1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HJT LOG Please Help!

Discussion in 'Virus & Other Malware Removal' started by wanii87, Feb 8, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. wanii87

    wanii87 Thread Starter

    Joined:
    Feb 8, 2005
    Messages:
    6
    One day i got onto my computer, i am guessing my little brother has been on it before me. Instead of my background a black add comes up talking about spywear and such, so i download some spywhere file but still could not fixm y problem. Now i am stuck with a slow computer, with tons of popups, and a weird background. Please help me. This is the HJT log from the computer.

    Logfile of HijackThis v1.99.0
    Scan saved at 오후 3:36:31, on 2005-02-08
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\wptcdowk5.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\WINDOWS\explorer.exe
    C:\windows\system32\kdhckyf.exe
    C:\windows\system32\packager.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\addrp.exe
    C:\WINDOWS\system32\addsx.exe
    C:\WINDOWS\explorer.exe
    C:\hijackthis\HijackThis.exe

    R3 - Default URLSearchHook is missing
    F3 - REG:win.ini: run=C:\WINDOWS\System32\soft.exe
    O2 - BHO: (no name) - {292D0772-036A-7892-8765-2D94BD9D4DF5} - (no file)
    O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
    O2 - BHO: (no name) - {61C02B35-471F-DA49-1C03-CB51CB7EFB82} - (no file)
    O2 - BHO: (no name) - {849739C3-1EFC-395C-14E2-41F320943BAC} - C:\WINDOWS\System32\xbjdzgmz.dll
    O2 - BHO: (no name) - {C18517DA-CA70-46CE-86F4-882F6B62E975} - C:\PROGRA~1\UBIZNA~1\MyKey\bms.dll
    O2 - BHO: (no name) - {CA14850C-FA9C-DE0D-27DA-8BD9DA485F0B} - C:\WINDOWS\ntwn32.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [바이닥터] "C:\Program Files\vidr\vidoctor.exe" -auto
    O4 - HKLM\..\Run: [winrest] C:\WINDOWS\System32\drivers\user\clsnum.exe
    O4 - HKLM\..\Run: [KeyAgent] C:\Program Files\UBizNames\MyKey\keylaunch.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
    O4 - HKLM\..\Run: [addsx.exe] C:\WINDOWS\system32\addsx.exe
    O4 - HKLM\..\Run: [12.tmp] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\12.tmp.exe 1 10001
    O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\System32\tibs5.exe
    O4 - HKLM\..\Run: [14.tmp] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\14.tmp.exe 0 10001
    O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\System32\sm.exe
    O4 - HKLM\..\Run: [12.tmp.exe] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\12.tmp.exe 1 10001
    O4 - HKLM\..\Run: [14.tmp.exe] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\14.tmp.exe 0 10001
    O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
    O4 - HKLM\..\Run: [qlzbefwc] C:\WINDOWS\System32\qlzbefwc.exe
    O4 - HKLM\..\Run: [3.tmp] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\3.tmp.exe 2 10001
    O4 - HKLM\..\Run: [3.tmp.exe] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\3.tmp.exe 2 10001
    O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
    O4 - HKLM\..\Run: [kdhckyf] c:\windows\system32\kdhckyf.exe
    O4 - HKLM\..\Run: [antiware] c:\windows\system32\eliteuhe32.exe
    O4 - HKLM\..\RunOnce: [addrp.exe] C:\WINDOWS\system32\addrp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Amsr] C:\Documents and Settings\준자.F05LXIJ0O2KW5JQ\Application Data\hasl.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Web Service] C:\WINDOWS\System32\sm.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O12 - Plugin for .asp: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.addictivetechnologies.com
    O15 - Trusted Zone: *.addictivetechnologies.net
    O15 - Trusted Zone: *.admin2cash.biz
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.bettersearch.biz
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.c4tdownload.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.f1organizer.com
    O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.iframe.biz
    O15 - Trusted Zone: *.megapornix.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.newiframe.biz
    O15 - Trusted Zone: *.overpro.com
    O15 - Trusted Zone: *.pizdato.biz
    O15 - Trusted Zone: *.private-dialer.biz
    O15 - Trusted Zone: *.private-iframe.biz
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.sp2admin.biz
    O15 - Trusted Zone: *.sp2****ed.biz
    O15 - Trusted Zone: *.vse-moe.biz
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.ysbweb.com
    O15 - Trusted Zone: *.05p.com (HKLM)
    O15 - Trusted Zone: *.awmdabest.com (HKLM)
    O15 - Trusted Zone: *.blazefind.com (HKLM)
    O15 - Trusted Zone: *.clickspring.net (HKLM)
    O15 - Trusted Zone: *.flingstone.com (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.my-internet.info (HKLM)
    O15 - Trusted Zone: *.scoobidoo.com (HKLM)
    O15 - Trusted Zone: *.searchbarcash.com (HKLM)
    O15 - Trusted Zone: *.searchmiracle.com (HKLM)
    O15 - Trusted Zone: *.slotch.com (HKLM)
    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
    O15 - Trusted IP range: 206.161.125.149
    O15 - Trusted IP range: 206.161.125.149 (HKLM)
    O16 - DPF: v3cab - http://searchmiracle.com/cab/1.cab
    O16 - DPF: {0B82117A-74BA-41D6-B2F8-FBB021C87383} (difplayctrl Class) - http://www.freezoom.co.kr/cab/difplay.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
    O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
    O16 - DPF: {2712EB12-3BD3-4003-8113-D23B30FACC62} (P3BugsLoad Class) - http://player.bugs.co.kr/player/cab/bugsLoader20040625.cab
    O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - https://www.nexon.com/activex/public_new/nxpm.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {2F745B25-915B-45A4-A80E-5F0CE37709B1} (HanGamePlugin18 Class) - http://down.hangame.com/dist/activex/HanGamePlugin18.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/172a026fd0accf903e05/netzip/RdxIE601.cab
    O16 - DPF: {575594D5-8974-4AFE-9919-8FE4AA687DEF} (NhnPlayer Control) - http://realcast.net/player/nhnplayerx.cab
    O16 - DPF: {7417F730-7BAB-409E-8BB7-6936D361B869} (MLauncher Class) - http://download.mgame.com/download/cab/mlauncher.cab
    O16 - DPF: {7451A3DE-A83D-469D-977B-D7627EEA07DD} (FcCommCtrl.AlbumDropBox) - http://home.freechal.com/etc/FcActivePackage/FcCommCtrl/FcCommCtrl.CAB
    O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/renderer/mabiweb.2004.6.27.cab
    O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
    O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Published/XecureWeb/v5.4.6.0/xw_install.cab
    O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.co.kr/install/mv/p3bvset.cab
    O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
    O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9/dmcc2.cab
    O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
    O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.co.kr/install/bugsLoader20040914.cab
    O16 - DPF: {A4CC2CFF-D8DE-481E-81FC-B51186283282} (PZLunch Control) - http://down01.freechal.com/FcVaccine/PCZiggy.cab
    O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (session Class) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
    O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworld.nate.com/ImageUpload/CyImageUpload.cab
    O16 - DPF: {B13DB41F-57C0-4260-85B9-6308D6800CFF} (yogijogi Control) - http://www.edongkeydownload.com/yogijogiX.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/bugsLoader20041018.cab
    O16 - DPF: {C320CD4A-7977-4FD2-BBB7-9E6CC61837C5} (INIwallet01 Control) - http://plugin.inicis.com/INIwallet01.cab
    O16 - DPF: {CCC8B4BB-26CE-4092-8C6A-FDFACACB1783} (Gaga11 Control) - http://www.gaga11.com/gaga11.cab
    O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://download.netmarble.com/nProtect/nprotect/npx.cab
    O16 - DPF: {D68E9D4E-B2D0-467C-985E-D0D341E554D6} (Vidrinst Control) - http://family.vidr.net/activex/vidrinst.cab
    O16 - DPF: {DFB64246-00EA-4996-8C31-1F0855BECDDB} (P3WLoader Class) - http://player.bugs.co.kr/player/cab/bugsLoader.cab
    O16 - DPF: {ED1DE51C-2677-450A-8BC1-764218137696} (Install Class) - http://www.damoim.net/_lib/DMAU.cab
    O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox25.cab
    O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
    O23 - Service: ykghyzkckyyk - Unknown - C:\WINDOWS\System32\wptcdowk5.exe
    O23 - Service: Network Security Service - Unknown - C:\WINDOWS\system32\addwi32.exe (file missing)



    Thank you. :)
    wanii87
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi wanii87, Welcome to TSG!! :)

    Download this tool
    http://www.mvps.org/winhelp2002/DelDomains.inf

    Right click on the file and choose install.


    Restart in Safe Mode

    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
    Make sure that "Show hidden files and folders" is checked.
    Also uncheck "Hide protected operating system files".
    Now click "Apply to all folders", Click "Apply" then "OK"

    Now navigate to this folder--> C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp and empty it. Note the folder names are only showing the first 6 letters!

    Reboot.


    Go here and run the online scan, be sure to check “auto clean” before scanning.
    http://housecall.trendmicro.com/


    Download Spybot http://www.majorgeeks.com/download.php?det=2471


    Click on "Search For updates" When prompted.

    Next, close all Internet Explorer windows, and click Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in RED.


    Reboot.



    Download Adaware SE http://lavasoft.element5.com/software/adaware/

    Install the program and launch it.

    First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

    From main window: Click Start then under Select a scan Mode tick Perform full system scan.

    Next deselect Search for negligible risk entries.

    Now to scan just click the Next button.

    When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

    Reboot and post another HJT log for review.
     
  3. wanii87

    wanii87 Thread Starter

    Joined:
    Feb 8, 2005
    Messages:
    6
    When i try clicking onto the first link, nothing pops up or anyting
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Try a right click and choose "Save as", save it to your desktop.
     
  5. wanii87

    wanii87 Thread Starter

    Joined:
    Feb 8, 2005
    Messages:
    6
    ok i got to the trendmicro scan website, but while scanning it freezes on scanning system files. should i try it on safe mode with network?
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Sure give that a try.
     
  7. wanii87

    wanii87 Thread Starter

    Joined:
    Feb 8, 2005
    Messages:
    6
    I have gone through every step but sadly the background is still there, well here is the new Log


    Logfile of HijackThis v1.99.0
    Scan saved at 오후 4:17:58, on 2005-02-12
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\wptcdowk6.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\UBizNames\MyKey\keyservice.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\eDonkey2000\eDonkey2000.exe
    C:\WINDOWS\System32\tibs5.exe
    C:\WINDOWS\System32\sm.exe
    C:\WINDOWS\isrvs\desktop.exe
    C:\WINDOWS\System32\hikpsvnj.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\WINDOWS\System32\imapi.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\eDonkey2000\eDonkey2000.exe
    C:\WINDOWS\isrvs\desktop.exe
    C:\WINDOWS\System32\hikpsvnj.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\iinstall.exe
    c:\windows\system32\kdhckyf.exe
    C:\Program Files\ISTsvc\istsvc.exe
    c:\windows\system32\calc.exe
    C:\WINDOWS\itqrtkh.exe
    C:\Program Files\Internet Optimizer\optimize.exe
    C:\WINDOWS\System32\Xsacfx.exe
    C:\Program Files\Web_Rebates\WebRebates1.exe
    C:\Program Files\Web_Rebates\WebRebates0.exe
    c:\program files\180solutions\sais.exe
    C:\hijackthis\HijackThis.exe
    C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\DrTemp\thnall1b.exe
    C:\WINDOWS\explorer.exe

    R3 - Default URLSearchHook is missing
    F3 - REG:win.ini: run=C:\WINDOWS\System32\soft.exe
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
    O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
    O2 - BHO: (no name) - {292D0772-036A-7892-8765-2D94BD9D4DF5} - (no file)
    O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
    O2 - BHO: (no name) - {61C02B35-471F-DA49-1C03-CB51CB7EFB82} - (no file)
    O2 - BHO: (no name) - {849739C3-1EFC-395C-14E2-41F320943BAC} - (no file)
    O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\boln.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [바이닥터] "C:\Program Files\vidr\vidoctor.exe" -auto
    O4 - HKLM\..\Run: [winrest] C:\WINDOWS\System32\drivers\user\clsnum.exe
    O4 - HKLM\..\Run: [KeyAgent] C:\Program Files\UBizNames\MyKey\keylaunch.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
    O4 - HKLM\..\Run: [12.tmp] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\12.tmp.exe 1 10001
    O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\System32\tibs5.exe
    O4 - HKLM\..\Run: [14.tmp] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\14.tmp.exe 0 10001
    O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\System32\sm.exe
    O4 - HKLM\..\Run: [12.tmp.exe] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\12.tmp.exe 1 10001
    O4 - HKLM\..\Run: [14.tmp.exe] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\14.tmp.exe 0 10001
    O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
    O4 - HKLM\..\Run: [3.tmp] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\3.tmp.exe 2 10001
    O4 - HKLM\..\Run: [3.tmp.exe] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\3.tmp.exe 4 10001
    O4 - HKLM\..\Run: [kdhckyf] c:\windows\system32\kdhckyf.exe
    O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitencu32.exe
    O4 - HKLM\..\Run: [hikpsvnj] C:\WINDOWS\System32\hikpsvnj.exe
    O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [pJPu] C:\WINDOWS\itqrtkh.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
    O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Yvmahj.exe
    O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
    O4 - HKLM\..\Run: [fkvgl] C:\WINDOWS\fkvgl.exe
    O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
    O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Xsacfx.exe
    O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\djtopr1150.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Amsr] C:\Documents and Settings\준자.F05LXIJ0O2KW5JQ\Application Data\hasl.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Web Service] C:\WINDOWS\System32\sm.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
    O12 - Plugin for .asp: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O15 - Trusted Zone: *.addictivetechnologies.com
    O15 - Trusted Zone: *.addictivetechnologies.net
    O15 - Trusted Zone: *.admin2cash.biz
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.bettersearch.biz
    O15 - Trusted Zone: *.c4tdownload.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.f1organizer.com
    O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
    O15 - Trusted Zone: *.iframe.biz
    O15 - Trusted Zone: *.megapornix.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.newiframe.biz
    O15 - Trusted Zone: *.overpro.com
    O15 - Trusted Zone: *.pizdato.biz
    O15 - Trusted Zone: *.private-dialer.biz
    O15 - Trusted Zone: *.private-iframe.biz
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.sp2admin.biz
    O15 - Trusted Zone: *.sp2****ed.biz
    O15 - Trusted Zone: *.vse-moe.biz
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.ysbweb.com
    O16 - DPF: v3cab - http://searchmiracle.com/cab/1.cab
    O16 - DPF: {0B82117A-74BA-41D6-B2F8-FBB021C87383} (difplayctrl Class) - http://www.freezoom.co.kr/cab/difplay.cab
    O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
    O16 - DPF: {2712EB12-3BD3-4003-8113-D23B30FACC62} (P3BugsLoad Class) - http://player.bugs.co.kr/player/cab/bugsLoader20040625.cab
    O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - https://www.nexon.com/activex/public_new/nxpm.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {2F745B25-915B-45A4-A80E-5F0CE37709B1} (HanGamePlugin18 Class) - http://down.hangame.com/dist/activex/HanGamePlugin18.cab
    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/172a026fd0accf903e05/netzip/RdxIE601.cab
    O16 - DPF: {575594D5-8974-4AFE-9919-8FE4AA687DEF} (NhnPlayer Control) - http://realcast.net/player/nhnplayerx.cab
    O16 - DPF: {7417F730-7BAB-409E-8BB7-6936D361B869} (MLauncher Class) - http://download.mgame.com/download/cab/mlauncher.cab
    O16 - DPF: {7451A3DE-A83D-469D-977B-D7627EEA07DD} (FcCommCtrl.AlbumDropBox) - http://home.freechal.com/etc/FcActivePackage/FcCommCtrl/FcCommCtrl.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (PC-cillin HouseCall 컨트롤) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/renderer/mabiweb.2004.6.27.cab
    O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/loader2.ocx
    O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Published/XecureWeb/v5.4.6.0/xw_install.cab
    O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.co.kr/install/mv/p3bvset.cab
    O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
    O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9/dmcc2.cab
    O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
    O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.co.kr/install/bugsLoader20040914.cab
    O16 - DPF: {A4CC2CFF-D8DE-481E-81FC-B51186283282} (PZLunch Control) - http://down01.freechal.com/FcVaccine/PCZiggy.cab
    O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (session Class) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
    O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworld.nate.com/ImageUpload/CyImageUpload.cab
    O16 - DPF: {B13DB41F-57C0-4260-85B9-6308D6800CFF} (yogijogi Control) - http://www.edongkeydownload.com/yogijogiX.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/bugsLoader20041018.cab
    O16 - DPF: {C320CD4A-7977-4FD2-BBB7-9E6CC61837C5} (INIwallet01 Control) - http://plugin.inicis.com/INIwallet01.cab
    O16 - DPF: {CCC8B4BB-26CE-4092-8C6A-FDFACACB1783} (Gaga11 Control) - http://www.gaga11.com/gaga11.cab
    O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://download.netmarble.com/nProtect/nprotect/npx.cab
    O16 - DPF: {D68E9D4E-B2D0-467C-985E-D0D341E554D6} (Vidrinst Control) - http://family.vidr.net/activex/vidrinst.cab
    O16 - DPF: {DFB64246-00EA-4996-8C31-1F0855BECDDB} (P3WLoader Class) - http://player.bugs.co.kr/player/cab/bugsLoader.cab
    O16 - DPF: {ED1DE51C-2677-450A-8BC1-764218137696} (Install Class) - http://www.damoim.net/_lib/DMAU.cab
    O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox25.cab
    O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
    O23 - Service: qrdvsbkkaqxg - Unknown - C:\WINDOWS\System32\wptcdowk6.exe
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    R3 - Default URLSearchHook is missing
    F3 - REG:win.ini: run=C:\WINDOWS\System32\soft.exe
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
    O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
    O2 - BHO: (no name) - {292D0772-036A-7892-8765-2D94BD9D4DF5} - (no file)
    O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
    O2 - BHO: (no name) - {61C02B35-471F-DA49-1C03-CB51CB7EFB82} - (no file)
    O2 - BHO: (no name) - {849739C3-1EFC-395C-14E2-41F320943BAC} - (no file)
    O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\boln.dll
    O4 - HKLM\..\Run: [바이닥터] "C:\Program Files\vidr\vidoctor.exe" -auto
    O4 - HKLM\..\Run: [winrest] C:\WINDOWS\System32\drivers\user\clsnum.exe
    O4 - HKLM\..\Run: [KeyAgent] C:\Program Files\UBizNames\MyKey\keylaunch.exe

    O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
    O4 - HKLM\..\Run: [12.tmp] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\12.tmp.exe 1 10001
    O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\System32\tibs5.exe
    O4 - HKLM\..\Run: [14.tmp] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\14.tmp.exe 0 10001
    O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\System32\sm.exe
    O4 - HKLM\..\Run: [12.tmp.exe] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\12.tmp.exe 1 10001
    O4 - HKLM\..\Run: [14.tmp.exe] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\14.tmp.exe 0 10001
    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
    O4 - HKLM\..\Run: [3.tmp] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\3.tmp.exe 2 10001
    O4 - HKLM\..\Run: [3.tmp.exe] C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\3.tmp.exe 4 10001
    O4 - HKLM\..\Run: [kdhckyf] c:\windows\system32\kdhckyf.exe
    O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitencu32.exe
    O4 - HKLM\..\Run: [hikpsvnj] C:\WINDOWS\System32\hikpsvnj.exe
    O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [pJPu] C:\WINDOWS\itqrtkh.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
    O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Yvmahj.exe
    O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
    O4 - HKLM\..\Run: [fkvgl] C:\WINDOWS\fkvgl.exe
    O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
    O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Xsacfx.exe
    O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\준자~1.F05\LOCALS~1\Temp\djtopr1150.exe"
    O4 - HKCU\..\Run: [Amsr] C:\Documents and Settings\준자.F05LXIJ0O2KW5JQ\Application Data\hasl.exe
    O4 - HKCU\..\Run: [Web Service] C:\WINDOWS\System32\sm.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
    O15 - Trusted Zone: *.addictivetechnologies.com
    O15 - Trusted Zone: *.addictivetechnologies.net
    O15 - Trusted Zone: *.admin2cash.biz
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.bettersearch.biz
    O15 - Trusted Zone: *.c4tdownload.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.f1organizer.com
    O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
    O15 - Trusted Zone: *.iframe.biz
    O15 - Trusted Zone: *.megapornix.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.newiframe.biz
    O15 - Trusted Zone: *.overpro.com
    O15 - Trusted Zone: *.pizdato.biz
    O15 - Trusted Zone: *.private-dialer.biz
    O15 - Trusted Zone: *.private-iframe.biz
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.sp2admin.biz
    O15 - Trusted Zone: *.sp2****ed.biz
    O15 - Trusted Zone: *.vse-moe.biz
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.ysbweb.com
    O16 - DPF: {0B82117A-74BA-41D6-B2F8-FBB021C87383} (difplayctrl Class) - http://www.freezoom.co.kr/cab/difplay.cab
    O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho...On/AlwaysOn.CAB
    O16 - DPF: {2712EB12-3BD3-4003-8113-D23B30FACC62} (P3BugsLoad Class) - http://player.bugs.co.kr/player/cab...der20040625.cab
    O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - https://www.nexon.com/activex/public_new/nxpm.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/mini...ransporter.cab?
    O16 - DPF: {2F745B25-915B-45A4-A80E-5F0CE37709B1} (HanGamePlugin18 Class) - http://down.hangame.com/dist/active...amePlugin18.cab
    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/172a026...ip/RdxIE601.cab
    O16 - DPF: {575594D5-8974-4AFE-9919-8FE4AA687DEF} (NhnPlayer Control) - http://realcast.net/player/nhnplayerx.cab
    O16 - DPF: {7417F730-7BAB-409E-8BB7-6936D361B869} (MLauncher Class) - http://download.mgame.com/download/cab/mlauncher.cab
    O16 - DPF: {7451A3DE-A83D-469D-977B-D7627EEA07DD} (FcCommCtrl.AlbumDropBox) - http://home.freechal.com/etc/FcActi.../FcCommCtrl.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (PC-cillin HouseCall 컨트&#47204 - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
    O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/rende...b.2004.6.27.cab
    O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/loader2.ocx
    O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Pub.../xw_install.cab
    O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.co.kr/install/mv/p3bvset.cab
    O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
    O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9/dmcc2.cab
    O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
    O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.co.kr/install/bugsLoader20040914.cab
    O16 - DPF: {A4CC2CFF-D8DE-481E-81FC-B51186283282} (PZLunch Control) - http://down01.freechal.com/FcVaccine/PCZiggy.cab
    O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (session Class) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
    O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworld.nate.com/Imag...ImageUpload.cab
    O16 - DPF: {B13DB41F-57C0-4260-85B9-6308D6800CFF} (yogijogi Control) - http://www.edongkeydownload.com/yogijogiX.cab
    O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/bugsLoader20041018.cab
    O16 - DPF: {C320CD4A-7977-4FD2-BBB7-9E6CC61837C5} (INIwallet01 Control) - http://plugin.inicis.com/INIwallet01.cab
    O16 - DPF: {CCC8B4BB-26CE-4092-8C6A-FDFACACB1783} (Gaga11 Control) - http://www.gaga11.com/gaga11.cab
    O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://download.netmarble.com/nProtect/nprotect/npx.cab
    O16 - DPF: {D68E9D4E-B2D0-467C-985E-D0D341E554D6} (Vidrinst Control) - http://family.vidr.net/activex/vidrinst.cab
    O16 - DPF: {DFB64246-00EA-4996-8C31-1F0855BECDDB} (P3WLoader Class) - http://player.bugs.co.kr/player/cab/bugsLoader.cab
    O16 - DPF: {ED1DE51C-2677-450A-8BC1-764218137696} (Install Class) - http://www.damoim.net/_lib/DMAU.cab
    O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox25.cab
    O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
    O23 - Service: qrdvsbkkaqxg - Unknown - C:\WINDOWS\System32\wptcdowk6.exe


    Close all applications and browser windows before you click "fix checked".

    Restart in safe mode

    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders" Click "Apply" then "OK".

    Delete these folders:
    C:\Program Files\ISTsvc
    C:\Program Files\Internet Optimizer
    c:\program files\180solutions
    C:\Program Files\Power Scan
    C:\Program Files\Web_Rebates

    Open windows explorer and go to c:\documents and settings\every profile\local settings\temp and empty the folder.

    Empty your recycle bin.

    Reboot and post another log.
     
  9. wanii87

    wanii87 Thread Starter

    Joined:
    Feb 8, 2005
    Messages:
    6
    do you mean only to delete the BOLD letter ones? or all the ones listed above?
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    I forgot to add ... I don't know what the ones in bold are and if you do leave them.
     
  11. wanii87

    wanii87 Thread Starter

    Joined:
    Feb 8, 2005
    Messages:
    6
    Now its not as bad as before, couple popups, and for some reason my main background is white, and i cannot right click on it. Im gonna go ahead and run adaware to try and get rid of some pop ups, but is the log before i run it.

    Logfile of HijackThis v1.99.0
    Scan saved at 오후 11:46:31, on 2005-02-12
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\soft.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\eDonkey2000\eDonkey2000.exe
    C:\WINDOWS\isrvs\desktop.exe
    C:\WINDOWS\itqrtkh.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\hijackthis\HijackThis.exe

    F3 - REG:win.ini: run=C:\WINDOWS\System32\soft.exe
    O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
    O2 - BHO: (no name) - {292D0772-036A-7892-8765-2D94BD9D4DF5} - (no file)
    O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
    O2 - BHO: (no name) - {61C02B35-471F-DA49-1C03-CB51CB7EFB82} - (no file)
    O2 - BHO: (no name) - {849739C3-1EFC-395C-14E2-41F320943BAC} - (no file)
    O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
    O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitekcv32.exe
    O4 - HKLM\..\Run: [pJPu] C:\WINDOWS\itqrtkh.exe
    O4 - HKLM\..\Run: [KeyAgent] C:\Program Files\UBizNames\MyKey\keylaunch.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O12 - Plugin for .asp: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
    O16 - DPF: v3cab - http://searchmiracle.com/cab/1.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll

    Thanks
     
  12. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/328227

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice