1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hijack log

Discussion in 'Virus & Other Malware Removal' started by nsk, Oct 1, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. nsk

    nsk Thread Starter

    Joined:
    Oct 1, 2003
    Messages:
    2
    Hello. Here's the result of Hijack This scan of my computer.
    Seems like there are a lot more lines than other logs posted here..
    Any help would be great. Thanks.

    Logfile of HijackThis v1.97.2
    Scan saved at ¿ÀÀü 3:02:11, on 03-10-01
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SYSTEM\ICSMGR.EXE
    C:\WINDOWS\SYSTEM\MSHTA.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\EXIF LAUNCHER\QUICKDCF.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\MSHTA.EXE
    C:\WINDOWS\SYSTEM\MSHTA.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
    C:\WINDOWS\SYSTEM\MSHTA.EXE
    C:\WINDOWS\SYSTEM\MSHTA.EXE
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\MSHTA.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\ESTSOFT\ALZIP\ALZIP.EXE
    D:\ASHLEY\Àß³ª¿Â°Å\HIJACKTHIS.EXE

    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D-00400515CAAA} - (no file)
    O2 - BHO: DWMHelper - {6AAC21F7-0980-40B2-88DC-FC0E1F1F7202} - C:\PROGRA~1\DAMOIM\DWM\DWMHEL~1.DLL
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: ????? - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\PROGRAM FILES\NHN\NAVERJUMP\NAVERJUMP_1_5_1_5.DLL (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [internat.exe] internat.exe
    O4 - HKLM\..\Run: [·¹Áö½ºÆ®¸® °Ë»ç] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
    O4 - HKLM\..\Run: [winmain] winmain.exe
    O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" "+b1"
    O4 - Startup: WINSOCK.DLL
    O4 - Startup: WIN.INI
    O4 - Startup: HWINFO.EXE
    O4 - Startup: NETDET.INI
    O4 - Startup: BILING.SYS
    O4 - Startup: SUBACK.BIN
    O4 - Startup: W98SETUP.BIN
    O4 - Startup: LICENSE.TXT
    O4 - Startup: SUPPORT.TXT
    O4 - Startup: MPLAYER.EXE
    O4 - Startup: RUNHELP.CAB
    O4 - Startup: JAUTOEXP.DAT
    O4 - Startup: NDDEAPI.DLL
    O4 - Startup: NDDENB.DLL
    O4 - Startup: SCRIPT.DOC
    O4 - Startup: CLSPACK.EXE
    O4 - Startup: DOSREP.EXE
    O4 - Startup: DRWATSON.EXE
    O4 - Startup: EXPLORER.EXE
    O4 - Startup: EXTRAC32.EXE
    O4 - Startup: FONTVIEW.EXE
    O4 - Startup: GRPCONV.EXE
    O4 - Startup: ODBC.INI
    O4 - Startup: ISO10646.EXE
    O4 - Startup: JVIEW.EXE
    O4 - Startup: NETDDE.EXE
    O4 - Startup: PIDSET.EXE
    O4 - Startup: SETDEBUG.EXE
    O4 - Startup: SIGVERIF.EXE
    O4 - Startup: TUNEUP.EXE
    O4 - Startup: UPWIZUN.EXE
    O4 - Startup: WINREP.EXE
    O4 - Startup: WJVIEW.EXE
    O4 - Startup: BACKGRND.GIF
    O4 - Startup: CLOUD.GIF
    O4 - Startup: CONTENT.GIF
    O4 - Startup: HLPBELL.GIF
    O4 - Startup: HLPCD.GIF
    O4 - Startup: HLPGLOBE.GIF
    O4 - Startup: HLPLOGO.GIF
    O4 - Startup: HLPSTEP1.GIF
    O4 - Startup: HLPSTEP2.GIF
    O4 - Startup: HLPSTEP3.GIF
    O4 - Startup: WINLOGO.GIF
    O4 - Startup: HTMLHELP.HTM
    O4 - Startup: README.HTM
    O4 - Startup: READM_01.HTZ
    O4 - Startup: READM_02.HTZ
    O4 - Startup: DOSREP.INI
    O4 - Startup: HTMLHELP.INI
    O4 - Startup: MSDFMAP.INI
    O4 - Startup: SYSTEM.INI
    O4 - Startup: OLDOSAPP.INI
    O4 - Startup: DELUXECD.MDB
    O4 - Startup: DOSPRMPT.PIF
    O4 - Startup: EXPLORER.SCF
    O4 - Startup: ODBCINST.INI
    O4 - Startup: COUNTRY.SYS
    O4 - Startup: CONFIG.TXT
    O4 - Startup: DISPLAY.TXT
    O4 - Startup: FAQ.TXT
    O4 - Startup: GENERAL.TXT
    O4 - Startup: HARDWARE.TXT
    O4 - Startup: MOUSE.TXT
    O4 - Startup: MSDOSDRV.TXT
    O4 - Startup: NETWORK.TXT
    O4 - Startup: PRINTERS.TXT
    O4 - Startup: PROGRAMS.TXT
    O4 - Startup: RECOVER.TXT
    O4 - Startup: TIPS.TXT
    O4 - Startup: REGTLIB.EXE
    O4 - Startup: TELEPHON.INI
    O4 - Startup: MSBATCH.INF
    O4 - Startup: SMARTDRV.EXE
    O4 - Startup: HIMEM.SYS
    O4 - Startup: RAMDRIVE.SYS
    O4 - Startup: HIDCI.DLL
    O4 - Startup: LOGOS.SYS
    O4 - Startup: LOGOW.SYS
    O4 - Startup: 1STBOOT.BMP
    O4 - Startup: ¹°¹æ¿ï.bmp
    O4 - Startup: Æĵ¿.bmp
    O4 - Startup: ¼¼·ÎÁÙ.bmp
    O4 - Startup: ŸÀÏ.bmp
    O4 - Startup: °ËÁ¤ ½û±â.bmp
    O4 - Startup: ä³Î È_¸é º¸È£±â.SCR
    O4 - Startup: WIN.COM
    O4 - Startup: ICSLOG.OLD
    O4 - Startup: MORICONS.DLL
    O4 - Startup: MSOWS412.DLL
    O4 - Startup: WAVEMIX.INI
    O4 - Startup: ACCSTAT.EXE
    O4 - Startup: ASD.EXE
    O4 - Startup: CALC.EXE
    O4 - Startup: CLEANMGR.EXE
    O4 - Startup: CONTROL.EXE
    O4 - Startup: CVT1.EXE
    O4 - Startup: CVTAPLOG.EXE
    O4 - Startup: DEFRAG.EXE
    O4 - Startup: EMM386.EXE
    O4 - Startup: MM2ENT.EXE
    O4 - Startup: NOTEPAD.EXE
    O4 - Startup: PACKAGER.EXE
    O4 - Startup: PBRUSH.EXE
    O4 - Startup: PROGMAN.EXE
    O4 - Startup: REGEDIT.EXE
    O4 - Startup: RG2CATDB.EXE
    O4 - Startup: RUNDLL.EXE
    O4 - Startup: RUNDLL32.EXE
    O4 - Startup: SCANDSKW.EXE
    O4 - Startup: SCANREGW.EXE
    O4 - Startup: CTDEL.INI
    O4 - Startup: SNDREC32.EXE
    O4 - Startup: SNDVOL32.EXE
    O4 - Startup: TASKMAN.EXE
    O4 - Startup: TASKMON.EXE
    O4 - Startup: VCMUI.EXE
    O4 - Startup: WELCOME.EXE
    O4 - Startup: WINFILE.EXE
    O4 - Startup: WINHELP.EXE
    O4 - Startup: WINHLP32.EXE
    O4 - Startup: WININIT.EXE
    O4 - Startup: WINVER.EXE
    O4 - Startup: WRITE.EXE
    O4 - Startup: WUPDMGR.EXE
    O4 - Startup: WINUPD.ICO
    O4 - Startup: IOS.INI
    O4 - Startup: SCANREG.INI
    O4 - Startup: µ¾ÀÚ¸®.bmp
    O4 - Startup: ASPI2HLP.SYS
    O4 - Startup: CMD640X.SYS
    O4 - Startup: CMD640X2.SYS
    O4 - Startup: DBLBUFF.SYS
    O4 - Startup: IFSHLP.SYS
    O4 - Startup: SFCSYNC.TXT
    O4 - Startup: TWAIN.LOG
    O4 - Startup: TWAIN_32.DLL
    O4 - Startup: CDPLAYER.EXE
    O4 - Startup: DIALER.EXE
    O4 - Startup: KODAKIMG.EXE
    O4 - Startup: KODAKPRV.EXE
    O4 - Startup: TOUR98.EXE
    O4 - Startup: TWUNK_16.EXE
    O4 - Startup: TWUNK_32.EXE
    O4 - Startup: SERVICES.TXT
    O4 - Startup: COMMAND.COM
    O4 - Startup: ICSLOG.TXT
    O4 - Startup: POWERPNT.INI
    O4 - Startup: SETVER.EXE
    O4 - Startup: SYSTEM.I~I
    O4 - Startup: WIN
    O4 - Startup: QTW.INI
    O4 - Startup: HWINFO.DAT
    O4 - Startup: CONTROL.INI
    O4 - Startup: NAMSEOK.PWL
    O4 - Startup: MSOFFICE.INI
    O4 - Startup: SYSTEM.CB
    O4 - Startup: WIN386.SWP
    O4 - Startup: NDISLOG.TXT
    O4 - Startup: PROTOCOL.INI
    O4 - Startup: PROTOCOL
    O4 - Startup: SERVICES
    O4 - Startup: SNMPAPI.DLL
    O4 - Startup: NETWORKS
    O4 - Startup: ARP.EXE
    O4 - Startup: FTP.EXE
    O4 - Startup: HOSTS.SAM
    O4 - Startup: LMHOSTS.SAM
    O4 - Startup: NETSTAT.EXE
    O4 - Startup: PING.EXE
    O4 - Startup: ROUTE.EXE
    O4 - Startup: TELNET.EXE
    O4 - Startup: TRACERT.EXE
    O4 - Startup: WINIPCFG.EXE
    O4 - Startup: CTCCW.DLL
    O4 - Startup: IPCONFIG.EXE
    O4 - Startup: NBTSTAT.EXE
    O4 - Startup: INETMIB1.DLL
    O4 - Startup: °ÔÀÓ¿ë MS-DOS ¸ðµå.pif
    O4 - Startup: °ÔÀÓ¿ë MS-DOS ¸ðµå (EMS ¹× XMS Áö¿ø).pif
    O4 - Startup: °ø±â ¹æ¿ï.bmp
    O4 - Startup: ÀÌÁýÆ®.bmp
    O4 - Startup: ¹°¶¼»õ °ÝÀÚ.bmp
    O4 - Startup: »ï°¢Çü.bmp
    O4 - Startup: ÆĶõ ¸®ºª.bmp
    O4 - Startup: ¼³Ä¡.bmp
    O4 - Startup: progman.ini
    O4 - Startup: brndlog.txt
    O4 - Startup: folder.htt
    O4 - Startup: OEWABLog.txt
    O4 - Startup: SchedLog.Txt
    O4 - Startup: Default.sf0
    O4 - Startup: Default.sfc
    O4 - Startup: brndlog.bak
    O4 - Startup: DOSSTART.BAT
    O4 - Startup: uninst.exe
    O4 - Startup: IsUninst.exe
    O4 - Startup: CTDEL.EXE
    O4 - Startup: MSIMGSIZ.DAT
    O4 - Startup: CTDelLau.INI
    O4 - Startup: UnInstall.dll
    O4 - Startup: tmpdelis.bat
    O4 - Startup: CTDelLau.exe
    O4 - Startup: CTRES32.DLL
    O4 - Startup: CTRES.DLL
    O4 - Startup: DEFMIXER.REG
    O4 - Startup: SBWIN.INI
    O4 - Startup: NET.EXE
    O4 - Startup: NET.MSG
    O4 - Startup: NETH.MSG
    O4 - Startup: WINPOPUP.EXE
    O4 - Startup: hh.dat
    O4 - Startup: WININIT.SAV
    O4 - Startup: ctsyn.ini
    O4 - Startup: RunOnceEx Log.txt
    O4 - Startup: wplog.txt
    O4 - Startup: BBDFBADJ
    O4 - Startup: LOADQM.EXE
    O4 - Startup: Directx.log
    O4 - Startup: MODEMDET.TXT
    O4 - Startup: MYTV.INI
    O4 - Startup: IOS.LOG
    O4 - Startup: hh.exe
    O4 - Startup: SYSTEM.DAT
    O4 - Startup: $$TEMP$$.$$$
    O4 - Startup: VIRTUOSA.INI
    O4 - Startup: USER.DAT
    O4 - Startup: gsview32.ini
    O4 - Startup: IE4 Error Log.txt
    O4 - Startup: Internet Explorer ¹è°æ ¹«´Ì.bmp
    O4 - Startup: hpfsched.exe
    O4 - Startup: WORDPAD.INI
    O4 - Startup: PCDLIB32.DLL
    O4 - Startup: Sti_Trace.log
    O4 - Startup: hpfsched.ini
    O4 - Startup: reg.prm
    O4 - Startup: hpinfo.lnk
    O4 - Startup: Active Setup Log.txt
    O4 - Startup: AdvpackExt.log
    O4 - Startup: Active Setup Log.BAK
    O4 - Startup: AdvpackExt.BAK
    O4 - Startup: IE Setup Log.Txt
    O4 - Startup: Channel Screen Saver.SCR
    O4 - Startup: SUSFAIL.TXT
    O4 - Startup: MDACSET.log
    O4 - Startup: wscript.exe
    O4 - Startup: Bind List Log.txt
    O4 - Startup: vbaddin.ini
    O4 - Startup: od-stnd59.exe
    O4 - Startup: wininit.ini
    O4 - Startup: ST6UNST.000
    O4 - Startup: KPCMS.INI
    O4 - Startup: ICSSetup.Log
    O4 - Startup: winamp.ini
    O4 - Startup: unvise32qt.exe
    O4 - Startup: TWUNK003.MTX
    O4 - Startup: COMMAND.PIF
    O4 - Startup: hosts
    O4 - Startup: $_hpcst$.hpc
    O4 - Startup: MUSICMAN.INI
    O4 - Startup: GLIDE2X.OVL
    O4 - Startup: CTREC.INI
    O4 - Startup: MSVCRT.DLL
    O4 - Startup: IsUn0412.exe
    O4 - Startup: screengenie.scr
    O4 - Startup: WMSysPrx.prx
    O4 - Startup: unacc.exe
    O4 - Startup: QTFont.qfn
    O4 - Startup: screengenie.xml
    O4 - Startup: MORPHEUSOS.INI
    O4 - Startup: MORPHEUS.INI
    O4 - Startup: UnGins.exe
    O4 - Startup: Unnero.exe
    O4 - Startup: Unnero.cfg
    O4 - Startup: QTFont.for
    O4 - Startup: twain.dll
    O4 - Startup: .plugin140_01.trace
    O4 - Startup: java.exe
    O4 - Startup: javaw.exe
    O4 - Startup: wmplibrary_v_0_12.db
    O4 - Startup: WININIT.BAK
    O4 - Startup: msvcr70.dll
    O4 - Startup: MSVCP60.DLL
    O4 - Startup: Reg Save Log.txt
    O4 - Startup: ttuninst.exe
    O4 - Startup: wmsetup.log
    O4 - Startup: videoimp.ini
    O4 - Startup: ST6UNST.EXE
    O4 - Startup: yessignCA.pub
    O4 - Startup: Setup1.exe
    O4 - Startup: dvvb.ini
    O4 - Startup: Twain001.Mtx
    O4 - Startup: Twunk002.MTX
    O4 - Startup: yacs.log
    O4 - Startup: Windows Update.log
    O4 - Startup: winmain.exe
    O4 - Startup: od-stnd67.exe
    O4 - Startup: IFinst27.exe
    O4 - Startup: rzSplit.Ini
    O4 - Startup: ShellIconCache
    O4 - Startup: pcconfig.dat
    O4 - Startup: ieuninst.exe
    O4 - Startup: Q330994.exe
    O4 - Startup: loader.exe
    O4 - Startup: CuckooDel.exe
    O4 - Startup: od-asia6.exe
    O4 - Startup: iedll.exe
    O4 - Startup: system.css
    O4 - Startup: RawSex.exe
    O4 - Startup: $$temp$$.hwp
    O4 - Startup: od-stnd236.exe
    O4 - Startup: li-anald00017.exe
    O4 - Startup: flg_tmp
    O4 - Startup: od-stnd257.exe
    O4 - Startup: flg
    O4 - Startup: SetupPestPatrolBeta.mif
    O4 - Startup: IEPatchUninstall.log
    O8 - Extra context menu item: ³×À̹ö Áö½ÄiN °Ë»ö - res://C:\PROGRAM FILES\NHN\NAVERJUMP\NAVERJUMP_1_5_1_5.DLL /KBIN.HTML
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O13 - DefaultPrefix: http://193.125.201.50/?trk=
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - http://download.softforum.co.kr/XecureObject/xw50_install.cab
    O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://tjap.bugsmusic.co.kr/setupfile/SetGlb.cab
    O16 - DPF: {64D76536-0173-4873-AEC4-FF0A70DE3781} (BugsPlay Control) - http://tjap.bugsmusic.co.kr/setupfile/bugsplay_115.cab
    O16 - DPF: {C999F4F2-016E-481C-98EF-6D165647434E} (CallMSG Class) - http://www.damoim.net/_lib/MSGCOM_2/DMCallMSG.cab
    O16 - DPF: {C9037B70-F7E2-41D1-98B9-4FAA692529DB} (WebMSG Class) - http://www.damoim.net/_lib/MSGCOM_2/WebMessenger.cab
    O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://www.cjmall.com/initech/plugin/axINIplugin40.cab
    O16 - DPF: Hihome FTP v1 - http://w35.hihome.com/CanPos/upload.cab
    O16 - DPF: {C8B6FBA7-43CA-4466-9EE0-71797CEA00AA} (CuckooRun Control) - http://cdn.dearyou.com/2/cuckoo/cuckoorun.cab
    O16 - DPF: {B5A1E63B-0242-4B7D-B564-8A17538DA241} (DDGClientX Control) - http://www.dearyou.com/ddgClient/DDGClientX.cab
    O16 - DPF: {F256FF53-8057-4F7E-996B-963E27CE5EA1} (PdBox2 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox2.cab
    O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol.com/down/SimFileControl.cab
    O16 - DPF: {B0C9EAC7-BD8C-44AD-B89C-86EDFDAA7C56} (ToonsXYahoo Control) - http://kr.comics.yahoo.com/down/ToonsXYahoo.cab
    O16 - DPF: {E6248D0C-9254-46E9-B97A-3BDB24BAB1BF} (YamChatInstallerCtrl Class) - http://chat.dearyou.com/ocx/YamChatInstaller.cab
    O16 - DPF: {226906C8-B910-11D3-82A3-0000F81A655B} (Mbayactx Control) - http://vs.messagebay.co.kr/mbay/daum/mbayactx.cab
    O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_6.CAB
    O16 - DPF: {E5F55B7A-89D5-4387-B665-43437B3E293D} (X2Run Control) - http://www.x2game.com/Control/X2Run.Cab
    O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} (AutoPatchOCX Control) - http://www.x2game.com/Control/AutoPatchOCX.cab
    O16 - DPF: {4BC4C3E9-2BBB-4F28-A449-D25CD323109B} (HGAgentClient Control) - http://bar.hangame.naver.com/bar/HGAgentClient.cab
    O16 - DPF: {14399F4E-7698-468C-B988-66486085A306} (HgbLauncher Class) - http://down.hangame.com/iservice/messenger/inst/ver1011/launcher.cab
    O16 - DPF: {956C9F5B-0EEB-41B5-9D7B-FAD968AF9469} (HanGamePlugin13 Class) - http://down.hangame.com/dist/activex/HanGamePlugin13.cab
    O16 - DPF: {741509F4-A5F2-478F-A84C-EBEF12041F45} (TvOnline Control) - http://www.everyzone.com/TvOnline/TvOnline.cab
    O16 - DPF: {8C6582F6-F192-4D55-8326-2D742FC4E2A6} (HanGamePlugin14 Class) - http://down.hangame.com/dist/activex/HanGamePlugin14.cab
    O16 - DPF: {93B4395A-3A54-4DEB-ADDA-67052A9E407A} (PhotoJoy Control) - http://www.photojoy.com/EzPicto/PhotoJoyX.cab
    O16 - DPF: {CB78A39D-39B0-41AB-A519-664B15ED58AD} (FileUpload Control) - http://www2.okfoto.co.kr/control/fileupload.cab
    O16 - DPF: {DBCEFBFE-B49D-4D6C-B024-FE1903C0366E} (XBTSessionManager Control) - http://login.bugsmusic.co.kr/reg/cab/XBTSessionManager.CAB
    O16 - DPF: {3283DF90-1733-4A79-B1F5-2D05A8E4D448} (HanGamePlugin15 Class) - http://down.hangame.com/dist/activex/HanGamePlugin15.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/03a70ebb12be5607d205/netzip/RdxIE601.cab
    O16 - DPF: {575594D5-8974-4AFE-9919-8FE4AA687DEF} (Nhnplayer Control) - http://www.wepicast.com/caster/nhnplayerx.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {ED1DE51C-2677-450A-8BC1-764218137696} (Install Class) - http://www.damoim.net/_lib/DMAU.cab
    O16 - DPF: {5E9100DE-8D7C-4C41-A79B-8C18BD114DEC} (NewChatloveDown Control) - http://musiccast.web114.com/arisoocast/NewChatloveDown.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37894.9440972222
     
  2. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Run hijackthis again and put a checkmark against these entries....double check
    in case you miss anything....
    .....then,close all browser and outlook windows and "fix checked"

    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D-00400515CAAA} - (no file)
    O2 - BHO: DWMHelper - {6AAC21F7-0980-40B2-88DC-FC0E1F1F7202} - C:\PROGRA~1\DAMOIM\DWM\DWMHEL~1.DLL
    O3 - Toolbar: ????? - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\PROGRAM FILES\NHN\NAVERJUMP\NAVERJUMP_1_5_1_5.DLL (file missing)
    O4 - HKLM\..\Run: [winmain] winmain.exe

    There are a lot more to "fix" but first lets do this.

    Go here:http://housecall.trendmicro.com/
    and do an no-line A/V scan.

    Download Spybot - Search & Destroy http://www.safer-networking.org/
    After installing, first press Online, and search for, put a check mark at, and install all updates.
    Next, close all IE windows, hit 'Check for Problems', and have SpyBot remove all it marks in red.

    Then.... download Ad-Aware at www.lavasoft.usa.com
    After installing AAW, and before running the program, update by using the Globe icon.
    Shut down and restart Ad-Aware.
    Now press "Scan Now", then 'next', and let Ad-Aware scan your drives.
    It will find a number of "bad" files and registry keys. Click 'Next' again.
    Rightclick in that pane and choose "select all and click 'next'.
    It will ask you whether you'd like to remove all checked items. Click OK.
    Finally, close Ad-Aware, and reboot.

    Post a 2nd hijackthis logfile.

    ;)
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,192
    First Name:
    Derek
    run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

    R3 - Default URLSearchHook is missing
    O2 - BHO: DWMHelper - {6AAC21F7-0980-40B2-88DC-FC0E1F1F7202} - C:\PROGRA~1\DAMOIM\DWM\DWMHEL~1.DLL
    O3 - Toolbar: ????? - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\PROGRAM FILES\NHN\NAVERJUMP\NAVERJUMP_1_5_1_5.DLL (file missing)
    O4 - HKLM\..\Run: [winmain] winmain.exe
    O4 - Startup: WINSOCK.DLL
    O4 - Startup: WIN.INI
    O4 - Startup: HWINFO.EXE
    O4 - Startup: NETDET.INI
    O4 - Startup: BILING.SYS
    O4 - Startup: SUBACK.BIN
    O4 - Startup: W98SETUP.BIN
    O4 - Startup: LICENSE.TXT
    O4 - Startup: SUPPORT.TXT
    O4 - Startup: MPLAYER.EXE
    O4 - Startup: RUNHELP.CAB
    O4 - Startup: JAUTOEXP.DAT
    O4 - Startup: NDDEAPI.DLL
    O4 - Startup: NDDENB.DLL
    O4 - Startup: SCRIPT.DOC
    O4 - Startup: CLSPACK.EXE
    O4 - Startup: DOSREP.EXE
    O4 - Startup: DRWATSON.EXE
    O4 - Startup: EXPLORER.EXE
    O4 - Startup: EXTRAC32.EXE
    O4 - Startup: FONTVIEW.EXE
    O4 - Startup: GRPCONV.EXE
    O4 - Startup: ODBC.INI
    O4 - Startup: ISO10646.EXE
    O4 - Startup: JVIEW.EXE
    O4 - Startup: NETDDE.EXE
    O4 - Startup: PIDSET.EXE
    O4 - Startup: SETDEBUG.EXE
    O4 - Startup: SIGVERIF.EXE
    O4 - Startup: TUNEUP.EXE
    O4 - Startup: UPWIZUN.EXE
    O4 - Startup: WINREP.EXE
    O4 - Startup: WJVIEW.EXE
    O4 - Startup: BACKGRND.GIF
    O4 - Startup: CLOUD.GIF
    O4 - Startup: CONTENT.GIF
    O4 - Startup: HLPBELL.GIF
    O4 - Startup: HLPCD.GIF
    O4 - Startup: HLPGLOBE.GIF
    O4 - Startup: HLPLOGO.GIF
    O4 - Startup: HLPSTEP1.GIF
    O4 - Startup: HLPSTEP2.GIF
    O4 - Startup: HLPSTEP3.GIF
    O4 - Startup: WINLOGO.GIF
    O4 - Startup: HTMLHELP.HTM
    O4 - Startup: README.HTM
    O4 - Startup: READM_01.HTZ
    O4 - Startup: READM_02.HTZ
    O4 - Startup: DOSREP.INI
    O4 - Startup: HTMLHELP.INI
    O4 - Startup: MSDFMAP.INI
    O4 - Startup: SYSTEM.INI
    O4 - Startup: OLDOSAPP.INI
    O4 - Startup: DELUXECD.MDB
    O4 - Startup: DOSPRMPT.PIF
    O4 - Startup: EXPLORER.SCF
    O4 - Startup: ODBCINST.INI
    O4 - Startup: COUNTRY.SYS
    O4 - Startup: CONFIG.TXT
    O4 - Startup: DISPLAY.TXT
    O4 - Startup: FAQ.TXT
    O4 - Startup: GENERAL.TXT
    O4 - Startup: HARDWARE.TXT
    O4 - Startup: MOUSE.TXT
    O4 - Startup: MSDOSDRV.TXT
    O4 - Startup: NETWORK.TXT
    O4 - Startup: PRINTERS.TXT
    O4 - Startup: PROGRAMS.TXT
    O4 - Startup: RECOVER.TXT
    O4 - Startup: TIPS.TXT
    O4 - Startup: REGTLIB.EXE
    O4 - Startup: TELEPHON.INI
    O4 - Startup: MSBATCH.INF
    O4 - Startup: SMARTDRV.EXE
    O4 - Startup: HIMEM.SYS
    O4 - Startup: RAMDRIVE.SYS
    O4 - Startup: HIDCI.DLL
    O4 - Startup: LOGOS.SYS
    O4 - Startup: LOGOW.SYS
    O4 - Startup: 1STBOOT.BMP
    O4 - Startup: ¹°¹æ¿ï.bmp
    O4 - Startup: Æĵ¿.bmp
    O4 - Startup: ¼¼·ÎÁÙ.bmp
    O4 - Startup: ŸÀÏ.bmp
    O4 - Startup: °ËÁ¤ ½û±â.bmp
    O4 - Startup: ä³Î È_¸é º¸È£±â.SCR
    O4 - Startup: WIN.COM
    O4 - Startup: ICSLOG.OLD
    O4 - Startup: MORICONS.DLL
    O4 - Startup: MSOWS412.DLL
    O4 - Startup: WAVEMIX.INI
    O4 - Startup: ACCSTAT.EXE
    O4 - Startup: ASD.EXE
    O4 - Startup: CALC.EXE
    O4 - Startup: CLEANMGR.EXE
    O4 - Startup: CONTROL.EXE
    O4 - Startup: CVT1.EXE
    O4 - Startup: CVTAPLOG.EXE
    O4 - Startup: DEFRAG.EXE
    O4 - Startup: EMM386.EXE
    O4 - Startup: MM2ENT.EXE
    O4 - Startup: NOTEPAD.EXE
    O4 - Startup: PACKAGER.EXE
    O4 - Startup: PBRUSH.EXE
    O4 - Startup: PROGMAN.EXE
    O4 - Startup: REGEDIT.EXE
    O4 - Startup: RG2CATDB.EXE
    O4 - Startup: RUNDLL.EXE
    O4 - Startup: RUNDLL32.EXE
    O4 - Startup: SCANDSKW.EXE
    O4 - Startup: SCANREGW.EXE
    O4 - Startup: CTDEL.INI
    O4 - Startup: SNDREC32.EXE
    O4 - Startup: SNDVOL32.EXE
    O4 - Startup: TASKMAN.EXE
    O4 - Startup: TASKMON.EXE
    O4 - Startup: VCMUI.EXE
    O4 - Startup: WELCOME.EXE
    O4 - Startup: WINFILE.EXE
    O4 - Startup: WINHELP.EXE
    O4 - Startup: WINHLP32.EXE
    O4 - Startup: WININIT.EXE
    O4 - Startup: WINVER.EXE
    O4 - Startup: WRITE.EXE
    O4 - Startup: WUPDMGR.EXE
    O4 - Startup: WINUPD.ICO
    O4 - Startup: IOS.INI
    O4 - Startup: SCANREG.INI
    O4 - Startup: µ¾ÀÚ¸®.bmp
    O4 - Startup: ASPI2HLP.SYS
    O4 - Startup: CMD640X.SYS
    O4 - Startup: CMD640X2.SYS
    O4 - Startup: DBLBUFF.SYS
    O4 - Startup: IFSHLP.SYS
    O4 - Startup: SFCSYNC.TXT
    O4 - Startup: TWAIN.LOG
    O4 - Startup: TWAIN_32.DLL
    O4 - Startup: CDPLAYER.EXE
    O4 - Startup: DIALER.EXE
    O4 - Startup: KODAKIMG.EXE
    O4 - Startup: KODAKPRV.EXE
    O4 - Startup: TOUR98.EXE
    O4 - Startup: TWUNK_16.EXE
    O4 - Startup: TWUNK_32.EXE
    O4 - Startup: SERVICES.TXT
    O4 - Startup: COMMAND.COM
    O4 - Startup: ICSLOG.TXT
    O4 - Startup: POWERPNT.INI
    O4 - Startup: SETVER.EXE
    O4 - Startup: SYSTEM.I~I
    O4 - Startup: WIN
    O4 - Startup: QTW.INI
    O4 - Startup: HWINFO.DAT
    O4 - Startup: CONTROL.INI
    O4 - Startup: NAMSEOK.PWL
    O4 - Startup: MSOFFICE.INI
    O4 - Startup: SYSTEM.CB
    O4 - Startup: WIN386.SWP
    O4 - Startup: NDISLOG.TXT
    O4 - Startup: PROTOCOL.INI
    O4 - Startup: PROTOCOL
    O4 - Startup: SERVICES
    O4 - Startup: SNMPAPI.DLL
    O4 - Startup: NETWORKS
    O4 - Startup: ARP.EXE
    O4 - Startup: FTP.EXE
    O4 - Startup: HOSTS.SAM
    O4 - Startup: LMHOSTS.SAM
    O4 - Startup: NETSTAT.EXE
    O4 - Startup: PING.EXE
    O4 - Startup: ROUTE.EXE
    O4 - Startup: TELNET.EXE
    O4 - Startup: TRACERT.EXE
    O4 - Startup: WINIPCFG.EXE
    O4 - Startup: CTCCW.DLL
    O4 - Startup: IPCONFIG.EXE
    O4 - Startup: NBTSTAT.EXE
    O4 - Startup: INETMIB1.DLL
    O4 - Startup: °ÔÀÓ¿ë MS-DOS ¸ðµå.pif
    O4 - Startup: °ÔÀÓ¿ë MS-DOS ¸ðµå (EMS ¹× XMS Áö¿ø).pif
    O4 - Startup: °ø±â ¹æ¿ï.bmp
    O4 - Startup: ÀÌÁýÆ®.bmp
    O4 - Startup: ¹°¶¼»õ °ÝÀÚ.bmp
    O4 - Startup: »ï°¢Çü.bmp
    O4 - Startup: ÆĶõ ¸®ºª.bmp
    O4 - Startup: ¼³Ä¡.bmp
    O4 - Startup: progman.ini
    O4 - Startup: brndlog.txt
    O4 - Startup: folder.htt
    O4 - Startup: OEWABLog.txt
    O4 - Startup: SchedLog.Txt
    O4 - Startup: Default.sf0
    O4 - Startup: Default.sfc
    O4 - Startup: brndlog.bak
    O4 - Startup: DOSSTART.BAT
    O4 - Startup: uninst.exe
    O4 - Startup: IsUninst.exe
    O4 - Startup: CTDEL.EXE
    O4 - Startup: MSIMGSIZ.DAT
    O4 - Startup: CTDelLau.INI
    O4 - Startup: UnInstall.dll
    O4 - Startup: tmpdelis.bat
    O4 - Startup: CTDelLau.exe
    O4 - Startup: CTRES32.DLL
    O4 - Startup: CTRES.DLL
    O4 - Startup: DEFMIXER.REG
    O4 - Startup: SBWIN.INI
    O4 - Startup: NET.EXE
    O4 - Startup: NET.MSG
    O4 - Startup: NETH.MSG
    O4 - Startup: WINPOPUP.EXE
    O4 - Startup: hh.dat
    O4 - Startup: WININIT.SAV
    O4 - Startup: ctsyn.ini
    O4 - Startup: RunOnceEx Log.txt
    O4 - Startup: wplog.txt
    O4 - Startup: BBDFBADJ
    O4 - Startup: LOADQM.EXE
    O4 - Startup: Directx.log
    O4 - Startup: MODEMDET.TXT
    O4 - Startup: MYTV.INI
    O4 - Startup: IOS.LOG
    O4 - Startup: hh.exe
    O4 - Startup: SYSTEM.DAT
    O4 - Startup: $$TEMP$$.$$$
    O4 - Startup: VIRTUOSA.INI
    O4 - Startup: USER.DAT
    O4 - Startup: gsview32.ini
    O4 - Startup: IE4 Error Log.txt
    O4 - Startup: Internet Explorer ¹è°æ ¹«´Ì.bmp
    O4 - Startup: hpfsched.exe
    O4 - Startup: WORDPAD.INI
    O4 - Startup: PCDLIB32.DLL
    O4 - Startup: Sti_Trace.log
    O4 - Startup: hpfsched.ini
    O4 - Startup: reg.prm
    O4 - Startup: hpinfo.lnk
    O4 - Startup: Active Setup Log.txt
    O4 - Startup: AdvpackExt.log
    O4 - Startup: Active Setup Log.BAK
    O4 - Startup: AdvpackExt.BAK
    O4 - Startup: IE Setup Log.Txt
    O4 - Startup: Channel Screen Saver.SCR
    O4 - Startup: SUSFAIL.TXT
    O4 - Startup: MDACSET.log
    O4 - Startup: wscript.exe
    O4 - Startup: Bind List Log.txt
    O4 - Startup: vbaddin.ini
    O4 - Startup: od-stnd59.exe
    O4 - Startup: wininit.ini
    O4 - Startup: ST6UNST.000
    O4 - Startup: KPCMS.INI
    O4 - Startup: ICSSetup.Log
    O4 - Startup: winamp.ini
    O4 - Startup: unvise32qt.exe
    O4 - Startup: TWUNK003.MTX
    O4 - Startup: COMMAND.PIF
    O4 - Startup: hosts
    O4 - Startup: $_hpcst$.hpc
    O4 - Startup: MUSICMAN.INI
    O4 - Startup: GLIDE2X.OVL
    O4 - Startup: CTREC.INI
    O4 - Startup: MSVCRT.DLL
    O4 - Startup: IsUn0412.exe
    O4 - Startup: screengenie.scr
    O4 - Startup: WMSysPrx.prx
    O4 - Startup: unacc.exe
    O4 - Startup: QTFont.qfn
    O4 - Startup: screengenie.xml
    O4 - Startup: MORPHEUSOS.INI
    O4 - Startup: MORPHEUS.INI
    O4 - Startup: UnGins.exe
    O4 - Startup: Unnero.exe
    O4 - Startup: Unnero.cfg
    O4 - Startup: QTFont.for
    O4 - Startup: twain.dll
    O4 - Startup: .plugin140_01.trace
    O4 - Startup: java.exe
    O4 - Startup: javaw.exe
    O4 - Startup: wmplibrary_v_0_12.db
    O4 - Startup: WININIT.BAK
    O4 - Startup: msvcr70.dll
    O4 - Startup: MSVCP60.DLL
    O4 - Startup: Reg Save Log.txt
    O4 - Startup: ttuninst.exe
    O4 - Startup: wmsetup.log
    O4 - Startup: videoimp.ini
    O4 - Startup: ST6UNST.EXE
    O4 - Startup: yessignCA.pub
    O4 - Startup: Setup1.exe
    O4 - Startup: dvvb.ini
    O4 - Startup: Twain001.Mtx
    O4 - Startup: Twunk002.MTX
    O4 - Startup: yacs.log
    O4 - Startup: Windows Update.log
    O4 - Startup: winmain.exe
    O4 - Startup: od-stnd67.exe
    O4 - Startup: IFinst27.exe
    O4 - Startup: rzSplit.Ini
    O4 - Startup: ShellIconCache
    O4 - Startup: pcconfig.dat
    O4 - Startup: ieuninst.exe
    O4 - Startup: Q330994.exe
    O4 - Startup: loader.exe
    O4 - Startup: CuckooDel.exe
    O4 - Startup: od-asia6.exe
    O4 - Startup: iedll.exe
    O4 - Startup: system.css
    O4 - Startup: RawSex.exe
    O4 - Startup: $$temp$$.hwp
    O4 - Startup: od-stnd236.exe
    O4 - Startup: li-anald00017.exe
    O4 - Startup: flg_tmp
    O4 - Startup: od-stnd257.exe
    O4 - Startup: flg
    O4 - Startup: SetupPestPatrolBeta.mif
    O4 - Startup: IEPatchUninstall.log
    O8 - Extra context menu item: ³×À̹ö Áö½ÄiN °Ë»ö - res://C:\PROGRAM FILES\NHN\NAVERJUMP\NAVERJUMP_1_5_1_5.DLL /KBIN.HTML
    O13 - DefaultPrefix: http://193.125.201.50/?trk=

    All the O16 entries except microsoft/macromedia or any other entry that you KNOW YOU have installed and definitely need or want. ( any of these that are removed will be prompted to be downloaded if needed by a genuine program next time you use the program, so it's perfectly safe to remove any of them)

    download AdAware 6 181
    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

    Then ........

    Make sure the following settings are made and on -------"ON=GREEN"
    From main window :Click "Start" then " Activate in-depth scan"

    then......

    click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

    then.........

    go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and tick "Automaticly try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"

    then...... click "proceed" to save your settings.

    Now to scan it´s just to click the "Scan" button.

    When scan is finished, mark everything for removal and get rid of it.

    then
    Download Spybot - Search & Destroy from http://security.kolla.de

    After installing, first press Online, and search for, put a check mark at, and install all updates.
    Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.


    Run an online antivirus check from at least one of the following sites
    http://security.symantec.com/default.asp?
    http://housecall.trendmicro.com/
    http://www.pandasoftware.com/activescan/
     
  4. nsk

    nsk Thread Starter

    Joined:
    Oct 1, 2003
    Messages:
    2
    Hi. Thanks for the replies guys. I didn't know which instruction to follow so i just did the first instruction said, which is steve's.
    So here is the 2nd log.

    Logfile of HijackThis v1.97.2
    Scan saved at ¿ÀÈÄ 11:45:57, on 03-10-01
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SYSTEM\ICSMGR.EXE
    C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
    C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
    C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\EXIF LAUNCHER\QUICKDCF.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
    C:\PROGRAM FILES\HANMESOFT\MYQUICKFIND\MYQUICKFIND.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    D:\ASHLEY\Àß³ª¿Â°Å\HIJACKTHIS.EXE
    C:\WINDOWS\NOTEPAD.EXE

    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [internat.exe] internat.exe
    O4 - HKLM\..\Run: [·¹Áö½ºÆ®¸® °Ë»ç] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
    O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: WINSOCK.DLL
    O4 - Startup: WIN.INI
    O4 - Startup: HWINFO.EXE
    O4 - Startup: NETDET.INI
    O4 - Startup: BILING.SYS
    O4 - Startup: SUBACK.BIN
    O4 - Startup: W98SETUP.BIN
    O4 - Startup: LICENSE.TXT
    O4 - Startup: SUPPORT.TXT
    O4 - Startup: MPLAYER.EXE
    O4 - Startup: RUNHELP.CAB
    O4 - Startup: JAUTOEXP.DAT
    O4 - Startup: NDDEAPI.DLL
    O4 - Startup: NDDENB.DLL
    O4 - Startup: SCRIPT.DOC
    O4 - Startup: CLSPACK.EXE
    O4 - Startup: DOSREP.EXE
    O4 - Startup: DRWATSON.EXE
    O4 - Startup: EXPLORER.EXE
    O4 - Startup: EXTRAC32.EXE
    O4 - Startup: FONTVIEW.EXE
    O4 - Startup: GRPCONV.EXE
    O4 - Startup: ODBC.INI
    O4 - Startup: ISO10646.EXE
    O4 - Startup: JVIEW.EXE
    O4 - Startup: NETDDE.EXE
    O4 - Startup: PIDSET.EXE
    O4 - Startup: SETDEBUG.EXE
    O4 - Startup: SIGVERIF.EXE
    O4 - Startup: TUNEUP.EXE
    O4 - Startup: UPWIZUN.EXE
    O4 - Startup: WINREP.EXE
    O4 - Startup: WJVIEW.EXE
    O4 - Startup: BACKGRND.GIF
    O4 - Startup: CLOUD.GIF
    O4 - Startup: CONTENT.GIF
    O4 - Startup: HLPBELL.GIF
    O4 - Startup: HLPCD.GIF
    O4 - Startup: HLPGLOBE.GIF
    O4 - Startup: HLPLOGO.GIF
    O4 - Startup: HLPSTEP1.GIF
    O4 - Startup: HLPSTEP2.GIF
    O4 - Startup: HLPSTEP3.GIF
    O4 - Startup: WINLOGO.GIF
    O4 - Startup: HTMLHELP.HTM
    O4 - Startup: README.HTM
    O4 - Startup: READM_01.HTZ
    O4 - Startup: READM_02.HTZ
    O4 - Startup: DOSREP.INI
    O4 - Startup: HTMLHELP.INI
    O4 - Startup: MSDFMAP.INI
    O4 - Startup: SYSTEM.INI
    O4 - Startup: OLDOSAPP.INI
    O4 - Startup: DELUXECD.MDB
    O4 - Startup: DOSPRMPT.PIF
    O4 - Startup: EXPLORER.SCF
    O4 - Startup: ODBCINST.INI
    O4 - Startup: COUNTRY.SYS
    O4 - Startup: CONFIG.TXT
    O4 - Startup: DISPLAY.TXT
    O4 - Startup: FAQ.TXT
    O4 - Startup: GENERAL.TXT
    O4 - Startup: HARDWARE.TXT
    O4 - Startup: MOUSE.TXT
    O4 - Startup: MSDOSDRV.TXT
    O4 - Startup: NETWORK.TXT
    O4 - Startup: PRINTERS.TXT
    O4 - Startup: PROGRAMS.TXT
    O4 - Startup: RECOVER.TXT
    O4 - Startup: TIPS.TXT
    O4 - Startup: REGTLIB.EXE
    O4 - Startup: TELEPHON.INI
    O4 - Startup: MSBATCH.INF
    O4 - Startup: SMARTDRV.EXE
    O4 - Startup: HIMEM.SYS
    O4 - Startup: RAMDRIVE.SYS
    O4 - Startup: HIDCI.DLL
    O4 - Startup: LOGOS.SYS
    O4 - Startup: LOGOW.SYS
    O4 - Startup: 1STBOOT.BMP
    O4 - Startup: ¹°¹æ¿ï.bmp
    O4 - Startup: Æĵ¿.bmp
    O4 - Startup: ¼¼·ÎÁÙ.bmp
    O4 - Startup: ŸÀÏ.bmp
    O4 - Startup: °ËÁ¤ ½û±â.bmp
    O4 - Startup: ä³Î È_¸é º¸È£±â.SCR
    O4 - Startup: WIN.COM
    O4 - Startup: ICSLOG.OLD
    O4 - Startup: MORICONS.DLL
    O4 - Startup: MSOWS412.DLL
    O4 - Startup: WAVEMIX.INI
    O4 - Startup: ACCSTAT.EXE
    O4 - Startup: ASD.EXE
    O4 - Startup: CALC.EXE
    O4 - Startup: CLEANMGR.EXE
    O4 - Startup: CONTROL.EXE
    O4 - Startup: CVT1.EXE
    O4 - Startup: CVTAPLOG.EXE
    O4 - Startup: DEFRAG.EXE
    O4 - Startup: EMM386.EXE
    O4 - Startup: MM2ENT.EXE
    O4 - Startup: NOTEPAD.EXE
    O4 - Startup: PACKAGER.EXE
    O4 - Startup: PBRUSH.EXE
    O4 - Startup: PROGMAN.EXE
    O4 - Startup: REGEDIT.EXE
    O4 - Startup: RG2CATDB.EXE
    O4 - Startup: RUNDLL.EXE
    O4 - Startup: RUNDLL32.EXE
    O4 - Startup: SCANDSKW.EXE
    O4 - Startup: SCANREGW.EXE
    O4 - Startup: CTDEL.INI
    O4 - Startup: SNDREC32.EXE
    O4 - Startup: SNDVOL32.EXE
    O4 - Startup: TASKMAN.EXE
    O4 - Startup: TASKMON.EXE
    O4 - Startup: VCMUI.EXE
    O4 - Startup: WELCOME.EXE
    O4 - Startup: WINFILE.EXE
    O4 - Startup: WINHELP.EXE
    O4 - Startup: WINHLP32.EXE
    O4 - Startup: WININIT.EXE
    O4 - Startup: WINVER.EXE
    O4 - Startup: WRITE.EXE
    O4 - Startup: WUPDMGR.EXE
    O4 - Startup: WINUPD.ICO
    O4 - Startup: IOS.INI
    O4 - Startup: SCANREG.INI
    O4 - Startup: µ¾ÀÚ¸®.bmp
    O4 - Startup: ASPI2HLP.SYS
    O4 - Startup: CMD640X.SYS
    O4 - Startup: CMD640X2.SYS
    O4 - Startup: DBLBUFF.SYS
    O4 - Startup: IFSHLP.SYS
    O4 - Startup: SFCSYNC.TXT
    O4 - Startup: TWAIN.LOG
    O4 - Startup: TWAIN_32.DLL
    O4 - Startup: CDPLAYER.EXE
    O4 - Startup: DIALER.EXE
    O4 - Startup: KODAKIMG.EXE
    O4 - Startup: KODAKPRV.EXE
    O4 - Startup: TOUR98.EXE
    O4 - Startup: TWUNK_16.EXE
    O4 - Startup: TWUNK_32.EXE
    O4 - Startup: SERVICES.TXT
    O4 - Startup: COMMAND.COM
    O4 - Startup: ICSLOG.TXT
    O4 - Startup: POWERPNT.INI
    O4 - Startup: SETVER.EXE
    O4 - Startup: SYSTEM.I~I
    O4 - Startup: WIN
    O4 - Startup: QTW.INI
    O4 - Startup: HWINFO.DAT
    O4 - Startup: CONTROL.INI
    O4 - Startup: NAMSEOK.PWL
    O4 - Startup: MSOFFICE.INI
    O4 - Startup: SYSTEM.CB
    O4 - Startup: WIN386.SWP
    O4 - Startup: NDISLOG.TXT
    O4 - Startup: PATCH.EXE
    O4 - Startup: PROTOCOL.INI
    O4 - Startup: PROTOCOL
    O4 - Startup: SERVICES
    O4 - Startup: SNMPAPI.DLL
    O4 - Startup: NETWORKS
    O4 - Startup: ARP.EXE
    O4 - Startup: FTP.EXE
    O4 - Startup: HOSTS.SAM
    O4 - Startup: LMHOSTS.SAM
    O4 - Startup: NETSTAT.EXE
    O4 - Startup: PING.EXE
    O4 - Startup: ROUTE.EXE
    O4 - Startup: TELNET.EXE
    O4 - Startup: TRACERT.EXE
    O4 - Startup: WINIPCFG.EXE
    O4 - Startup: CTCCW.DLL
    O4 - Startup: IPCONFIG.EXE
    O4 - Startup: NBTSTAT.EXE
    O4 - Startup: INETMIB1.DLL
    O4 - Startup: °ÔÀÓ¿ë MS-DOS ¸ðµå.pif
    O4 - Startup: °ÔÀÓ¿ë MS-DOS ¸ðµå (EMS ¹× XMS Áö¿ø).pif
    O4 - Startup: °ø±â ¹æ¿ï.bmp
    O4 - Startup: ÀÌÁýÆ®.bmp
    O4 - Startup: ¹°¶¼»õ °ÝÀÚ.bmp
    O4 - Startup: »ï°¢Çü.bmp
    O4 - Startup: ÆĶõ ¸®ºª.bmp
    O4 - Startup: ¼³Ä¡.bmp
    O4 - Startup: progman.ini
    O4 - Startup: brndlog.txt
    O4 - Startup: folder.htt
    O4 - Startup: OEWABLog.txt
    O4 - Startup: SchedLog.Txt
    O4 - Startup: Default.sf0
    O4 - Startup: Default.sfc
    O4 - Startup: brndlog.bak
    O4 - Startup: DOSSTART.BAT
    O4 - Startup: uninst.exe
    O4 - Startup: IsUninst.exe
    O4 - Startup: CTDEL.EXE
    O4 - Startup: MSIMGSIZ.DAT
    O4 - Startup: CTDelLau.INI
    O4 - Startup: UnInstall.dll
    O4 - Startup: tmpdelis.bat
    O4 - Startup: CTDelLau.exe
    O4 - Startup: CTRES32.DLL
    O4 - Startup: CTRES.DLL
    O4 - Startup: DEFMIXER.REG
    O4 - Startup: SBWIN.INI
    O4 - Startup: NET.EXE
    O4 - Startup: NET.MSG
    O4 - Startup: NETH.MSG
    O4 - Startup: WINPOPUP.EXE
    O4 - Startup: hh.dat
    O4 - Startup: WININIT.SAV
    O4 - Startup: ctsyn.ini
    O4 - Startup: RunOnceEx Log.txt
    O4 - Startup: wplog.txt
    O4 - Startup: BBDFBADJ
    O4 - Startup: LOADQM.EXE
    O4 - Startup: Directx.log
    O4 - Startup: MODEMDET.TXT
    O4 - Startup: MYTV.INI
    O4 - Startup: IOS.LOG
    O4 - Startup: hh.exe
    O4 - Startup: SYSTEM.DAT
    O4 - Startup: $$TEMP$$.$$$
    O4 - Startup: VIRTUOSA.INI
    O4 - Startup: USER.DAT
    O4 - Startup: gsview32.ini
    O4 - Startup: IE4 Error Log.txt
    O4 - Startup: Internet Explorer ¹è°æ ¹«´Ì.bmp
    O4 - Startup: hpfsched.exe
    O4 - Startup: WORDPAD.INI
    O4 - Startup: PCDLIB32.DLL
    O4 - Startup: Sti_Trace.log
    O4 - Startup: hpfsched.ini
    O4 - Startup: reg.prm
    O4 - Startup: hpinfo.lnk
    O4 - Startup: Active Setup Log.txt
    O4 - Startup: AdvpackExt.log
    O4 - Startup: Active Setup Log.BAK
    O4 - Startup: AdvpackExt.BAK
    O4 - Startup: IE Setup Log.Txt
    O4 - Startup: Channel Screen Saver.SCR
    O4 - Startup: SUSFAIL.TXT
    O4 - Startup: MDACSET.log
    O4 - Startup: wscript.exe
    O4 - Startup: Bind List Log.txt
    O4 - Startup: vbaddin.ini
    O4 - Startup: WININIT.BAK
    O4 - Startup: UNZIP.DLL
    O4 - Startup: ST6UNST.000
    O4 - Startup: KPCMS.INI
    O4 - Startup: ICSSetup.Log
    O4 - Startup: winamp.ini
    O4 - Startup: unvise32qt.exe
    O4 - Startup: TWUNK003.MTX
    O4 - Startup: COMMAND.PIF
    O4 - Startup: hosts
    O4 - Startup: $_hpcst$.hpc
    O4 - Startup: MUSICMAN.INI
    O4 - Startup: GLIDE2X.OVL
    O4 - Startup: CTREC.INI
    O4 - Startup: MSVCRT.DLL
    O4 - Startup: IsUn0412.exe
    O4 - Startup: screengenie.scr
    O4 - Startup: WMSysPrx.prx
    O4 - Startup: unacc.exe
    O4 - Startup: screengenie.xml
    O4 - Startup: MORPHEUSOS.INI
    O4 - Startup: MORPHEUS.INI
    O4 - Startup: UnGins.exe
    O4 - Startup: Unnero.exe
    O4 - Startup: Unnero.cfg
    O4 - Startup: twain.dll
    O4 - Startup: .plugin140_01.trace
    O4 - Startup: java.exe
    O4 - Startup: javaw.exe
    O4 - Startup: wmplibrary_v_0_12.db
    O4 - Startup: TMUPDATE.DLL
    O4 - Startup: msvcr70.dll
    O4 - Startup: MSVCP60.DLL
    O4 - Startup: Reg Save Log.txt
    O4 - Startup: ttuninst.exe
    O4 - Startup: wmsetup.log
    O4 - Startup: videoimp.ini
    O4 - Startup: ST6UNST.EXE
    O4 - Startup: yessignCA.pub
    O4 - Startup: MEMBOOT.DLL
    O4 - Startup: Setup1.exe
    O4 - Startup: dvvb.ini
    O4 - Startup: Twain001.Mtx
    O4 - Startup: Twunk002.MTX
    O4 - Startup: yacs.log
    O4 - Startup: Windows Update.log
    O4 - Startup: IFinst27.exe
    O4 - Startup: rzSplit.Ini
    O4 - Startup: ShellIconCache
    O4 - Startup: pcconfig.dat
    O4 - Startup: ieuninst.exe
    O4 - Startup: Q330994.exe
    O4 - Startup: loadhttp.dll
    O4 - Startup: loader.exe
    O4 - Startup: CuckooDel.exe
    O4 - Startup: VPTNFILE.642
    O4 - Startup: od-asia6.exe
    O4 - Startup: iedll.exe
    O4 - Startup: system.css
    O4 - Startup: RawSex.exe
    O4 - Startup: $$temp$$.hwp
    O4 - Startup: od-stnd236.exe
    O4 - Startup: li-anald00017.exe
    O4 - Startup: aucfg.ini
    O4 - Startup: flg_tmp
    O4 - Startup: od-stnd257.exe
    O4 - Startup: flg
    O4 - Startup: SetupPestPatrolBeta.mif
    O4 - Startup: IEPatchUninstall.log
    O4 - Startup: tmupdate.ini
    O4 - Startup: runtsckl.exe
    O4 - Startup: patchw32.dll
    O4 - Startup: GetServer.ini
    O4 - Startup: AuHCcup1.dll
    O4 - Startup: AuHCcup1.ini
    O4 - Startup: lpt$vpn.642
    O4 - Startup: BPM95.dll
    O4 - Startup: vsapi32.dll
    O4 - Startup: HCExtOutput.dll
    O4 - Startup: tsc.exe
    O4 - Startup: TSC.ini
    O4 - Startup: tsc.ptn
    O8 - Extra context menu item: ³×À̹ö Áö½ÄiN °Ë»ö - res://C:\PROGRAM FILES\NHN\NAVERJUMP\NAVERJUMP_1_5_1_5.DLL /KBIN.HTML
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - http://download.softforum.co.kr/XecureObject/xw50_install.cab
    O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://tjap.bugsmusic.co.kr/setupfile/SetGlb.cab
    O16 - DPF: {64D76536-0173-4873-AEC4-FF0A70DE3781} (BugsPlay Control) - http://tjap.bugsmusic.co.kr/setupfile/bugsplay_115.cab
    O16 - DPF: {C999F4F2-016E-481C-98EF-6D165647434E} (CallMSG Class) - http://www.damoim.net/_lib/MSGCOM_2/DMCallMSG.cab
    O16 - DPF: {C9037B70-F7E2-41D1-98B9-4FAA692529DB} (WebMSG Class) - http://www.damoim.net/_lib/MSGCOM_2/WebMessenger.cab
    O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://www.cjmall.com/initech/plugin/axINIplugin40.cab
    O16 - DPF: Hihome FTP v1 - http://w35.hihome.com/CanPos/upload.cab
    O16 - DPF: {C8B6FBA7-43CA-4466-9EE0-71797CEA00AA} (CuckooRun Control) - http://cdn.dearyou.com/2/cuckoo/cuckoorun.cab
    O16 - DPF: {B5A1E63B-0242-4B7D-B564-8A17538DA241} (DDGClientX Control) - http://www.dearyou.com/ddgClient/DDGClientX.cab
    O16 - DPF: {F256FF53-8057-4F7E-996B-963E27CE5EA1} (PdBox2 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox2.cab
    O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol.com/down/SimFileControl.cab
    O16 - DPF: {B0C9EAC7-BD8C-44AD-B89C-86EDFDAA7C56} (ToonsXYahoo Control) - http://kr.comics.yahoo.com/down/ToonsXYahoo.cab
    O16 - DPF: {E6248D0C-9254-46E9-B97A-3BDB24BAB1BF} (YamChatInstallerCtrl Class) - http://chat.dearyou.com/ocx/YamChatInstaller.cab
    O16 - DPF: {226906C8-B910-11D3-82A3-0000F81A655B} (Mbayactx Control) - http://vs.messagebay.co.kr/mbay/daum/mbayactx.cab
    O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_6.CAB
    O16 - DPF: {E5F55B7A-89D5-4387-B665-43437B3E293D} (X2Run Control) - http://www.x2game.com/Control/X2Run.Cab
    O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} (AutoPatchOCX Control) - http://www.x2game.com/Control/AutoPatchOCX.cab
    O16 - DPF: {4BC4C3E9-2BBB-4F28-A449-D25CD323109B} (HGAgentClient Control) - http://bar.hangame.naver.com/bar/HGAgentClient.cab
    O16 - DPF: {14399F4E-7698-468C-B988-66486085A306} (HgbLauncher Class) - http://down.hangame.com/iservice/messenger/inst/ver1011/launcher.cab
    O16 - DPF: {956C9F5B-0EEB-41B5-9D7B-FAD968AF9469} (HanGamePlugin13 Class) - http://down.hangame.com/dist/activex/HanGamePlugin13.cab
    O16 - DPF: {741509F4-A5F2-478F-A84C-EBEF12041F45} (TvOnline Control) - http://www.everyzone.com/TvOnline/TvOnline.cab
    O16 - DPF: {8C6582F6-F192-4D55-8326-2D742FC4E2A6} (HanGamePlugin14 Class) - http://down.hangame.com/dist/activex/HanGamePlugin14.cab
    O16 - DPF: {93B4395A-3A54-4DEB-ADDA-67052A9E407A} (PhotoJoy Control) - http://www.photojoy.com/EzPicto/PhotoJoyX.cab
    O16 - DPF: {CB78A39D-39B0-41AB-A519-664B15ED58AD} (FileUpload Control) - http://www2.okfoto.co.kr/control/fileupload.cab
    O16 - DPF: {DBCEFBFE-B49D-4D6C-B024-FE1903C0366E} (XBTSessionManager Control) - http://login.bugsmusic.co.kr/reg/cab/XBTSessionManager.CAB
    O16 - DPF: {3283DF90-1733-4A79-B1F5-2D05A8E4D448} (HanGamePlugin15 Class) - http://down.hangame.com/dist/activex/HanGamePlugin15.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/03a70ebb12be5607d205/netzip/RdxIE601.cab
    O16 - DPF: {575594D5-8974-4AFE-9919-8FE4AA687DEF} (Nhnplayer Control) - http://www.wepicast.com/caster/nhnplayerx.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {ED1DE51C-2677-450A-8BC1-764218137696} (Install Class) - http://www.damoim.net/_lib/DMAU.cab
    O16 - DPF: {5E9100DE-8D7C-4C41-A79B-8C18BD114DEC} (NewChatloveDown Control) - http://musiccast.web114.com/arisoocast/NewChatloveDown.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37894.9440972222
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (PC-cillin HouseCall
    O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\SYSTEM\urlmon.dll
     
  5. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Actually Dereks advice was sound enough.........I just wanted to see if Adaware and spybot would recoginse and take out any of the O4`s.

    Check and "fix" all these:

    O4 - Startup: WINSOCK.DLL
    O4 - Startup: WIN.INI
    O4 - Startup: HWINFO.EXE
    O4 - Startup: NETDET.INI
    O4 - Startup: BILING.SYS
    O4 - Startup: SUBACK.BIN
    O4 - Startup: W98SETUP.BIN
    O4 - Startup: LICENSE.TXT
    O4 - Startup: SUPPORT.TXT
    O4 - Startup: MPLAYER.EXE
    O4 - Startup: RUNHELP.CAB
    O4 - Startup: JAUTOEXP.DAT
    O4 - Startup: NDDEAPI.DLL
    O4 - Startup: NDDENB.DLL
    O4 - Startup: SCRIPT.DOC
    O4 - Startup: CLSPACK.EXE
    O4 - Startup: DOSREP.EXE
    O4 - Startup: DRWATSON.EXE
    O4 - Startup: EXPLORER.EXE
    O4 - Startup: EXTRAC32.EXE
    O4 - Startup: FONTVIEW.EXE
    O4 - Startup: GRPCONV.EXE
    O4 - Startup: ODBC.INI
    O4 - Startup: ISO10646.EXE
    O4 - Startup: JVIEW.EXE
    O4 - Startup: NETDDE.EXE
    O4 - Startup: PIDSET.EXE
    O4 - Startup: SETDEBUG.EXE
    O4 - Startup: SIGVERIF.EXE
    O4 - Startup: TUNEUP.EXE
    O4 - Startup: UPWIZUN.EXE
    O4 - Startup: WINREP.EXE
    O4 - Startup: WJVIEW.EXE
    O4 - Startup: BACKGRND.GIF
    O4 - Startup: CLOUD.GIF
    O4 - Startup: CONTENT.GIF
    O4 - Startup: HLPBELL.GIF
    O4 - Startup: HLPCD.GIF
    O4 - Startup: HLPGLOBE.GIF
    O4 - Startup: HLPLOGO.GIF
    O4 - Startup: HLPSTEP1.GIF
    O4 - Startup: HLPSTEP2.GIF
    O4 - Startup: HLPSTEP3.GIF
    O4 - Startup: WINLOGO.GIF
    O4 - Startup: HTMLHELP.HTM
    O4 - Startup: README.HTM
    O4 - Startup: READM_01.HTZ
    O4 - Startup: READM_02.HTZ
    O4 - Startup: DOSREP.INI
    O4 - Startup: HTMLHELP.INI
    O4 - Startup: MSDFMAP.INI
    O4 - Startup: SYSTEM.INI
    O4 - Startup: OLDOSAPP.INI
    O4 - Startup: DELUXECD.MDB
    O4 - Startup: DOSPRMPT.PIF
    O4 - Startup: EXPLORER.SCF
    O4 - Startup: ODBCINST.INI
    O4 - Startup: COUNTRY.SYS
    O4 - Startup: CONFIG.TXT
    O4 - Startup: DISPLAY.TXT
    O4 - Startup: FAQ.TXT
    O4 - Startup: GENERAL.TXT
    O4 - Startup: HARDWARE.TXT
    O4 - Startup: MOUSE.TXT
    O4 - Startup: MSDOSDRV.TXT
    O4 - Startup: NETWORK.TXT
    O4 - Startup: PRINTERS.TXT
    O4 - Startup: PROGRAMS.TXT
    O4 - Startup: RECOVER.TXT
    O4 - Startup: TIPS.TXT
    O4 - Startup: REGTLIB.EXE
    O4 - Startup: TELEPHON.INI
    O4 - Startup: MSBATCH.INF
    O4 - Startup: SMARTDRV.EXE
    O4 - Startup: HIMEM.SYS
    O4 - Startup: RAMDRIVE.SYS
    O4 - Startup: HIDCI.DLL
    O4 - Startup: LOGOS.SYS
    O4 - Startup: LOGOW.SYS
    O4 - Startup: 1STBOOT.BMP
    O4 - Startup: ¹°¹æ¿ï.bmp
    O4 - Startup: Æĵ¿.bmp
    O4 - Startup: ¼¼·ÎÁÙ.bmp
    O4 - Startup: ŸÀÏ.bmp
    O4 - Startup: °ËÁ¤ ½û±â.bmp
    O4 - Startup: ä³Î È_¸é º¸È£±â.SCR
    O4 - Startup: WIN.COM
    O4 - Startup: ICSLOG.OLD
    O4 - Startup: MORICONS.DLL
    O4 - Startup: MSOWS412.DLL
    O4 - Startup: WAVEMIX.INI
    O4 - Startup: ACCSTAT.EXE
    O4 - Startup: ASD.EXE
    O4 - Startup: CALC.EXE
    O4 - Startup: CLEANMGR.EXE
    O4 - Startup: CONTROL.EXE
    O4 - Startup: CVT1.EXE
    O4 - Startup: CVTAPLOG.EXE
    O4 - Startup: DEFRAG.EXE
    O4 - Startup: EMM386.EXE
    O4 - Startup: MM2ENT.EXE
    O4 - Startup: NOTEPAD.EXE
    O4 - Startup: PACKAGER.EXE
    O4 - Startup: PBRUSH.EXE
    O4 - Startup: PROGMAN.EXE
    O4 - Startup: REGEDIT.EXE
    O4 - Startup: RG2CATDB.EXE
    O4 - Startup: RUNDLL.EXE
    O4 - Startup: RUNDLL32.EXE
    O4 - Startup: SCANDSKW.EXE
    O4 - Startup: SCANREGW.EXE
    O4 - Startup: CTDEL.INI
    O4 - Startup: SNDREC32.EXE
    O4 - Startup: SNDVOL32.EXE
    O4 - Startup: TASKMAN.EXE
    O4 - Startup: TASKMON.EXE
    O4 - Startup: VCMUI.EXE
    O4 - Startup: WELCOME.EXE
    O4 - Startup: WINFILE.EXE
    O4 - Startup: WINHELP.EXE
    O4 - Startup: WINHLP32.EXE
    O4 - Startup: WININIT.EXE
    O4 - Startup: WINVER.EXE
    O4 - Startup: WRITE.EXE
    O4 - Startup: WUPDMGR.EXE
    O4 - Startup: WINUPD.ICO
    O4 - Startup: IOS.INI
    O4 - Startup: SCANREG.INI
    O4 - Startup: µ¾ÀÚ¸®.bmp
    O4 - Startup: ASPI2HLP.SYS
    O4 - Startup: CMD640X.SYS
    O4 - Startup: CMD640X2.SYS
    O4 - Startup: DBLBUFF.SYS
    O4 - Startup: IFSHLP.SYS
    O4 - Startup: SFCSYNC.TXT
    O4 - Startup: TWAIN.LOG
    O4 - Startup: TWAIN_32.DLL
    O4 - Startup: CDPLAYER.EXE
    O4 - Startup: DIALER.EXE
    O4 - Startup: KODAKIMG.EXE
    O4 - Startup: KODAKPRV.EXE
    O4 - Startup: TOUR98.EXE
    O4 - Startup: TWUNK_16.EXE
    O4 - Startup: TWUNK_32.EXE
    O4 - Startup: SERVICES.TXT
    O4 - Startup: COMMAND.COM
    O4 - Startup: ICSLOG.TXT
    O4 - Startup: POWERPNT.INI
    O4 - Startup: SETVER.EXE
    O4 - Startup: SYSTEM.I~I
    O4 - Startup: WIN
    O4 - Startup: QTW.INI
    O4 - Startup: HWINFO.DAT
    O4 - Startup: CONTROL.INI
    O4 - Startup: NAMSEOK.PWL
    O4 - Startup: MSOFFICE.INI
    O4 - Startup: SYSTEM.CB
    O4 - Startup: WIN386.SWP
    O4 - Startup: NDISLOG.TXT
    O4 - Startup: PROTOCOL.INI
    O4 - Startup: PROTOCOL
    O4 - Startup: SERVICES
    O4 - Startup: SNMPAPI.DLL
    O4 - Startup: NETWORKS
    O4 - Startup: ARP.EXE
    O4 - Startup: FTP.EXE
    O4 - Startup: HOSTS.SAM
    O4 - Startup: LMHOSTS.SAM
    O4 - Startup: NETSTAT.EXE
    O4 - Startup: PING.EXE
    O4 - Startup: ROUTE.EXE
    O4 - Startup: TELNET.EXE
    O4 - Startup: TRACERT.EXE
    O4 - Startup: WINIPCFG.EXE
    O4 - Startup: CTCCW.DLL
    O4 - Startup: IPCONFIG.EXE
    O4 - Startup: NBTSTAT.EXE
    O4 - Startup: INETMIB1.DLL
    O4 - Startup: °ÔÀÓ¿ë MS-DOS ¸ðµå.pif
    O4 - Startup: °ÔÀÓ¿ë MS-DOS ¸ðµå (EMS ¹× XMS Áö¿ø).pif
    O4 - Startup: °ø±â ¹æ¿ï.bmp
    O4 - Startup: ÀÌÁýÆ®.bmp
    O4 - Startup: ¹°¶¼»õ °ÝÀÚ.bmp
    O4 - Startup: »ï°¢Çü.bmp
    O4 - Startup: ÆĶõ ¸®ºª.bmp
    O4 - Startup: ¼³Ä¡.bmp
    O4 - Startup: progman.ini
    O4 - Startup: brndlog.txt
    O4 - Startup: folder.htt
    O4 - Startup: OEWABLog.txt
    O4 - Startup: SchedLog.Txt
    O4 - Startup: Default.sf0
    O4 - Startup: Default.sfc
    O4 - Startup: brndlog.bak
    O4 - Startup: DOSSTART.BAT
    O4 - Startup: uninst.exe
    O4 - Startup: IsUninst.exe
    O4 - Startup: CTDEL.EXE
    O4 - Startup: MSIMGSIZ.DAT
    O4 - Startup: CTDelLau.INI
    O4 - Startup: UnInstall.dll
    O4 - Startup: tmpdelis.bat
    O4 - Startup: CTDelLau.exe
    O4 - Startup: CTRES32.DLL
    O4 - Startup: CTRES.DLL
    O4 - Startup: DEFMIXER.REG
    O4 - Startup: SBWIN.INI
    O4 - Startup: NET.EXE
    O4 - Startup: NET.MSG
    O4 - Startup: NETH.MSG
    O4 - Startup: WINPOPUP.EXE
    O4 - Startup: hh.dat
    O4 - Startup: WININIT.SAV
    O4 - Startup: ctsyn.ini
    O4 - Startup: RunOnceEx Log.txt
    O4 - Startup: wplog.txt
    O4 - Startup: BBDFBADJ
    O4 - Startup: LOADQM.EXE
    O4 - Startup: Directx.log
    O4 - Startup: MODEMDET.TXT
    O4 - Startup: MYTV.INI
    O4 - Startup: IOS.LOG
    O4 - Startup: hh.exe
    O4 - Startup: SYSTEM.DAT
    O4 - Startup: $$TEMP$$.$$$
    O4 - Startup: VIRTUOSA.INI
    O4 - Startup: USER.DAT
    O4 - Startup: gsview32.ini
    O4 - Startup: IE4 Error Log.txt
    O4 - Startup: Internet Explorer ¹è°æ ¹«´Ì.bmp
    O4 - Startup: hpfsched.exe
    O4 - Startup: WORDPAD.INI
    O4 - Startup: PCDLIB32.DLL
    O4 - Startup: Sti_Trace.log
    O4 - Startup: hpfsched.ini
    O4 - Startup: reg.prm
    O4 - Startup: hpinfo.lnk
    O4 - Startup: Active Setup Log.txt
    O4 - Startup: AdvpackExt.log
    O4 - Startup: Active Setup Log.BAK
    O4 - Startup: AdvpackExt.BAK
    O4 - Startup: IE Setup Log.Txt
    O4 - Startup: Channel Screen Saver.SCR
    O4 - Startup: SUSFAIL.TXT
    O4 - Startup: MDACSET.log
    O4 - Startup: wscript.exe
    O4 - Startup: Bind List Log.txt
    O4 - Startup: vbaddin.ini
    O4 - Startup: od-stnd59.exe
    O4 - Startup: wininit.ini
    O4 - Startup: ST6UNST.000
    O4 - Startup: KPCMS.INI
    O4 - Startup: ICSSetup.Log
    O4 - Startup: winamp.ini
    O4 - Startup: unvise32qt.exe
    O4 - Startup: TWUNK003.MTX
    O4 - Startup: COMMAND.PIF
    O4 - Startup: hosts
    O4 - Startup: $_hpcst$.hpc
    O4 - Startup: MUSICMAN.INI
    O4 - Startup: GLIDE2X.OVL
    O4 - Startup: CTREC.INI
    O4 - Startup: MSVCRT.DLL
    O4 - Startup: IsUn0412.exe
    O4 - Startup: screengenie.scr
    O4 - Startup: WMSysPrx.prx
    O4 - Startup: unacc.exe
    O4 - Startup: QTFont.qfn
    O4 - Startup: screengenie.xml
    O4 - Startup: MORPHEUSOS.INI
    O4 - Startup: MORPHEUS.INI
    O4 - Startup: UnGins.exe
    O4 - Startup: Unnero.exe
    O4 - Startup: Unnero.cfg
    O4 - Startup: QTFont.for
    O4 - Startup: twain.dll
    O4 - Startup: .plugin140_01.trace
    O4 - Startup: java.exe
    O4 - Startup: javaw.exe
    O4 - Startup: wmplibrary_v_0_12.db
    O4 - Startup: WININIT.BAK
    O4 - Startup: msvcr70.dll
    O4 - Startup: MSVCP60.DLL
    O4 - Startup: Reg Save Log.txt
    O4 - Startup: ttuninst.exe
    O4 - Startup: wmsetup.log
    O4 - Startup: videoimp.ini
    O4 - Startup: ST6UNST.EXE
    O4 - Startup: yessignCA.pub
    O4 - Startup: Setup1.exe
    O4 - Startup: dvvb.ini
    O4 - Startup: Twain001.Mtx
    O4 - Startup: Twunk002.MTX
    O4 - Startup: yacs.log
    O4 - Startup: Windows Update.log
    O4 - Startup: winmain.exe
    O4 - Startup: od-stnd67.exe
    O4 - Startup: IFinst27.exe
    O4 - Startup: rzSplit.Ini
    O4 - Startup: ShellIconCache
    O4 - Startup: pcconfig.dat
    O4 - Startup: ieuninst.exe
    O4 - Startup: Q330994.exe
    O4 - Startup: loader.exe
    O4 - Startup: CuckooDel.exe
    O4 - Startup: od-asia6.exe
    O4 - Startup: iedll.exe
    O4 - Startup: system.css
    O4 - Startup: RawSex.exe
    O4 - Startup: $$temp$$.hwp
    O4 - Startup: od-stnd236.exe
    O4 - Startup: li-anald00017.exe
    O4 - Startup: flg_tmp
    O4 - Startup: od-stnd257.exe
    O4 - Startup: flg
    O4 - Startup: SetupPestPatrolBeta.mif
    O4 - Startup: IEPatchUninstall.log
    O8 - Extra context menu item: ³×À̹ö Áö½ÄiN °Ë»ö - res://C:\PROGRAM FILES\NHN\NAVERJUMP\NAVERJUMP_1_5_1_5.DLL /KBIN.HTML
    O13 - DefaultPrefix: http://193.125.201.50/?trk=


    [Then follow this advice from Derek]
    All the O16 entries except microsoft/macromedia or any other entry that you KNOW YOU have installed and definitely need or want. ( any of these that are removed will be prompted to be downloaded if needed by a genuine program next time you use the program, so it's perfectly safe to remove any of them)

    Good luck

    ;)
     
  6. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    Did you run a remote on-line A-V scan as suggested? Was anything found?

    Did you remove any objects with SB or A-A?

    Please post a new logfile after fixing the objects $teve identified.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/168728

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice