HJT LOG Please Help!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

wanii87

Thread Starter
Joined
Feb 8, 2005
Messages
6
One day i got onto my computer, i am guessing my little brother has been on it before me. Instead of my background a black add comes up talking about spywear and such, so i download some spywhere file but still could not fixm y problem. Now i am stuck with a slow computer, with tons of popups, and a weird background. Please help me. This is the HJT log from the computer.

Logfile of HijackThis v1.99.0
Scan saved at 오후 3:36:31, on 2005-02-08
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\wptcdowk5.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\explorer.exe
C:\windows\system32\kdhckyf.exe
C:\windows\system32\packager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\addrp.exe
C:\WINDOWS\system32\addsx.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\System32\soft.exe
O2 - BHO: (no name) - {292D0772-036A-7892-8765-2D94BD9D4DF5} - (no file)
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: (no name) - {61C02B35-471F-DA49-1C03-CB51CB7EFB82} - (no file)
O2 - BHO: (no name) - {849739C3-1EFC-395C-14E2-41F320943BAC} - C:\WINDOWS\System32\xbjdzgmz.dll
O2 - BHO: (no name) - {C18517DA-CA70-46CE-86F4-882F6B62E975} - C:\PROGRA~1\UBIZNA~1\MyKey\bms.dll
O2 - BHO: (no name) - {CA14850C-FA9C-DE0D-27DA-8BD9DA485F0B} - C:\WINDOWS\ntwn32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [바이닥터] "C:\Program Files\vidr\vidoctor.exe" -auto
O4 - HKLM\..\Run: [winrest] C:\WINDOWS\System32\drivers\user\clsnum.exe
O4 - HKLM\..\Run: [KeyAgent] C:\Program Files\UBizNames\MyKey\keylaunch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [addsx.exe] C:\WINDOWS\system32\addsx.exe
O4 - HKLM\..\Run: [12.tmp] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\12.tmp.exe 1 10001
O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\System32\tibs5.exe
O4 - HKLM\..\Run: [14.tmp] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\14.tmp.exe 0 10001
O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\System32\sm.exe
O4 - HKLM\..\Run: [12.tmp.exe] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\12.tmp.exe 1 10001
O4 - HKLM\..\Run: [14.tmp.exe] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\14.tmp.exe 0 10001
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [qlzbefwc] C:\WINDOWS\System32\qlzbefwc.exe
O4 - HKLM\..\Run: [3.tmp] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\3.tmp.exe 2 10001
O4 - HKLM\..\Run: [3.tmp.exe] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\3.tmp.exe 2 10001
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
O4 - HKLM\..\Run: [kdhckyf] c:\windows\system32\kdhckyf.exe
O4 - HKLM\..\Run: [antiware] c:\windows\system32\eliteuhe32.exe
O4 - HKLM\..\RunOnce: [addrp.exe] C:\WINDOWS\system32\addrp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Amsr] C:\Documents and Settings\준자.F05LXIJ0O2KW5JQ\Application Data\hasl.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Web Service] C:\WINDOWS\System32\sm.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .asp: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.f1organizer.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2****ed.biz
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: v3cab - http://searchmiracle.com/cab/1.cab
O16 - DPF: {0B82117A-74BA-41D6-B2F8-FBB021C87383} (difplayctrl Class) - http://www.freezoom.co.kr/cab/difplay.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {2712EB12-3BD3-4003-8113-D23B30FACC62} (P3BugsLoad Class) - http://player.bugs.co.kr/player/cab/bugsLoader20040625.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - https://www.nexon.com/activex/public_new/nxpm.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {2F745B25-915B-45A4-A80E-5F0CE37709B1} (HanGamePlugin18 Class) - http://down.hangame.com/dist/activex/HanGamePlugin18.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/172a026fd0accf903e05/netzip/RdxIE601.cab
O16 - DPF: {575594D5-8974-4AFE-9919-8FE4AA687DEF} (NhnPlayer Control) - http://realcast.net/player/nhnplayerx.cab
O16 - DPF: {7417F730-7BAB-409E-8BB7-6936D361B869} (MLauncher Class) - http://download.mgame.com/download/cab/mlauncher.cab
O16 - DPF: {7451A3DE-A83D-469D-977B-D7627EEA07DD} (FcCommCtrl.AlbumDropBox) - http://home.freechal.com/etc/FcActivePackage/FcCommCtrl/FcCommCtrl.CAB
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/renderer/mabiweb.2004.6.27.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Published/XecureWeb/v5.4.6.0/xw_install.cab
O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.co.kr/install/mv/p3bvset.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9/dmcc2.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.co.kr/install/bugsLoader20040914.cab
O16 - DPF: {A4CC2CFF-D8DE-481E-81FC-B51186283282} (PZLunch Control) - http://down01.freechal.com/FcVaccine/PCZiggy.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (session Class) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworld.nate.com/ImageUpload/CyImageUpload.cab
O16 - DPF: {B13DB41F-57C0-4260-85B9-6308D6800CFF} (yogijogi Control) - http://www.edongkeydownload.com/yogijogiX.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/bugsLoader20041018.cab
O16 - DPF: {C320CD4A-7977-4FD2-BBB7-9E6CC61837C5} (INIwallet01 Control) - http://plugin.inicis.com/INIwallet01.cab
O16 - DPF: {CCC8B4BB-26CE-4092-8C6A-FDFACACB1783} (Gaga11 Control) - http://www.gaga11.com/gaga11.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://download.netmarble.com/nProtect/nprotect/npx.cab
O16 - DPF: {D68E9D4E-B2D0-467C-985E-D0D341E554D6} (Vidrinst Control) - http://family.vidr.net/activex/vidrinst.cab
O16 - DPF: {DFB64246-00EA-4996-8C31-1F0855BECDDB} (P3WLoader Class) - http://player.bugs.co.kr/player/cab/bugsLoader.cab
O16 - DPF: {ED1DE51C-2677-450A-8BC1-764218137696} (Install Class) - http://www.damoim.net/_lib/DMAU.cab
O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox25.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O23 - Service: ykghyzkckyyk - Unknown - C:\WINDOWS\System32\wptcdowk5.exe
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\system32\addwi32.exe (file missing)



Thank you. :)
wanii87
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi wanii87, Welcome to TSG!! :)

Download this tool
http://www.mvps.org/winhelp2002/DelDomains.inf

Right click on the file and choose install.


Restart in Safe Mode

Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Now click "Apply to all folders", Click "Apply" then "OK"

Now navigate to this folder--> C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp and empty it. Note the folder names are only showing the first 6 letters!

Reboot.


Go here and run the online scan, be sure to check “auto clean” before scanning.
http://housecall.trendmicro.com/


Download Spybot http://www.majorgeeks.com/download.php?det=2471


Click on "Search For updates" When prompted.

Next, close all Internet Explorer windows, and click Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in RED.


Reboot.



Download Adaware SE http://lavasoft.element5.com/software/adaware/

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

From main window: Click Start then under Select a scan Mode tick Perform full system scan.

Next deselect Search for negligible risk entries.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Reboot and post another HJT log for review.
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Try a right click and choose "Save as", save it to your desktop.
 

wanii87

Thread Starter
Joined
Feb 8, 2005
Messages
6
ok i got to the trendmicro scan website, but while scanning it freezes on scanning system files. should i try it on safe mode with network?
 

wanii87

Thread Starter
Joined
Feb 8, 2005
Messages
6
I have gone through every step but sadly the background is still there, well here is the new Log


Logfile of HijackThis v1.99.0
Scan saved at 오후 4:17:58, on 2005-02-12
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\wptcdowk6.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\UBizNames\MyKey\keyservice.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\eDonkey2000\eDonkey2000.exe
C:\WINDOWS\System32\tibs5.exe
C:\WINDOWS\System32\sm.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\System32\hikpsvnj.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\eDonkey2000\eDonkey2000.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\System32\hikpsvnj.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\iinstall.exe
c:\windows\system32\kdhckyf.exe
C:\Program Files\ISTsvc\istsvc.exe
c:\windows\system32\calc.exe
C:\WINDOWS\itqrtkh.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\System32\Xsacfx.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
c:\program files\180solutions\sais.exe
C:\hijackthis\HijackThis.exe
C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\DrTemp\thnall1b.exe
C:\WINDOWS\explorer.exe

R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\System32\soft.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O2 - BHO: (no name) - {292D0772-036A-7892-8765-2D94BD9D4DF5} - (no file)
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: (no name) - {61C02B35-471F-DA49-1C03-CB51CB7EFB82} - (no file)
O2 - BHO: (no name) - {849739C3-1EFC-395C-14E2-41F320943BAC} - (no file)
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\boln.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [바이닥터] "C:\Program Files\vidr\vidoctor.exe" -auto
O4 - HKLM\..\Run: [winrest] C:\WINDOWS\System32\drivers\user\clsnum.exe
O4 - HKLM\..\Run: [KeyAgent] C:\Program Files\UBizNames\MyKey\keylaunch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [12.tmp] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\12.tmp.exe 1 10001
O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\System32\tibs5.exe
O4 - HKLM\..\Run: [14.tmp] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\14.tmp.exe 0 10001
O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\System32\sm.exe
O4 - HKLM\..\Run: [12.tmp.exe] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\12.tmp.exe 1 10001
O4 - HKLM\..\Run: [14.tmp.exe] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\14.tmp.exe 0 10001
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [3.tmp] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\3.tmp.exe 2 10001
O4 - HKLM\..\Run: [3.tmp.exe] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\3.tmp.exe 4 10001
O4 - HKLM\..\Run: [kdhckyf] c:\windows\system32\kdhckyf.exe
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitencu32.exe
O4 - HKLM\..\Run: [hikpsvnj] C:\WINDOWS\System32\hikpsvnj.exe
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [pJPu] C:\WINDOWS\itqrtkh.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Yvmahj.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [fkvgl] C:\WINDOWS\fkvgl.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Xsacfx.exe
O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\djtopr1150.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Amsr] C:\Documents and Settings\준자.F05LXIJ0O2KW5JQ\Application Data\hasl.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Web Service] C:\WINDOWS\System32\sm.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O12 - Plugin for .asp: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.f1organizer.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2****ed.biz
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O16 - DPF: v3cab - http://searchmiracle.com/cab/1.cab
O16 - DPF: {0B82117A-74BA-41D6-B2F8-FBB021C87383} (difplayctrl Class) - http://www.freezoom.co.kr/cab/difplay.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {2712EB12-3BD3-4003-8113-D23B30FACC62} (P3BugsLoad Class) - http://player.bugs.co.kr/player/cab/bugsLoader20040625.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - https://www.nexon.com/activex/public_new/nxpm.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {2F745B25-915B-45A4-A80E-5F0CE37709B1} (HanGamePlugin18 Class) - http://down.hangame.com/dist/activex/HanGamePlugin18.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/172a026fd0accf903e05/netzip/RdxIE601.cab
O16 - DPF: {575594D5-8974-4AFE-9919-8FE4AA687DEF} (NhnPlayer Control) - http://realcast.net/player/nhnplayerx.cab
O16 - DPF: {7417F730-7BAB-409E-8BB7-6936D361B869} (MLauncher Class) - http://download.mgame.com/download/cab/mlauncher.cab
O16 - DPF: {7451A3DE-A83D-469D-977B-D7627EEA07DD} (FcCommCtrl.AlbumDropBox) - http://home.freechal.com/etc/FcActivePackage/FcCommCtrl/FcCommCtrl.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (PC-cillin HouseCall 컨트롤) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/renderer/mabiweb.2004.6.27.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Published/XecureWeb/v5.4.6.0/xw_install.cab
O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.co.kr/install/mv/p3bvset.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9/dmcc2.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.co.kr/install/bugsLoader20040914.cab
O16 - DPF: {A4CC2CFF-D8DE-481E-81FC-B51186283282} (PZLunch Control) - http://down01.freechal.com/FcVaccine/PCZiggy.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (session Class) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworld.nate.com/ImageUpload/CyImageUpload.cab
O16 - DPF: {B13DB41F-57C0-4260-85B9-6308D6800CFF} (yogijogi Control) - http://www.edongkeydownload.com/yogijogiX.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/bugsLoader20041018.cab
O16 - DPF: {C320CD4A-7977-4FD2-BBB7-9E6CC61837C5} (INIwallet01 Control) - http://plugin.inicis.com/INIwallet01.cab
O16 - DPF: {CCC8B4BB-26CE-4092-8C6A-FDFACACB1783} (Gaga11 Control) - http://www.gaga11.com/gaga11.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://download.netmarble.com/nProtect/nprotect/npx.cab
O16 - DPF: {D68E9D4E-B2D0-467C-985E-D0D341E554D6} (Vidrinst Control) - http://family.vidr.net/activex/vidrinst.cab
O16 - DPF: {DFB64246-00EA-4996-8C31-1F0855BECDDB} (P3WLoader Class) - http://player.bugs.co.kr/player/cab/bugsLoader.cab
O16 - DPF: {ED1DE51C-2677-450A-8BC1-764218137696} (Install Class) - http://www.damoim.net/_lib/DMAU.cab
O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox25.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O23 - Service: qrdvsbkkaqxg - Unknown - C:\WINDOWS\System32\wptcdowk6.exe
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Run HJT again and put a check in the following:

R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\System32\soft.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O2 - BHO: (no name) - {292D0772-036A-7892-8765-2D94BD9D4DF5} - (no file)
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: (no name) - {61C02B35-471F-DA49-1C03-CB51CB7EFB82} - (no file)
O2 - BHO: (no name) - {849739C3-1EFC-395C-14E2-41F320943BAC} - (no file)
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\boln.dll
O4 - HKLM\..\Run: [바이닥터] "C:\Program Files\vidr\vidoctor.exe" -auto
O4 - HKLM\..\Run: [winrest] C:\WINDOWS\System32\drivers\user\clsnum.exe
O4 - HKLM\..\Run: [KeyAgent] C:\Program Files\UBizNames\MyKey\keylaunch.exe

O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [12.tmp] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\12.tmp.exe 1 10001
O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\System32\tibs5.exe
O4 - HKLM\..\Run: [14.tmp] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\14.tmp.exe 0 10001
O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\System32\sm.exe
O4 - HKLM\..\Run: [12.tmp.exe] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\12.tmp.exe 1 10001
O4 - HKLM\..\Run: [14.tmp.exe] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\14.tmp.exe 0 10001
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [3.tmp] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\3.tmp.exe 2 10001
O4 - HKLM\..\Run: [3.tmp.exe] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\3.tmp.exe 4 10001
O4 - HKLM\..\Run: [kdhckyf] c:\windows\system32\kdhckyf.exe
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitencu32.exe
O4 - HKLM\..\Run: [hikpsvnj] C:\WINDOWS\System32\hikpsvnj.exe
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [pJPu] C:\WINDOWS\itqrtkh.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Yvmahj.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [fkvgl] C:\WINDOWS\fkvgl.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Xsacfx.exe
O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\djtopr1150.exe"
O4 - HKCU\..\Run: [Amsr] C:\Documents and Settings\준자.F05LXIJ0O2KW5JQ\Application Data\hasl.exe
O4 - HKCU\..\Run: [Web Service] C:\WINDOWS\System32\sm.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.f1organizer.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2****ed.biz
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O16 - DPF: {0B82117A-74BA-41D6-B2F8-FBB021C87383} (difplayctrl Class) - http://www.freezoom.co.kr/cab/difplay.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho...On/AlwaysOn.CAB
O16 - DPF: {2712EB12-3BD3-4003-8113-D23B30FACC62} (P3BugsLoad Class) - http://player.bugs.co.kr/player/cab...der20040625.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - https://www.nexon.com/activex/public_new/nxpm.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/mini...ransporter.cab?
O16 - DPF: {2F745B25-915B-45A4-A80E-5F0CE37709B1} (HanGamePlugin18 Class) - http://down.hangame.com/dist/active...amePlugin18.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/172a026...ip/RdxIE601.cab
O16 - DPF: {575594D5-8974-4AFE-9919-8FE4AA687DEF} (NhnPlayer Control) - http://realcast.net/player/nhnplayerx.cab
O16 - DPF: {7417F730-7BAB-409E-8BB7-6936D361B869} (MLauncher Class) - http://download.mgame.com/download/cab/mlauncher.cab
O16 - DPF: {7451A3DE-A83D-469D-977B-D7627EEA07DD} (FcCommCtrl.AlbumDropBox) - http://home.freechal.com/etc/FcActi.../FcCommCtrl.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (PC-cillin HouseCall 컨트&#47204 - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/rende...b.2004.6.27.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Pub.../xw_install.cab
O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.co.kr/install/mv/p3bvset.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9/dmcc2.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.co.kr/install/bugsLoader20040914.cab
O16 - DPF: {A4CC2CFF-D8DE-481E-81FC-B51186283282} (PZLunch Control) - http://down01.freechal.com/FcVaccine/PCZiggy.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (session Class) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworld.nate.com/Imag...ImageUpload.cab
O16 - DPF: {B13DB41F-57C0-4260-85B9-6308D6800CFF} (yogijogi Control) - http://www.edongkeydownload.com/yogijogiX.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/bugsLoader20041018.cab
O16 - DPF: {C320CD4A-7977-4FD2-BBB7-9E6CC61837C5} (INIwallet01 Control) - http://plugin.inicis.com/INIwallet01.cab
O16 - DPF: {CCC8B4BB-26CE-4092-8C6A-FDFACACB1783} (Gaga11 Control) - http://www.gaga11.com/gaga11.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://download.netmarble.com/nProtect/nprotect/npx.cab
O16 - DPF: {D68E9D4E-B2D0-467C-985E-D0D341E554D6} (Vidrinst Control) - http://family.vidr.net/activex/vidrinst.cab
O16 - DPF: {DFB64246-00EA-4996-8C31-1F0855BECDDB} (P3WLoader Class) - http://player.bugs.co.kr/player/cab/bugsLoader.cab
O16 - DPF: {ED1DE51C-2677-450A-8BC1-764218137696} (Install Class) - http://www.damoim.net/_lib/DMAU.cab
O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox25.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O23 - Service: qrdvsbkkaqxg - Unknown - C:\WINDOWS\System32\wptcdowk6.exe


Close all applications and browser windows before you click "fix checked".

Restart in safe mode

Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders" Click "Apply" then "OK".

Delete these folders:
C:\Program Files\ISTsvc
C:\Program Files\Internet Optimizer
c:\program files\180solutions
C:\Program Files\Power Scan
C:\Program Files\Web_Rebates

Open windows explorer and go to c:\documents and settings\every profile\local settings\temp and empty the folder.

Empty your recycle bin.

Reboot and post another log.
 

wanii87

Thread Starter
Joined
Feb 8, 2005
Messages
6
do you mean only to delete the BOLD letter ones? or all the ones listed above?
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
I forgot to add ... I don't know what the ones in bold are and if you do leave them.
 

wanii87

Thread Starter
Joined
Feb 8, 2005
Messages
6
Now its not as bad as before, couple popups, and for some reason my main background is white, and i cannot right click on it. Im gonna go ahead and run adaware to try and get rid of some pop ups, but is the log before i run it.

Logfile of HijackThis v1.99.0
Scan saved at 오후 11:46:31, on 2005-02-12
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\soft.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\eDonkey2000\eDonkey2000.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\itqrtkh.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe

F3 - REG:win.ini: run=C:\WINDOWS\System32\soft.exe
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O2 - BHO: (no name) - {292D0772-036A-7892-8765-2D94BD9D4DF5} - (no file)
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: (no name) - {61C02B35-471F-DA49-1C03-CB51CB7EFB82} - (no file)
O2 - BHO: (no name) - {849739C3-1EFC-395C-14E2-41F320943BAC} - (no file)
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitekcv32.exe
O4 - HKLM\..\Run: [pJPu] C:\WINDOWS\itqrtkh.exe
O4 - HKLM\..\Run: [KeyAgent] C:\Program Files\UBizNames\MyKey\keylaunch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O12 - Plugin for .asp: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O16 - DPF: v3cab - http://searchmiracle.com/cab/1.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll

Thanks
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top