Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

pop-ups!


  • This topic is locked This topic is locked

#1
shnikes

shnikes

    New Member

  • Member
  • Pip
  • 2 posts
First of all, thank god for a website like this.

I downloaded and installed a program called PortFlash, and somewhere along the
way I must have picked up a Trojan virus. That was fixed.

After installation, however, there were also popups, adwares, hijackers. I used several programs to detect and get rid of them. Some of the files that the programs was unable to erase or had erased but were there again after reboot, I erased manually in safe mode.

I still have popups (example: popuppers advertisement window64) and files running that have weird names.

Also, nothing works when I log-on to Windows for the first time. I can't open a file or a program without making it "freeze", and the web browser won't work. Only after I log-off (and this takes a long time) and log-on again will everything work. Last time I rebooted the computer rearranged my icons by itself!
  • 0

Advertisements


#2
shnikes

shnikes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
sorry. forgot to add this info.

Logfile of HijackThis v1.99.1
Scan saved at 오전 3:15:40, on 2005-02-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahnlab\Smart Update Utility\AhnSDsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\SAMSUNG\Keydefin\KeyDefin.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\a64sddd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\JW\Application Data\tsnc.exe
C:\WINDOWS\system32\nνsvc32.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\JW\바탕 화면\HijackThis.exe

R3 - URLSearchHook: (no name) - {183D5161-0C62-4295-896C-44E7442CD6F2} - (no file)
O2 - BHO: (no name) - {4EFA6E35-FF87-8457-D2EC-F30A0778F7C5} - C:\WINDOWS\system32\pyqhlor.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\Program Files\Ahnlab\V3\V3Bar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SAMSUNG Keydefin] C:\Program Files\SAMSUNG\Keydefin\KeyDefin.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [imekrmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [mlr] C:\Program Files\uvoi\rbkc.exe
O4 - HKLM\..\Run: [czq] C:\Program Files\vzj\hzbxbr.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [popuppers64] C:\WINDOWS\a64sddd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Abwp] C:\Documents and Settings\JW\Application Data\tsnc.exe
O4 - HKCU\..\Run: [Aiign] C:\WINDOWS\system32\nνsvc32.exe
O4 - HKCU\..\Run: [joinsland] "C:\Program Files\CoolAgent\avachat-joinsland.exe" -env http://rss.joinsland.com/env.xml
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java 콘솔 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://*.sbs.co.kr
O15 - Trusted Zone: http://*.shinhan.com
O15 - Trusted Zone: http://*.shinhancard.com
O15 - Trusted Zone: http://*.buddybuddy.co.kr (HKLM)
O15 - Trusted Zone: http://www.lgqls.co.kr (HKLM)
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {0846A65F-F551-4FB6-B396-83E65D8C0609} (TvOnline Control) - http://www.everyzone.../SpyVaccine.cab
O16 - DPF: {11FCE3E9-23B0-11D5-AE62-00A0C9394212} (Yessign Control) - http://www.yessign.o...ert/yessign.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.co...On/AlwaysOn.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2712EB12-3BD3-4003-8113-D23B30FACC62} (P3BugsLoad Class) - http://player.bugs.c...der20040625.cab
O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol....FileControl.cab
O16 - DPF: {2882C368-D508-11D4-A2AB-000102598CE4} (LProtect Control) - http://update.nprote...l2/livecall.cab
O16 - DPF: {2978B15B-B8A0-4966-B601-B72514958D9D} (Brunx Control) - http://rss.joinsland.com/brunx.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - http://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co....wn/PDUpdate.cab
O16 - DPF: {39A32A43-9D99-43E9-B0C9-D01BFF3C115B} (PrintManager Control) - http://image.shinhan...rintManager.exe
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK3 Control) - http://image.shinhan.../4043/SCSK4.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab
O16 - DPF: {45FC3433-CC83-4D62-991A-BAE9F68EF710} (CrinityUpload Class) - http://mail.khu.ac.k...inityUpload.cab
O16 - DPF: {49233226-72EC-11D6-918E-0050DA8B1AD6} (AnyGuide Control) - http://www.sdsgis.co...cx/anyGuide.ocx
O16 - DPF: {56F41A0F-59D1-49B1-9C68-8A54EEF76AFD} (YessignIO Control) - http://www.yessign.o...t/yessignIO.cab
O16 - DPF: {5FDB1043-B796-4216-861E-116DECC932C1} (SlotMachine Control) - http://www25.hompy.b.../HompyEvent.cab
O16 - DPF: {662B4974-EE36-426D-BD11-E75122E6BE18} (EasyPlugX Control) - http://info.anycert.com/c.wtz?i=96
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr...sOggPlay_11.CAB
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://image.shinhan...INIplugin40.cab
O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) - http://emailimg.skte...niMasPlugin.cab
O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.seevideo....ace/cvtrace.cab
O16 - DPF: {77771304-7777-1000-8000-080009AC61A9} (PowerBuilder Window Control) - http://prtsrv.khu.ac...8/PBRuntime.CAB
O16 - DPF: {79E81BD1-2549-4625-8B70-3D55B1DAF971} (File Class) - http://www.pdbox.co....up/FileUtil.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://img.kbstar.co...stall_v5410.cab
O16 - DPF: {85772DF6-C593-4AB6-A231-E87D3459FE00} (myPhotalDownload.ctrlDownLoad) - http://www.realog.ne...talDownload.CAB
O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.c.../mv/p3bvset.cab
O16 - DPF: {8FA141C5-29D7-4408-A57B-619C463ED7BB} (Cychannel_Club1_10.UserControl1) - http://club.cyworld....lubmain1_11.CAB
O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} (Launcher Class) - http://app.ipop.co.kr/ipop/ipopx.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab9/dmcc2.cab
O16 - DPF: {957F8EA8-8F82-4220-AC1D-00B2DC19A98A} (Ibcd_kbsCtrl Class) - http://img.kbs.co.kr/ib/ibcd_kbs.cab
O16 - DPF: {98FBBB0F-9736-4B91-B926-31F4A5EE443C} (btpgClientCM Class) - https://pg.banktown....tpgClientCM.cab
O16 - DPF: {9B3D28D5-6A56-4BE4-9FAB-C79305D5C88D} (myPhotalFileUpload.ctrlUpload) - http://www.realog.ne...lFileUpload.CAB
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.c...l/mv/XTools.cab
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis...INIwallet50.cab
O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.c...der20040811.cab
O16 - DPF: {A2A4336A-E49E-44E8-B152-E98E841CFA24} (Update Control) - http://www.chzero.co...roMapUpdate.cab
O16 - DPF: {AD435D31-ED5C-4148-9DD8-92211F9DAC34} (RSA Class) - http://pointsok.okca...KMPPClient2.cab
O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworl...ImageUpload.cab
O16 - DPF: {AE3F74F8-DD6C-4EA3-817F-99CD0F0EF478} (BBLauncher Class) - http://www.buddybudd.../bblauncher.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackor...ate/ilkactx.cab
O16 - DPF: {BF22698D-3BED-4CB0-BA3A-64534FBC32B1} (SVWebPlayer Control) - http://www.seevideo....SVWebPlayer.cab
O16 - DPF: {C70B3202-68C6-11D4-B317-000086551DF6} (CPS_WEB Class) - http://etax.seoul.go...ew/ps_xtive.cab
O16 - DPF: {CB817A2F-4C2D-4994-A1B1-36952E9AC181} (MPIPI00 Control) - http://plugin.inicis...mpi/MPIPI00.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://touch.imbc.com/ocx/SetGlb.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprote...ungcard/npx.cab
O16 - DPF: {D44C7CBF-FB35-41CF-8D6C-C0A2143EB46C} (Yessign3 Control) - http://www.yessign.o...rt/yessign3.cab
O16 - DPF: {D4BD4AF6-0CEC-4E22-AD44-ECBCE0233620} (P3MaxLoad Class) - http://www.maxmp3.co...8/p3maxload.cab
O16 - DPF: {D4DCB587-AC09-4BE1-A13A-CF9F4FB8F168} (MAWS_SUHB Class) - http://samsungcard.c.../MAOnFPS_SC.cab
O16 - DPF: {D5722E4F-2BA0-11D6-A114-00D0591CC9BB} (HanaClient Class) - http://www.hanabank..../HanaClient.cab
O16 - DPF: {D572CD64-9310-4712-8FFC-A4F9DC9D4AC1} (QbicUpdate Control) - http://qbic.hanafos..../QbicUpdate.CAB
O16 - DPF: {D6D424E5-DE1C-4E91-8B59-00F5D860E3BF} (KillRecord Control) - http://wmpdownload.n.../KillRecord.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprote...gcard/npkcx.cab
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {DA3F9206-FDFF-4079-B5AA-E5361051EB3C} (PDBOXUploadCtrl Control) - http://www.pdbox.co....PdBoxUpload.cab
O16 - DPF: {DDB3CA41-B472-4EC4-BE10-90B470D06295} (Nexapi2 Control) - http://www.buddybudd.../cab/bbmmgr.cab
O16 - DPF: {DDE6FED7-88AB-405B-9D77-FD4CDA8B9EB5} (Qbic Control) - http://qbic.hanafos....ponent/Qbic.CAB
O16 - DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} (BtPmntClient Class) - https://pg.banktown....tPmntClient.cab
O16 - DPF: {E831AA9C-C980-4F16-B252-09AAF40D0E9B} (Kdfense9 Control) - http://kings.cachene...09/kdfense9.cab
O16 - DPF: {E8580BEA-BC7D-40BC-AA2E-E2A44E12CED8} (MCInfoOCX Control) - http://img.megastudy.net/InfoOcx.Cab
O16 - DPF: {E9702169-AFE2-477A-A79D-32151006E547} (IBSiteSigning.SiteSigning) - http://www.sbs.co.kr...SiteSigning.CAB
O16 - DPF: {EA0995BF-45DD-4DB0-ADD5-A39C37397841} (ShbAutoTrustSite Control) - http://image.shinhan...oTrustSiteX.cab
O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co....own/PDBox25.cab
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://image.shinhan...NISafeWeb50.cab
O16 - DPF: {F62ECE4D-217F-475A-A8F8-71160342C46B} (GCAXEXT Control) - http://www.rcnt.net/...svc/gcaxext.cab
O16 - DPF: {F684B4EA-0F0A-4AE3-9C7B-EEB60DA575F8} (MPICtl Class) - https://mpi.dacom.ne...ate_XPayMPI.cab
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\Ahnlab\Smart Update Utility\AhnSDsv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: bfjhwoliaxrj (kjsxlgqo6) - Unknown owner - C:\WINDOWS\system32\bczhrhpy6.exe (file missing)
O23 - Service: MonSvcNT - Ahnlab, Inc. - C:\Program Files\Ahnlab\V3\MonSvcNT.EXE
O23 - Service: Norton AntiVirus 자동 보호 서비스 (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#3
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi shnikes

Please set your system to show all files; see here for how to do this if you're unsure.

Please print this page or use copy and paste to notepad.

Press Control-Alt-Del to enter the Task Manager.
Click on the Processes tab and end the following processes:

C:\WINDOWS\a64sddd.exe
C:\Documents and Settings\JW\Application Data\tsnc.exe


Exit the Task Manager when finished

Close all programs down, leaving only HijackThis running.
Place a check against the following items:

R3 - URLSearchHook: (no name) - {183D5161-0C62-4295-896C-44E7442CD6F2} - (no file)
O2 - BHO: (no name) - {4EFA6E35-FF87-8457-D2EC-F30A0778F7C5} - C:\WINDOWS\system32\pyqhlor.dll
O4 - HKLM\..\Run: [mlr] C:\Program Files\uvoi\rbkc.exe
O4 - HKLM\..\Run: [czq] C:\Program Files\vzj\hzbxbr.exe
O4 - HKLM\..\Run: [popuppers64] C:\WINDOWS\a64sddd.exe
O4 - HKCU\..\Run: [Abwp] C:\Documents and Settings\JW\Application Data\tsnc.exe
O4 - HKCU\..\Run: [Aiign] C:\WINDOWS\system32\n?svc32.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://*.sbs.co.kr
O15 - Trusted Zone: http://*.shinhan.com
O15 - Trusted Zone: http://*.shinhancard.com
O15 - Trusted Zone: http://*.buddybuddy.co.kr (HKLM)
O15 - Trusted Zone: http://www.lgqls.co.kr (HKLM)
O23 - Service: bfjhwoliaxrj (kjsxlgqo6) - Unknown owner - C:\WINDOWS\system32\bczhrhpy6.exe (file missing)


Click on Fix Checked and exit HijackThis.

Reboot into Safe Mode: see here if you don't know how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:

C:\WINDOWS\a64sddd.exe
C:\Documents and Settings\JW\Application Data\tsnc.exe
C:\WINDOWS\system32\pyqhlor.dll
C:\Program Files\uvoi\rbkc.exe
C:\Program Files\vzj\hzbxbr.exe


Exit Explorer, and reboot as normal afterwards.

Post back a fresh HijackThis log and we'll take another look.
Kc :tazz:

Users choice

The number of 016 on your sytem is to many for me to do a search on you can do a search on google and see what are safe or bad, or have hijackthis remove them they will come back when you click on the link.

O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {0846A65F-F551-4FB6-B396-83E65D8C0609} (TvOnline Control) - http://www.everyzone.../SpyVaccine.cab
O16 - DPF: {11FCE3E9-23B0-11D5-AE62-00A0C9394212} (Yessign Control) - http://www.yessign.o...ert/yessign.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.co...On/AlwaysOn.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2712EB12-3BD3-4003-8113-D23B30FACC62} (P3BugsLoad Class) - http://player.bugs.c...der20040625.cab
O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol....FileControl.cab
O16 - DPF: {2882C368-D508-11D4-A2AB-000102598CE4} (LProtect Control) - http://update.nprote...l2/livecall.cab
O16 - DPF: {2978B15B-B8A0-4966-B601-B72514958D9D} (Brunx Control) - http://rss.joinsland.com/brunx.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - http://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co....wn/PDUpdate.cab
O16 - DPF: {39A32A43-9D99-43E9-B0C9-D01BFF3C115B} (PrintManager Control) - http://image.shinhan...rintManager.exe
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK3 Control) - http://image.shinhan.../4043/SCSK4.cab
O16 - DPF: {45FC3433-CC83-4D62-991A-BAE9F68EF710} (CrinityUpload Class) - http://mail.khu.ac.k...inityUpload.cab
O16 - DPF: {49233226-72EC-11D6-918E-0050DA8B1AD6} (AnyGuide Control) - http://www.sdsgis.co...cx/anyGuide.ocx
O16 - DPF: {56F41A0F-59D1-49B1-9C68-8A54EEF76AFD} (YessignIO Control) - http://www.yessign.o...t/yessignIO.cab
O16 - DPF: {5FDB1043-B796-4216-861E-116DECC932C1} (SlotMachine Control) - http://www25.hompy.b.../HompyEvent.cab
O16 - DPF: {662B4974-EE36-426D-BD11-E75122E6BE18} (EasyPlugX Control) - http://info.anycert.com/c.wtz?i=96
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr...sOggPlay_11.CAB
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://image.shinhan...INIplugin40.cab
O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) - http://emailimg.skte...niMasPlugin.cab
O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.seevideo....ace/cvtrace.cab
O16 - DPF: {77771304-7777-1000-8000-080009AC61A9} (PowerBuilder Window Control) - http://prtsrv.khu.ac...8/PBRuntime.CAB
O16 - DPF: {79E81BD1-2549-4625-8B70-3D55B1DAF971} (File Class) - http://www.pdbox.co....up/FileUtil.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://img.kbstar.co...stall_v5410.cab
O16 - DPF: {85772DF6-C593-4AB6-A231-E87D3459FE00} (myPhotalDownload.ctrlDownLoad) - http://www.realog.ne...talDownload.CAB
O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.c.../mv/p3bvset.cab
O16 - DPF: {8FA141C5-29D7-4408-A57B-619C463ED7BB} (Cychannel_Club1_10.UserControl1) - http://club.cyworld....lubmain1_11.CAB
O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} (Launcher Class) - http://app.ipop.co.kr/ipop/ipopx.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab9/dmcc2.cab
O16 - DPF: {957F8EA8-8F82-4220-AC1D-00B2DC19A98A} (Ibcd_kbsCtrl Class) - http://img.kbs.co.kr/ib/ibcd_kbs.cab
O16 - DPF: {98FBBB0F-9736-4B91-B926-31F4A5EE443C} (btpgClientCM Class) - https://pg.banktown....tpgClientCM.cab
O16 - DPF: {9B3D28D5-6A56-4BE4-9FAB-C79305D5C88D} (myPhotalFileUpload.ctrlUpload) - http://www.realog.ne...lFileUpload.CAB
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.c...l/mv/XTools.cab
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis...INIwallet50.cab
O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.c...der20040811.cab
O16 - DPF: {A2A4336A-E49E-44E8-B152-E98E841CFA24} (Update Control) - http://www.chzero.co...roMapUpdate.cab
O16 - DPF: {AD435D31-ED5C-4148-9DD8-92211F9DAC34} (RSA Class) - http://pointsok.okca...KMPPClient2.cab
O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworl...ImageUpload.cab
O16 - DPF: {AE3F74F8-DD6C-4EA3-817F-99CD0F0EF478} (BBLauncher Class) - http://www.buddybudd.../bblauncher.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackor...ate/ilkactx.cab
O16 - DPF: {BF22698D-3BED-4CB0-BA3A-64534FBC32B1} (SVWebPlayer Control) - http://www.seevideo....SVWebPlayer.cab
O16 - DPF: {C70B3202-68C6-11D4-B317-000086551DF6} (CPS_WEB Class) - http://etax.seoul.go...ew/ps_xtive.cab
O16 - DPF: {CB817A2F-4C2D-4994-A1B1-36952E9AC181} (MPIPI00 Control) - http://plugin.inicis...mpi/MPIPI00.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://touch.imbc.com/ocx/SetGlb.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprote...ungcard/npx.cab
O16 - DPF: {D44C7CBF-FB35-41CF-8D6C-C0A2143EB46C} (Yessign3 Control) - http://www.yessign.o...rt/yessign3.cab
O16 - DPF: {D4BD4AF6-0CEC-4E22-AD44-ECBCE0233620} (P3MaxLoad Class) - http://www.maxmp3.co...8/p3maxload.cab
O16 - DPF: {D4DCB587-AC09-4BE1-A13A-CF9F4FB8F168} (MAWS_SUHB Class) - http://samsungcard.c.../MAOnFPS_SC.cab
O16 - DPF: {D5722E4F-2BA0-11D6-A114-00D0591CC9BB} (HanaClient Class) - http://www.hanabank..../HanaClient.cab
O16 - DPF: {D572CD64-9310-4712-8FFC-A4F9DC9D4AC1} (QbicUpdate Control) - http://qbic.hanafos..../QbicUpdate.CAB
O16 - DPF: {D6D424E5-DE1C-4E91-8B59-00F5D860E3BF} (KillRecord Control) - http://wmpdownload.n.../KillRecord.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprote...gcard/npkcx.cab
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {DA3F9206-FDFF-4079-B5AA-E5361051EB3C} (PDBOXUploadCtrl Control) - http://www.pdbox.co....PdBoxUpload.cab
O16 - DPF: {DDB3CA41-B472-4EC4-BE10-90B470D06295} (Nexapi2 Control) - http://www.buddybudd.../cab/bbmmgr.cab
O16 - DPF: {DDE6FED7-88AB-405B-9D77-FD4CDA8B9EB5} (Qbic Control) - http://qbic.hanafos....ponent/Qbic.CAB
O16 - DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} (BtPmntClient Class) - https://pg.banktown....tPmntClient.cab
O16 - DPF: {E831AA9C-C980-4F16-B252-09AAF40D0E9B} (Kdfense9 Control) - http://kings.cachene...09/kdfense9.cab
O16 - DPF: {E8580BEA-BC7D-40BC-AA2E-E2A44E12CED8} (MCInfoOCX Control) - http://img.megastudy.net/InfoOcx.Cab
O16 - DPF: {E9702169-AFE2-477A-A79D-32151006E547} (IBSiteSigning.SiteSigning) - http://www.sbs.co.kr...SiteSigning.CAB
O16 - DPF: {EA0995BF-45DD-4DB0-ADD5-A39C37397841} (ShbAutoTrustSite Control) - http://image.shinhan...oTrustSiteX.cab
O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co....own/PDBox25.cab
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://image.shinhan...NISafeWeb50.cab
O16 - DPF: {F62ECE4D-217F-475A-A8F8-71160342C46B} (GCAXEXT Control) - http://www.rcnt.net/...svc/gcaxext.cab
O16 - DPF: {F684B4EA-0F0A-4AE3-9C7B-EEB60DA575F8} (MPICtl Class) - https://mpi.dacom.ne...ate_XPayMPI.cab
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP