This topic is locked
The desktop can't be changed, the annoying spysheriff thing keeps re-installing itself even though I don't want it to, and the internet broswer keeps shutting off ever since I got spysheriff.
I really apperciate any help in fixing this problem and plz fix a.s.a.p. or whenever you guys have time. Thanks!
Logfile of HijackThis v1.99.1
Scan saved at 오후 5:17:06, on 2005-07-14
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\SAMSUNG\Browser Mouse\1.0\lwbwheel.exe
E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
E:\WINDOWS\System32\kernels32.exe
E:\WINDOWS\System32\winldra.exe
E:\WINDOWS\sys3114.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\mtou\orpo.exe
E:\WINDOWS\system32\init32m.exe
E:\WINDOWS\System32\inetsrv\inetinfo.exe
E:\WINDOWS\svchost.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\tcpsvcs.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\svchoct.exe
E:\WINDOWS\System32\63631.exe
E:\WINDOWS\System32\vxgame2.exe
E:\WINDOWS\System32\vxgame3.exe
E:\WINDOWS\System32\vxgame4.exe
E:\WINDOWS\System32\vxgame6.exe
E:\WINDOWS\System32\vxgame4.exe
E:\WINDOWS\System32\symcsvc.exe
E:\WINDOWS\System32\cmd.exe
E:\WINDOWS\System32\94946.exe
E:\WINDOWS\System32\vxgamet2.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe
E:\WINDOWS\System32\maxd1.exe
F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\System32\kernels32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9C5875B8-93F3-429D-FF34-660B206D897A} - E:\WINDOWS\System32\performent001.dll
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - E:\WINDOWS\System32\ztoolb003.dll
O4 - HKLM\..\Run: [LWBMOUSE] E:\Program Files\SAMSUNG\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [ViewMgr] E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [System] E:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [load32] E:\WINDOWS\System32\winldra.exe
O4 - HKLM\..\Run: [load32] E:\WINDOWS\System32\winldra.exe
O4 - HKLM\..\Run: [sys3114] E:\WINDOWS\sys3114.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] E:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Upas] E:\Program Files\mtou\orpo.exe
O4 - HKCU\..\Run: [wupd] E:\WINDOWS\System32\symcsvc.exe
O4 - HKCU\..\Run: [sys3114] E:\WINDOWS\sys3114.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: FnWPro001 - http://www.samsungfn...t/FnWPro001.cab
O16 - DPF: {091CDD73-1401-4643-9B9C-65B091C88685} (MyLinker Control) - http://asiana.conten...le/MyLinker.cab
O16 - DPF: {0CD2EC08-3CF6-4BC4-BF48-824F4C1994F1} (SecureSession Class) - http://www.samsungfn...oolkitForIE.cab
O16 - DPF: {2022EE84-1E1F-45B0-8D35-FF9DA75366BC} (ExpressViewer Class) - http://download.soft...ei_install2.cab
O16 - DPF: {36FB4D87-6880-4D01-857F-BD2211E8721A} (SmartInstaller Class) - http://www.humandrea...e/HDInstall.cab
O16 - DPF: {49233226-72EC-11D6-918E-0050DA8B1AD6} (AnyGuide Control) - http://www.sdsgis.co...cx/anyGuide.ocx
O16 - DPF: {5E582BD1-6FAA-40F2-87A8-130AD325DABB} (Kdfense7 Control) - http://www.samsungfn...01/kdfense7.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://www.gseshop.c.../xw_install.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://www.dm.co.kr/...ndix/msxml4.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab9/dmcc2.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo....cab?refid=3548
O16 - DPF: {D662A14E-6017-11D5-B92C-0080AD7A7022} (Open3DPlayer Class) - http://www.openvr.co...pen3DPlayer.cab
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} (CongnamulMap4Asp Control) - http://local.daum.ne...sp_V20_Daum.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co..../KVPISPCTLD.cab
O16 - DPF: {E96118F2-FCDA-49CB-AFF2-ED4D52976006} (ISpocom Object) - http://www.spo.com/k...nent/spocom.cab
O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} (SKCommAX Control) - http://www.samsungfn...ab/SKCommAX.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O21 - SSODL: LG Telecom musicON2 MP3 Manager - {1C7373CB-BD0C-C771-2E08-CD1DC898172A} - c:\program files\lg telecom\musicon2 mp3 manager\wtrgrlr32.dll
O21 - SSODL: System - {3C335154-5F15-49C8-910A-9716A36DE5A4} - vr_sys.dll (file missing)
O23 - Service: svchost.exe (moto) - Unknown owner - E:\WINDOWS\svchost.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - E:\WINDOWS\System32\npkcsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: svchoct.exe (yuto) - Unknown owner - E:\WINDOWS\svchoct.exe
Sign In
Create Account
