 - Startup: SCANREG.INI
O4 - Startup: µ¾ÀÚ¸®.bmp
O4 - Startup: ASPI2HLP.SYS
O4 - Startup: CMD640X.SYS
O4 - Startup: CMD640X2.SYS
O4 - Startup: DBLBUFF.SYS
O4 - Startup: IFSHLP.SYS
O4 - Startup: SFCSYNC.TXT
O4 - Startup: TWAIN.LOG
O4 - Startup: TWAIN_32.DLL
O4 - Startup: CDPLAYER.EXE
O4 - Startup: DIALER.EXE
O4 - Startup: KODAKIMG.EXE
O4 - Startup: KODAKPRV.EXE
O4 - Startup: TOUR98.EXE
O4 - Startup: TWUNK_16.EXE
O4 - Startup: TWUNK_32.EXE
O4 - Startup: SERVICES.TXT
O4 - Startup: COMMAND.COM
O4 - Startup: ICSLOG.TXT
O4 - Startup: POWERPNT.INI
O4 - Startup: SETVER.EXE
O4 - Startup: SYSTEM.I~I
O4 - Startup: WIN
O4 - Startup: QTW.INI
O4 - Startup: HWINFO.DAT
O4 - Startup: CONTROL.INI
O4 - Startup: NAMSEOK.PWL
O4 - Startup: MSOFFICE.INI
O4 - Startup: SYSTEM.CB
O4 - Startup: WIN386.SWP
O4 - Startup: NDISLOG.TXT
O4 - Startup: PROTOCOL.INI
O4 - Startup: PROTOCOL
O4 - Startup: SERVICES
O4 - Startup: SNMPAPI.DLL
O4 - Startup: NETWORKS
O4 - Startup: ARP.EXE
O4 - Startup: FTP.EXE
O4 - Startup: HOSTS.SAM
O4 - Startup: LMHOSTS.SAM
O4 - Startup: NETSTAT.EXE
O4 - Startup: PING.EXE
O4 - Startup: ROUTE.EXE
O4 - Startup: TELNET.EXE
O4 - Startup: TRACERT.EXE
O4 - Startup: WINIPCFG.EXE
O4 - Startup: CTCCW.DLL
O4 - Startup: IPCONFIG.EXE
O4 - Startup: NBTSTAT.EXE
O4 - Startup: INETMIB1.DLL
O4 - Startup: °ÔÀÓ¿ë MS-DOS ¸ðµå.pif
O4 - Startup: °ÔÀÓ¿ë MS-DOS ¸ðµå (EMS ¹× XMS Áö¿ø).pif
O4 - Startup: °ø±â ¹æ¿ï.bmp
O4 - Startup: ÀÌÁýÆ®.bmp
O4 - Startup: ¹°¶¼»õ °ÝÀÚ.bmp
O4 - Startup: »ï°¢Çü.bmp
O4 - Startup: ÆĶõ ¸®ºª.bmp
O4 - Startup: ¼³Ä¡.bmp
O4 - Startup: progman.ini
O4 - Startup: brndlog.txt
O4 - Startup: folder.htt
O4 - Startup: OEWABLog.txt
O4 - Startup: SchedLog.Txt
O4 - Startup: Default.sf0
O4 - Startup: Default.sfc
O4 - Startup: brndlog.bak
O4 - Startup: DOSSTART.BAT
O4 - Startup: uninst.exe
O4 - Startup: IsUninst.exe
O4 - Startup: CTDEL.EXE
O4 - Startup: MSIMGSIZ.DAT
O4 - Startup: CTDelLau.INI
O4 - Startup: UnInstall.dll
O4 - Startup: tmpdelis.bat
O4 - Startup: CTDelLau.exe
O4 - Startup: CTRES32.DLL
O4 - Startup: CTRES.DLL
O4 - Startup: DEFMIXER.REG
O4 - Startup: SBWIN.INI
O4 - Startup: NET.EXE
O4 - Startup: NET.MSG
O4 - Startup: NETH.MSG
O4 - Startup: WINPOPUP.EXE
O4 - Startup: hh.dat
O4 - Startup: WININIT.SAV
O4 - Startup: ctsyn.ini
O4 - Startup: RunOnceEx Log.txt
O4 - Startup: wplog.txt
O4 - Startup: BBDFBADJ
O4 - Startup: LOADQM.EXE
O4 - Startup: Directx.log
O4 - Startup: MODEMDET.TXT
O4 - Startup: MYTV.INI
O4 - Startup: IOS.LOG
O4 - Startup: hh.exe
O4 - Startup: SYSTEM.DAT
O4 - Startup: $$TEMP$$.$$$
O4 - Startup: VIRTUOSA.INI
O4 - Startup: USER.DAT
O4 - Startup: gsview32.ini
O4 - Startup: IE4 Error Log.txt
O4 - Startup: Internet Explorer ¹è°æ ¹«´Ì.bmp
O4 - Startup: hpfsched.exe
O4 - Startup: WORDPAD.INI
O4 - Startup: PCDLIB32.DLL
O4 - Startup: Sti_Trace.log
O4 - Startup: hpfsched.ini
O4 - Startup: reg.prm
O4 - Startup: hpinfo.lnk
O4 - Startup: Active Setup Log.txt
O4 - Startup: AdvpackExt.log
O4 - Startup: Active Setup Log.BAK
O4 - Startup: AdvpackExt.BAK
O4 - Startup: IE Setup Log.Txt
O4 - Startup: Channel Screen Saver.SCR
O4 - Startup: SUSFAIL.TXT
O4 - Startup: MDACSET.log
O4 - Startup: wscript.exe
O4 - Startup: Bind List Log.txt
O4 - Startup: vbaddin.ini
O4 - Startup: od-stnd59.exe
O4 - Startup: wininit.ini
O4 - Startup: ST6UNST.000
O4 - Startup: KPCMS.INI
O4 - Startup: ICSSetup.Log
O4 - Startup: winamp.ini
O4 - Startup: unvise32qt.exe
O4 - Startup: TWUNK003.MTX
O4 - Startup: COMMAND.PIF
O4 - Startup: hosts
O4 - Startup: $_hpcst$.hpc
O4 - Startup: MUSICMAN.INI
O4 - Startup: GLIDE2X.OVL
O4 - Startup: CTREC.INI
O4 - Startup: MSVCRT.DLL
O4 - Startup: IsUn0412.exe
O4 - Startup: screengenie.scr
O4 - Startup: WMSysPrx.prx
O4 - Startup: unacc.exe
O4 - Startup: QTFont.qfn
O4 - Startup: screengenie.xml
O4 - Startup: MORPHEUSOS.INI
O4 - Startup: MORPHEUS.INI
O4 - Startup: UnGins.exe
O4 - Startup: Unnero.exe
O4 - Startup: Unnero.cfg
O4 - Startup: QTFont.for
O4 - Startup: twain.dll
O4 - Startup: .plugin140_01.trace
O4 - Startup: java.exe
O4 - Startup: javaw.exe
O4 - Startup: wmplibrary_v_0_12.db
O4 - Startup: WININIT.BAK
O4 - Startup: msvcr70.dll
O4 - Startup: MSVCP60.DLL
O4 - Startup: Reg Save Log.txt
O4 - Startup: ttuninst.exe
O4 - Startup: wmsetup.log
O4 - Startup: videoimp.ini
O4 - Startup: ST6UNST.EXE
O4 - Startup: yessignCA.pub
O4 - Startup: Setup1.exe
O4 - Startup: dvvb.ini
O4 - Startup: Twain001.Mtx
O4 - Startup: Twunk002.MTX
O4 - Startup: yacs.log
O4 - Startup: Windows Update.log
O4 - Startup: winmain.exe
O4 - Startup: od-stnd67.exe
O4 - Startup: IFinst27.exe
O4 - Startup: rzSplit.Ini
O4 - Startup: ShellIconCache
O4 - Startup: pcconfig.dat
O4 - Startup: ieuninst.exe
O4 - Startup: Q330994.exe
O4 - Startup: loader.exe
O4 - Startup: CuckooDel.exe
O4 - Startup: od-asia6.exe
O4 - Startup: iedll.exe
O4 - Startup: system.css
O4 - Startup: RawSex.exe
O4 - Startup: $$temp$$.hwp
O4 - Startup: od-stnd236.exe
O4 - Startup: li-anald00017.exe
O4 - Startup: flg_tmp
O4 - Startup: od-stnd257.exe
O4 - Startup: flg
O4 - Startup: SetupPestPatrolBeta.mif
O4 - Startup: IEPatchUninstall.log
O8 - Extra context menu item: ³×À̹ö Áö½ÄiN °Ë»ö - res://C:\PROGRAM FILES\NHN\NAVERJUMP\NAVERJUMP_1_5_1_5.DLL /KBIN.HTML
O13 - DefaultPrefix: http://193.125.201.50/?trk=

All the O16 entries except microsoft/macromedia or any other entry that you KNOW YOU have installed and definitely need or want. ( any of these that are removed will be prompted to be downloaded if needed by a genuine program next time you use the program, so it's perfectly safe to remove any of them)

download AdAware 6 181
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

then......

click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

then.........

go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and tick "Automaticly try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"

then...... click "proceed" to save your settings.

Now to scan it´s just to click the "Scan" button.

When scan is finished, mark everything for removal and get rid of it.

then
Download Spybot - Search & Destroy from http://security.kolla.de

After installing, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.


Run an online antivirus check from at least one of the following sites
http://security.symantec.com/default.asp?
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
 

nsk

Thread Starter
Joined
Oct 1, 2003
Messages
2
Hi. Thanks for the replies guys. I didn't know which instruction to follow so i just did the first instruction said, which is steve's.
So here is the 2nd log.

Logfile of HijackThis v1.97.2
Scan saved at ¿ÀÈÄ 11:45:57, on 03-10-01
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\EXIF LAUNCHER\QUICKDCF.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\HANMESOFT\MYQUICKFIND\MYQUICKFIND.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\ASHLEY\Àß³ª¿Â°Å\HIJACKTHIS.EXE
C:\WINDOWS\NOTEPAD.EXE

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [·¹Áö½ºÆ®¸® °Ë»ç] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: WINSOCK.DLL
O4 - Startup: WIN.INI
O4 - Startup: HWINFO.EXE
O4 - Startup: NETDET.INI
O4 - Startup: BILING.SYS
O4 - Startup: SUBACK.BIN
O4 - Startup: W98SETUP.BIN
O4 - Startup: LICENSE.TXT
O4 - Startup: SUPPORT.TXT
O4 - Startup: MPLAYER.EXE
O4 - Startup: RUNHELP.CAB
O4 - Startup: JAUTOEXP.DAT
O4 - Startup: NDDEAPI.DLL
O4 - Startup: NDDENB.DLL
O4 - Startup: SCRIPT.DOC
O4 - Startup: CLSPACK.EXE
O4 - Startup: DOSREP.EXE
O4 - Startup: DRWATSON.EXE
O4 - Startup: EXPLORER.EXE
O4 - Startup: EXTRAC32.EXE
O4 - Startup: FONTVIEW.EXE
O4 - Startup: GRPCONV.EXE
O4 - Startup: ODBC.INI
O4 - Startup: ISO10646.EXE
O4 - Startup: JVIEW.EXE
O4 - Startup: NETDDE.EXE
O4 - Startup: PIDSET.EXE
O4 - Startup: SETDEBUG.EXE
O4 - Startup: SIGVERIF.EXE
O4 - Startup: TUNEUP.EXE
O4 - Startup: UPWIZUN.EXE
O4 - Startup: WINREP.EXE
O4 - Startup: WJVIEW.EXE
O4 - Startup: BACKGRND.GIF
O4 - Startup: CLOUD.GIF
O4 - Startup: CONTENT.GIF
O4 - Startup: HLPBELL.GIF
O4 - Startup: HLPCD.GIF
O4 - Startup: HLPGLOBE.GIF
O4 - Startup: HLPLOGO.GIF
O4 - Startup: HLPSTEP1.GIF
O4 - Startup: HLPSTEP2.GIF
O4 - Startup: HLPSTEP3.GIF
O4 - Startup: WINLOGO.GIF
O4 - Startup: HTMLHELP.HTM
O4 - Startup: README.HTM
O4 - Startup: READM_01.HTZ
O4 - Startup: READM_02.HTZ
O4 - Startup: DOSREP.INI
O4 - Startup: HTMLHELP.INI
O4 - Startup: MSDFMAP.INI
O4 - Startup: SYSTEM.INI
O4 - Startup: OLDOSAPP.INI
O4 - Startup: DELUXECD.MDB
O4 - Startup: DOSPRMPT.PIF
O4 - Startup: EXPLORER.SCF
O4 - Startup: ODBCINST.INI
O4 - Startup: COUNTRY.SYS
O4 - Startup: CONFIG.TXT
O4 - Startup: DISPLAY.TXT
O4 - Startup: FAQ.TXT
O4 - Startup: GENERAL.TXT
O4 - Startup: HARDWARE.TXT
O4 - Startup: MOUSE.TXT
O4 - Startup: MSDOSDRV.TXT
O4 - Startup: NETWORK.TXT
O4 - Startup: PRINTERS.TXT
O4 - Startup: PROGRAMS.TXT
O4 - Startup: RECOVER.TXT
O4 - Startup: TIPS.TXT
O4 - Startup: REGTLIB.EXE
O4 - Startup: TELEPHON.INI
O4 - Startup: MSBATCH.INF
O4 - Startup: SMARTDRV.EXE
O4 - Startup: HIMEM.SYS
O4 - Startup: RAMDRIVE.SYS
O4 - Startup: HIDCI.DLL
O4 - Startup: LOGOS.SYS
O4 - Startup: LOGOW.SYS
O4 - Startup: 1STBOOT.BMP
O4 - Startup: ¹°¹æ¿ï.bmp
O4 - Startup: Æĵ¿.bmp
O4 - Startup: ¼¼·ÎÁÙ.bmp
O4 - Startup: ŸÀÏ.bmp
O4 - Startup: °ËÁ¤ ½û±â.bmp
O4 - Startup: ä³Î È_¸é º¸È£±â.SCR
O4 - Startup: WIN.COM
O4 - Startup: ICSLOG.OLD
O4 - Startup: MORICONS.DLL
O4 - Startup: MSOWS412.DLL
O4 - Startup: WAVEMIX.INI
O4 - Startup: ACCSTAT.EXE
O4 - Startup: ASD.EXE
O4 - Startup: CALC.EXE
O4 - Startup: CLEANMGR.EXE
O4 - Startup: CONTROL.EXE
O4 - Startup: CVT1.EXE
O4 - Startup: CVTAPLOG.EXE
O4 - Startup: DEFRAG.EXE
O4 - Startup: EMM386.EXE
O4 - Startup: MM2ENT.EXE
O4 - Startup: NOTEPAD.EXE
O4 - Startup: PACKAGER.EXE
O4 - Startup: PBRUSH.EXE
O4 - Startup: PROGMAN.EXE
O4 - Startup: REGEDIT.EXE
O4 - Startup: RG2CATDB.EXE
O4 - Startup: RUNDLL.EXE
O4 - Startup: RUNDLL32.EXE
O4 - Startup: SCANDSKW.EXE
O4 - Startup: SCANREGW.EXE
O4 - Startup: CTDEL.INI
O4 - Startup: SNDREC32.EXE
O4 - Startup: SNDVOL32.EXE
O4 - Startup: TASKMAN.EXE
O4 - Startup: TASKMON.EXE
O4 - Startup: VCMUI.EXE
O4 - Startup: WELCOME.EXE
O4 - Startup: WINFILE.EXE
O4 - Startup: WINHELP.EXE
O4 - Startup: WINHLP32.EXE
O4 - Startup: WININIT.EXE
O4 - Startup: WINVER.EXE
O4 - Startup: WRITE.EXE
O4 - Startup: WUPDMGR.EXE
O4 - Startup: WINUPD.ICO
O4 - Startup: IOS.INI
O4 - Startup: SCANREG.INI
O4 - Startup: µ¾ÀÚ¸®.bmp
O4 - Startup: ASPI2HLP.SYS
O4 - Startup: CMD640X.SYS
O4 - Startup: CMD640X2.SYS
O4 - Startup: DBLBUFF.SYS
O4 - Startup: IFSHLP.SYS
O4 - Startup: SFCSYNC.TXT
O4 - Startup: TWAIN.LOG
O4 - Startup: TWAIN_32.DLL
O4 - Startup: CDPLAYER.EXE
O4 - Startup: DIALER.EXE
O4 - Startup: KODAKIMG.EXE
O4 - Startup: KODAKPRV.EXE
O4 - Startup: TOUR98.EXE
O4 - Startup: TWUNK_16.EXE
O4 - Startup: TWUNK_32.EXE
O4 - Startup: SERVICES.TXT
O4 - Startup: COMMAND.COM
O4 - Startup: ICSLOG.TXT
O4 - Startup: POWERPNT.INI
O4 - Startup: SETVER.EXE
O4 - Startup: SYSTEM.I~I
O4 - Startup: WIN
O4 - Startup: QTW.INI
O4 - Startup: HWINFO.DAT
O4 - Startup: CONTROL.INI
O4 - Startup: NAMSEOK.PWL
O4 - Startup: MSOFFICE.INI
O4 - Startup: SYSTEM.CB
O4 - Startup: WIN386.SWP
O4 - Startup: NDISLOG.TXT
O4 - Startup: PATCH.EXE
O4 - Startup: PROTOCOL.INI
O4 - Startup: PROTOCOL
O4 - Startup: SERVICES
O4 - Startup: SNMPAPI.DLL
O4 - Startup: NETWORKS
O4 - Startup: ARP.EXE
O4 - Startup: FTP.EXE
O4 - Startup: HOSTS.SAM
O4 - Startup: LMHOSTS.SAM
O4 - Startup: NETSTAT.EXE
O4 - Startup: PING.EXE
O4 - Startup: ROUTE.EXE
O4 - Startup: TELNET.EXE
O4 - Startup: TRACERT.EXE
O4 - Startup: WINIPCFG.EXE
O4 - Startup: CTCCW.DLL
O4 - Startup: IPCONFIG.EXE
O4 - Startup: NBTSTAT.EXE
O4 - Startup: INETMIB1.DLL
O4 - Startup: °ÔÀÓ¿ë MS-DOS ¸ðµå.pif
O4 - Startup: °ÔÀÓ¿ë MS-DOS ¸ðµå (EMS ¹× XMS Áö¿ø).pif
O4 - Startup: °ø±â ¹æ¿ï.bmp
O4 - Startup: ÀÌÁýÆ®.bmp
O4 - Startup: ¹°¶¼»õ °ÝÀÚ.bmp
O4 - Startup: »ï°¢Çü.bmp
O4 - Startup: ÆĶõ ¸®ºª.bmp
O4 - Startup: ¼³Ä¡.bmp
O4 - Startup: progman.ini
O4 - Startup: brndlog.txt
O4 - Startup: folder.htt
O4 - Startup: OEWABLog.txt
O4 - Startup: SchedLog.Txt
O4 - Startup: Default.sf0
O4 - Startup: Default.sfc
O4 - Startup: brndlog.bak
O4 - Startup: DOSSTART.BAT
O4 - Startup: uninst.exe
O4 - Startup: IsUninst.exe
O4 - Startup: CTDEL.EXE
O4 - Startup: MSIMGSIZ.DAT
O4 - Startup: CTDelLau.INI
O4 - Startup: UnInstall.dll
O4 - Startup: tmpdelis.bat
O4 - Startup: CTDelLau.exe
O4 - Startup: CTRES32.DLL
O4 - Startup: CTRES.DLL
O4 - Startup: DEFMIXER.REG
O4 - Startup: SBWIN.INI
O4 - Startup: NET.EXE
O4 - Startup: NET.MSG
O4 - Startup: NETH.MSG
O4 - Startup: WINPOPUP.EXE
O4 - Startup: hh.dat
O4 - Startup: WININIT.SAV
O4 - Startup: ctsyn.ini
O4 - Startup: RunOnceEx Log.txt
O4 - Startup: wplog.txt
O4 - Startup: BBDFBADJ
O4 - Startup: LOADQM.EXE
O4 - Startup: Directx.log
O4 - Startup: MODEMDET.TXT
O4 - Startup: MYTV.INI
O4 - Startup: IOS.LOG
O4 - Startup: hh.exe
O4 - Startup: SYSTEM.DAT
O4 - Startup: $$TEMP$$.$$$
O4 - Startup: VIRTUOSA.INI
O4 - Startup: USER.DAT
O4 - Startup: gsview32.ini
O4 - Startup: IE4 Error Log.txt
O4 - Startup: Internet Explorer ¹è°æ ¹«´Ì.bmp
O4 - Startup: hpfsched.exe
O4 - Startup: WORDPAD.INI
O4 - Startup: PCDLIB32.DLL
O4 - Startup: Sti_Trace.log
O4 - Startup: hpfsched.ini
O4 - Startup: reg.prm
O4 - Startup: hpinfo.lnk
O4 - Startup: Active Setup Log.txt
O4 - Startup: AdvpackExt.log
O4 - Startup: Active Setup Log.BAK
O4 - Startup: AdvpackExt.BAK
O4 - Startup: IE Setup Log.Txt
O4 - Startup: Channel Screen Saver.SCR
O4 - Startup: SUSFAIL.TXT
O4 - Startup: MDACSET.log
O4 - Startup: wscript.exe
O4 - Startup: Bind List Log.txt
O4 - Startup: vbaddin.ini
O4 - Startup: WININIT.BAK
O4 - Startup: UNZIP.DLL
O4 - Startup: ST6UNST.000
O4 - Startup: KPCMS.INI
O4 - Startup: ICSSetup.Log
O4 - Startup: winamp.ini
O4 - Startup: unvise32qt.exe
O4 - Startup: TWUNK003.MTX
O4 - Startup: COMMAND.PIF
O4 - Startup: hosts
O4 - Startup: $_hpcst$.hpc
O4 - Startup: MUSICMAN.INI
O4 - Startup: GLIDE2X.OVL
O4 - Startup: CTREC.INI
O4 - Startup: MSVCRT.DLL
O4 - Startup: IsUn0412.exe
O4 - Startup: screengenie.scr
O4 - Startup: WMSysPrx.prx
O4 - Startup: unacc.exe
O4 - Startup: screengenie.xml
O4 - Startup: MORPHEUSOS.INI
O4 - Startup: MORPHEUS.INI
O4 - Startup: UnGins.exe
O4 - Startup: Unnero.exe
O4 - Startup: Unnero.cfg
O4 - Startup: twain.dll
O4 - Startup: .plugin140_01.trace
O4 - Startup: java.exe
O4 - Startup: javaw.exe
O4 - Startup: wmplibrary_v_0_12.db
O4 - Startup: TMUPDATE.DLL
O4 - Startup: msvcr70.dll
O4 - Startup: MSVCP60.DLL
O4 - Startup: Reg Save Log.txt
O4 - Startup: ttuninst.exe
O4 - Startup: wmsetup.log
O4 - Startup: videoimp.ini
O4 - Startup: ST6UNST.EXE
O4 - Startup: yessignCA.pub
O4 - Startup: MEMBOOT.DLL
O4 - Startup: Setup1.exe
O4 - Startup: dvvb.ini
O4 - Startup: Twain001.Mtx
O4 - Startup: Twunk002.MTX
O4 - Startup: yacs.log
O4 - Startup: Windows Update.log
O4 - Startup: IFinst27.exe
O4 - Startup: rzSplit.Ini
O4 - Startup: ShellIconCache
O4 - Startup: pcconfig.dat
O4 - Startup: ieuninst.exe
O4 - Startup: Q330994.exe
O4 - Startup: loadhttp.dll
O4 - Startup: loader.exe
O4 - Startup: CuckooDel.exe
O4 - Startup: VPTNFILE.642
O4 - Startup: od-asia6.exe
O4 - Startup: iedll.exe
O4 - Startup: system.css
O4 - Startup: RawSex.exe
O4 - Startup: $$temp$$.hwp
O4 - Startup: od-stnd236.exe
O4 - Startup: li-anald00017.exe
O4 - Startup: aucfg.ini
O4 - Startup: flg_tmp
O4 - Startup: od-stnd257.exe
O4 - Startup: flg
O4 - Startup: SetupPestPatrolBeta.mif
O4 - Startup: IEPatchUninstall.log
O4 - Startup: tmupdate.ini
O4 - Startup: runtsckl.exe
O4 - Startup: patchw32.dll
O4 - Startup: GetServer.ini
O4 - Startup: AuHCcup1.dll
O4 - Startup: AuHCcup1.ini
O4 - Startup: lpt$vpn.642
O4 - Startup: BPM95.dll
O4 - Startup: vsapi32.dll
O4 - Startup: HCExtOutput.dll
O4 - Startup: tsc.exe
O4 - Startup: TSC.ini
O4 - Startup: tsc.ptn
O8 - Extra context menu item: ³×À̹ö Áö½ÄiN °Ë»ö - res://C:\PROGRAM FILES\NHN\NAVERJUMP\NAVERJUMP_1_5_1_5.DLL /KBIN.HTML
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - http://download.softforum.co.kr/XecureObject/xw50_install.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://tjap.bugsmusic.co.kr/setupfile/SetGlb.cab
O16 - DPF: {64D76536-0173-4873-AEC4-FF0A70DE3781} (BugsPlay Control) - http://tjap.bugsmusic.co.kr/setupfile/bugsplay_115.cab
O16 - DPF: {C999F4F2-016E-481C-98EF-6D165647434E} (CallMSG Class) - http://www.damoim.net/_lib/MSGCOM_2/DMCallMSG.cab
O16 - DPF: {C9037B70-F7E2-41D1-98B9-4FAA692529DB} (WebMSG Class) - http://www.damoim.net/_lib/MSGCOM_2/WebMessenger.cab
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://www.cjmall.com/initech/plugin/axINIplugin40.cab
O16 - DPF: Hihome FTP v1 - http://w35.hihome.com/CanPos/upload.cab
O16 - DPF: {C8B6FBA7-43CA-4466-9EE0-71797CEA00AA} (CuckooRun Control) - http://cdn.dearyou.com/2/cuckoo/cuckoorun.cab
O16 - DPF: {B5A1E63B-0242-4B7D-B564-8A17538DA241} (DDGClientX Control) - http://www.dearyou.com/ddgClient/DDGClientX.cab
O16 - DPF: {F256FF53-8057-4F7E-996B-963E27CE5EA1} (PdBox2 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox2.cab
O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol.com/down/SimFileControl.cab
O16 - DPF: {B0C9EAC7-BD8C-44AD-B89C-86EDFDAA7C56} (ToonsXYahoo Control) - http://kr.comics.yahoo.com/down/ToonsXYahoo.cab
O16 - DPF: {E6248D0C-9254-46E9-B97A-3BDB24BAB1BF} (YamChatInstallerCtrl Class) - http://chat.dearyou.com/ocx/YamChatInstaller.cab
O16 - DPF: {226906C8-B910-11D3-82A3-0000F81A655B} (Mbayactx Control) - http://vs.messagebay.co.kr/mbay/daum/mbayactx.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_6.CAB
O16 - DPF: {E5F55B7A-89D5-4387-B665-43437B3E293D} (X2Run Control) - http://www.x2game.com/Control/X2Run.Cab
O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} (AutoPatchOCX Control) - http://www.x2game.com/Control/AutoPatchOCX.cab
O16 - DPF: {4BC4C3E9-2BBB-4F28-A449-D25CD323109B} (HGAgentClient Control) - http://bar.hangame.naver.com/bar/HGAgentClient.cab
O16 - DPF: {14399F4E-7698-468C-B988-66486085A306} (HgbLauncher Class) - http://down.hangame.com/iservice/messenger/inst/ver1011/launcher.cab
O16 - DPF: {956C9F5B-0EEB-41B5-9D7B-FAD968AF9469} (HanGamePlugin13 Class) - http://down.hangame.com/dist/activex/HanGamePlugin13.cab
O16 - DPF: {741509F4-A5F2-478F-A84C-EBEF12041F45} (TvOnline Control) - http://www.everyzone.com/TvOnline/TvOnline.cab
O16 - DPF: {8C6582F6-F192-4D55-8326-2D742FC4E2A6} (HanGamePlugin14 Class) - http://down.hangame.com/dist/activex/HanGamePlugin14.cab
O16 - DPF: {93B4395A-3A54-4DEB-ADDA-67052A9E407A} (PhotoJoy Control) - http://www.photojoy.com/EzPicto/PhotoJoyX.cab
O16 - DPF: {CB78A39D-39B0-41AB-A519-664B15ED58AD} (FileUpload Control) - http://www2.okfoto.co.kr/control/fileupload.cab
O16 - DPF: {DBCEFBFE-B49D-4D6C-B024-FE1903C0366E} (XBTSessionManager Control) - http://login.bugsmusic.co.kr/reg/cab/XBTSessionManager.CAB
O16 - DPF: {3283DF90-1733-4A79-B1F5-2D05A8E4D448} (HanGamePlugin15 Class) - http://down.hangame.com/dist/activex/HanGamePlugin15.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/03a70ebb12be5607d205/netzip/RdxIE601.cab
O16 - DPF: {575594D5-8974-4AFE-9919-8FE4AA687DEF} (Nhnplayer Control) - http://www.wepicast.com/caster/nhnplayerx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {ED1DE51C-2677-450A-8BC1-764218137696} (Install Class) - http://www.damoim.net/_lib/DMAU.cab
O16 - DPF: {5E9100DE-8D7C-4C41-A79B-8C18BD114DEC} (NewChatloveDown Control) - http://musiccast.web114.com/arisoocast/NewChatloveDown.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37894.9440972222
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (PC-cillin HouseCall
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\SYSTEM\urlmon.dll
 
Joined
Oct 9, 2001
Messages
9,396
Actually Dereks advice was sound enough.........I just wanted to see if Adaware and spybot would recoginse and take out any of the O4`s.

Check and "fix" all these:

O4 - Startup: WINSOCK.DLL
O4 - Startup: WIN.INI
O4 - Startup: HWINFO.EXE
O4 - Startup: NETDET.INI
O4 - Startup: BILING.SYS
O4 - Startup: SUBACK.BIN
O4 - Startup: W98SETUP.BIN
O4 - Startup: LICENSE.TXT
O4 - Startup: SUPPORT.TXT
O4 - Startup: MPLAYER.EXE
O4 - Startup: RUNHELP.CAB
O4 - Startup: JAUTOEXP.DAT
O4 - Startup: NDDEAPI.DLL
O4 - Startup: NDDENB.DLL
O4 - Startup: SCRIPT.DOC
O4 - Startup: CLSPACK.EXE
O4 - Startup: DOSREP.EXE
O4 - Startup: DRWATSON.EXE
O4 - Startup: EXPLORER.EXE
O4 - Startup: EXTRAC32.EXE
O4 - Startup: FONTVIEW.EXE
O4 - Startup: GRPCONV.EXE
O4 - Startup: ODBC.INI
O4 - Startup: ISO10646.EXE
O4 - Startup: JVIEW.EXE
O4 - Startup: NETDDE.EXE
O4 - Startup: PIDSET.EXE
O4 - Startup: SETDEBUG.EXE
O4 - Startup: SIGVERIF.EXE
O4 - Startup: TUNEUP.EXE
O4 - Startup: UPWIZUN.EXE
O4 - Startup: WINREP.EXE
O4 - Startup: WJVIEW.EXE
O4 - Startup: BACKGRND.GIF
O4 - Startup: CLOUD.GIF
O4 - Startup: CONTENT.GIF
O4 - Startup: HLPBELL.GIF
O4 - Startup: HLPCD.GIF
O4 - Startup: HLPGLOBE.GIF
O4 - Startup: HLPLOGO.GIF
O4 - Startup: HLPSTEP1.GIF
O4 - Startup: HLPSTEP2.GIF
O4 - Startup: HLPSTEP3.GIF
O4 - Startup: WINLOGO.GIF
O4 - Startup: HTMLHELP.HTM
O4 - Startup: README.HTM
O4 - Startup: READM_01.HTZ
O4 - Startup: READM_02.HTZ
O4 - Startup: DOSREP.INI
O4 - Startup: HTMLHELP.INI
O4 - Startup: MSDFMAP.INI
O4 - Startup: SYSTEM.INI
O4 - Startup: OLDOSAPP.INI
O4 - Startup: DELUXECD.MDB
O4 - Startup: DOSPRMPT.PIF
O4 - Startup: EXPLORER.SCF
O4 - Startup: ODBCINST.INI
O4 - Startup: COUNTRY.SYS
O4 - Startup: CONFIG.TXT
O4 - Startup: DISPLAY.TXT
O4 - Startup: FAQ.TXT
O4 - Startup: GENERAL.TXT
O4 - Startup: HARDWARE.TXT
O4 - Startup: MOUSE.TXT
O4 - Startup: MSDOSDRV.TXT
O4 - Startup: NETWORK.TXT
O4 - Startup: PRINTERS.TXT
O4 - Startup: PROGRAMS.TXT
O4 - Startup: RECOVER.TXT
O4 - Startup: TIPS.TXT
O4 - Startup: REGTLIB.EXE
O4 - Startup: TELEPHON.INI
O4 - Startup: MSBATCH.INF
O4 - Startup: SMARTDRV.EXE
O4 - Startup: HIMEM.SYS
O4 - Startup: RAMDRIVE.SYS
O4 - Startup: HIDCI.DLL
O4 - Startup: LOGOS.SYS
O4 - Startup: LOGOW.SYS
O4 - Startup: 1STBOOT.BMP
O4 - Startup: ¹°¹æ¿ï.bmp
O4 - Startup: Æĵ¿.bmp
O4 - Startup: ¼¼·ÎÁÙ.bmp
O4 - Startup: ŸÀÏ.bmp
O4 - Startup: °ËÁ¤ ½û±â.bmp
O4 - Startup: ä³Î È_¸é º¸È£±â.SCR
O4 - Startup: WIN.COM
O4 - Startup: ICSLOG.OLD
O4 - Startup: MORICONS.DLL
O4 - Startup: MSOWS412.DLL
O4 - Startup: WAVEMIX.INI
O4 - Startup: ACCSTAT.EXE
O4 - Startup: ASD.EXE
O4 - Startup: CALC.EXE
O4 - Startup: CLEANMGR.EXE
O4 - Startup: CONTROL.EXE
O4 - Startup: CVT1.EXE
O4 - Startup: CVTAPLOG.EXE
O4 - Startup: DEFRAG.EXE
O4 - Startup: EMM386.EXE
O4 - Startup: MM2ENT.EXE
O4 - Startup: NOTEPAD.EXE
O4 - Startup: PACKAGER.EXE
O4 - Startup: PBRUSH.EXE
O4 - Startup: PROGMAN.EXE
O4 - Startup: REGEDIT.EXE
O4 - Startup: RG2CATDB.EXE
O4 - Startup: RUNDLL.EXE
O4 - Startup: RUNDLL32.EXE
O4 - Startup: SCANDSKW.EXE
O4 - Startup: SCANREGW.EXE
O4 - Startup: CTDEL.INI
O4 - Startup: SNDREC32.EXE
O4 - Startup: SNDVOL32.EXE
O4 - Startup: TASKMAN.EXE
O4 - Startup: TASKMON.EXE
O4 - Startup: VCMUI.EXE
O4 - Startup: WELCOME.EXE
O4 - Startup: WINFILE.EXE
O4 - Startup: WINHELP.EXE
O4 - Startup: WINHLP32.EXE
O4 - Startup: WININIT.EXE
O4 - Startup: WINVER.EXE
O4 - Startup: WRITE.EXE
O4 - Startup: WUPDMGR.EXE
O4 - Startup: WINUPD.ICO
O4 - Startup: IOS.INI
O4 - Startup: SCANREG.INI
O4 - Startup: µ¾ÀÚ¸®.bmp
O4 - Startup: ASPI2HLP.SYS
O4 - Startup: CMD640X.SYS
O4 - Startup: CMD640X2.SYS
O4 - Startup: DBLBUFF.SYS
O4 - Startup: IFSHLP.SYS
O4 - Startup: SFCSYNC.TXT
O4 - Startup: TWAIN.LOG
O4 - Startup: TWAIN_32.DLL
O4 - Startup: CDPLAYER.EXE
O4 - Startup: DIALER.EXE
O4 - Startup: KODAKIMG.EXE
O4 - Startup: KODAKPRV.EXE
O4 - Startup: TOUR98.EXE
O4 - Startup: TWUNK_16.EXE
O4 - Startup: TWUNK_32.EXE
O4 - Startup: SERVICES.TXT
O4 - Startup: COMMAND.COM
O4 - Startup: ICSLOG.TXT
O4 - Startup: POWERPNT.INI
O4 - Startup: SETVER.EXE
O4 - Startup: SYSTEM.I~I
O4 - Startup: WIN
O4 - Startup: QTW.INI
O4 - Startup: HWINFO.DAT
O4 - Startup: CONTROL.INI
O4 - Startup: NAMSEOK.PWL
O4 - Startup: MSOFFICE.INI
O4 - Startup: SYSTEM.CB
O4 - Startup: WIN386.SWP
O4 - Startup: NDISLOG.TXT
O4 - Startup: PROTOCOL.INI
O4 - Startup: PROTOCOL
O4 - Startup: SERVICES
O4 - Startup: SNMPAPI.DLL
O4 - Startup: NETWORKS
O4 - Startup: ARP.EXE
O4 - Startup: FTP.EXE
O4 - Startup: HOSTS.SAM
O4 - Startup: LMHOSTS.SAM
O4 - Startup: NETSTAT.EXE
O4 - Startup: PING.EXE
O4 - Startup: ROUTE.EXE
O4 - Startup: TELNET.EXE
O4 - Startup: TRACERT.EXE
O4 - Startup: WINIPCFG.EXE
O4 - Startup: CTCCW.DLL
O4 - Startup: IPCONFIG.EXE
O4 - Startup: NBTSTAT.EXE
O4 - Startup: INETMIB1.DLL
O4 - Startup: °ÔÀÓ¿ë MS-DOS ¸ðµå.pif
O4 - Startup: °ÔÀÓ¿ë MS-DOS ¸ðµå (EMS ¹× XMS Áö¿ø).pif
O4 - Startup: °ø±â ¹æ¿ï.bmp
O4 - Startup: ÀÌÁýÆ®.bmp
O4 - Startup: ¹°¶¼»õ °ÝÀÚ.bmp
O4 - Startup: »ï°¢Çü.bmp
O4 - Startup: ÆĶõ ¸®ºª.bmp
O4 - Startup: ¼³Ä¡.bmp
O4 - Startup: progman.ini
O4 - Startup: brndlog.txt
O4 - Startup: folder.htt
O4 - Startup: OEWABLog.txt
O4 - Startup: SchedLog.Txt
O4 - Startup: Default.sf0
O4 - Startup: Default.sfc
O4 - Startup: brndlog.bak
O4 - Startup: DOSSTART.BAT
O4 - Startup: uninst.exe
O4 - Startup: IsUninst.exe
O4 - Startup: CTDEL.EXE
O4 - Startup: MSIMGSIZ.DAT
O4 - Startup: CTDelLau.INI
O4 - Startup: UnInstall.dll
O4 - Startup: tmpdelis.bat
O4 - Startup: CTDelLau.exe
O4 - Startup: CTRES32.DLL
O4 - Startup: CTRES.DLL
O4 - Startup: DEFMIXER.REG
O4 - Startup: SBWIN.INI
O4 - Startup: NET.EXE
O4 - Startup: NET.MSG
O4 - Startup: NETH.MSG
O4 - Startup: WINPOPUP.EXE
O4 - Startup: hh.dat
O4 - Startup: WININIT.SAV
O4 - Startup: ctsyn.ini
O4 - Startup: RunOnceEx Log.txt
O4 - Startup: wplog.txt
O4 - Startup: BBDFBADJ
O4 - Startup: LOADQM.EXE
O4 - Startup: Directx.log
O4 - Startup: MODEMDET.TXT
O4 - Startup: MYTV.INI
O4 - Startup: IOS.LOG
O4 - Startup: hh.exe
O4 - Startup: SYSTEM.DAT
O4 - Startup: $$TEMP$$.$$$
O4 - Startup: VIRTUOSA.INI
O4 - Startup: USER.DAT
O4 - Startup: gsview32.ini
O4 - Startup: IE4 Error Log.txt
O4 - Startup: Internet Explorer ¹è°æ ¹«´Ì.bmp
O4 - Startup: hpfsched.exe
O4 - Startup: WORDPAD.INI
O4 - Startup: PCDLIB32.DLL
O4 - Startup: Sti_Trace.log
O4 - Startup: hpfsched.ini
O4 - Startup: reg.prm
O4 - Startup: hpinfo.lnk
O4 - Startup: Active Setup Log.txt
O4 - Startup: AdvpackExt.log
O4 - Startup: Active Setup Log.BAK
O4 - Startup: AdvpackExt.BAK
O4 - Startup: IE Setup Log.Txt
O4 - Startup: Channel Screen Saver.SCR
O4 - Startup: SUSFAIL.TXT
O4 - Startup: MDACSET.log
O4 - Startup: wscript.exe
O4 - Startup: Bind List Log.txt
O4 - Startup: vbaddin.ini
O4 - Startup: od-stnd59.exe
O4 - Startup: wininit.ini
O4 - Startup: ST6UNST.000
O4 - Startup: KPCMS.INI
O4 - Startup: ICSSetup.Log
O4 - Startup: winamp.ini
O4 - Startup: unvise32qt.exe
O4 - Startup: TWUNK003.MTX
O4 - Startup: COMMAND.PIF
O4 - Startup: hosts
O4 - Startup: $_hpcst$.hpc
O4 - Startup: MUSICMAN.INI
O4 - Startup: GLIDE2X.OVL
O4 - Startup: CTREC.INI
O4 - Startup: MSVCRT.DLL
O4 - Startup: IsUn0412.exe
O4 - Startup: screengenie.scr
O4 - Startup: WMSysPrx.prx
O4 - Startup: unacc.exe
O4 - Startup: QTFont.qfn
O4 - Startup: screengenie.xml
O4 - Startup: MORPHEUSOS.INI
O4 - Startup: MORPHEUS.INI
O4 - Startup: UnGins.exe
O4 - Startup: Unnero.exe
O4 - Startup: Unnero.cfg
O4 - Startup: QTFont.for
O4 - Startup: twain.dll
O4 - Startup: .plugin140_01.trace
O4 - Startup: java.exe
O4 - Startup: javaw.exe
O4 - Startup: wmplibrary_v_0_12.db
O4 - Startup: WININIT.BAK
O4 - Startup: msvcr70.dll
O4 - Startup: MSVCP60.DLL
O4 - Startup: Reg Save Log.txt
O4 - Startup: ttuninst.exe
O4 - Startup: wmsetup.log
O4 - Startup: videoimp.ini
O4 - Startup: ST6UNST.EXE
O4 - Startup: yessignCA.pub
O4 - Startup: Setup1.exe
O4 - Startup: dvvb.ini
O4 - Startup: Twain001.Mtx
O4 - Startup: Twunk002.MTX
O4 - Startup: yacs.log
O4 - Startup: Windows Update.log
O4 - Startup: winmain.exe
O4 - Startup: od-stnd67.exe
O4 - Startup: IFinst27.exe
O4 - Startup: rzSplit.Ini
O4 - Startup: ShellIconCache
O4 - Startup: pcconfig.dat
O4 - Startup: ieuninst.exe
O4 - Startup: Q330994.exe
O4 - Startup: loader.exe
O4 - Startup: CuckooDel.exe
O4 - Startup: od-asia6.exe
O4 - Startup: iedll.exe
O4 - Startup: system.css
O4 - Startup: RawSex.exe
O4 - Startup: $$temp$$.hwp
O4 - Startup: od-stnd236.exe
O4 - Startup: li-anald00017.exe
O4 - Startup: flg_tmp
O4 - Startup: od-stnd257.exe
O4 - Startup: flg
O4 - Startup: SetupPestPatrolBeta.mif
O4 - Startup: IEPatchUninstall.log
O8 - Extra context menu item: ³×À̹ö Áö½ÄiN °Ë»ö - res://C:\PROGRAM FILES\NHN\NAVERJUMP\NAVERJUMP_1_5_1_5.DLL /KBIN.HTML
O13 - DefaultPrefix: http://193.125.201.50/?trk=


[Then follow this advice from Derek]
All the O16 entries except microsoft/macromedia or any other entry that you KNOW YOU have installed and definitely need or want. ( any of these that are removed will be prompted to be downloaded if needed by a genuine program next time you use the program, so it's perfectly safe to remove any of them)

Good luck

;)
 
Joined
Aug 18, 2003
Messages
2,438
Did you run a remote on-line A-V scan as suggested? Was anything found?

Did you remove any objects with SB or A-A?

Please post a new logfile after fixing the objects $teve identified.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top