sorry. forgot to add this info.
Logfile of HijackThis v1.99.1
Scan saved at 오전 3:15:40, on 2005-02-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahnlab\Smart Update Utility\AhnSDsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\SAMSUNG\Keydefin\KeyDefin.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\a64sddd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\JW\Application Data\tsnc.exe
C:\WINDOWS\system32\nνsvc32.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\JW\바탕 화면\HijackThis.exe
R3 - URLSearchHook: (no name) - {183D5161-0C62-4295-896C-44E7442CD6F2} - (no file)
O2 - BHO: (no name) - {4EFA6E35-FF87-8457-D2EC-F30A0778F7C5} - C:\WINDOWS\system32\pyqhlor.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\Program Files\Ahnlab\V3\V3Bar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SAMSUNG Keydefin] C:\Program Files\SAMSUNG\Keydefin\KeyDefin.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [imekrmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [mlr] C:\Program Files\uvoi\rbkc.exe
O4 - HKLM\..\Run: [czq] C:\Program Files\vzj\hzbxbr.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [popuppers64] C:\WINDOWS\a64sddd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Abwp] C:\Documents and Settings\JW\Application Data\tsnc.exe
O4 - HKCU\..\Run: [Aiign] C:\WINDOWS\system32\nνsvc32.exe
O4 - HKCU\..\Run: [joinsland] "C:\Program Files\CoolAgent\avachat-joinsland.exe" -env
http://rss.joinsland.com/env.xml O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java 콘솔 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone:
http://*.sbs.co.krO15 - Trusted Zone:
http://*.shinhan.comO15 - Trusted Zone:
http://*.shinhancard.comO15 - Trusted Zone:
http://*.buddybuddy.co.kr (HKLM)
O15 - Trusted Zone:
http://www.lgqls.co.kr (HKLM)
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) -
http://www.clubbox.c.../NowStarter.cabO16 - DPF: {0846A65F-F551-4FB6-B396-83E65D8C0609} (TvOnline Control) -
http://www.everyzone.../SpyVaccine.cabO16 - DPF: {11FCE3E9-23B0-11D5-AE62-00A0C9394212} (Yessign Control) -
http://www.yessign.o...ert/yessign.cabO16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) -
http://www.crezio.co...On/AlwaysOn.CABO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
http://www.symantec....sa/LSSupCtl.cabO16 - DPF: {2712EB12-3BD3-4003-8113-D23B30FACC62} (P3BugsLoad Class) -
http://player.bugs.c...der20040625.cabO16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) -
http://simfile.chol....FileControl.cabO16 - DPF: {2882C368-D508-11D4-A2AB-000102598CE4} (LProtect Control) -
http://update.nprote...l2/livecall.cabO16 - DPF: {2978B15B-B8A0-4966-B601-B72514958D9D} (Brunx Control) -
http://rss.joinsland.com/brunx.cabO16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) -
http://www.vpay.co.kr/KVPplugin01.cabO16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) -
http://www.pdbox.co....wn/PDUpdate.cabO16 - DPF: {39A32A43-9D99-43E9-B0C9-D01BFF3C115B} (PrintManager Control) -
http://image.shinhan...rintManager.exeO16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK3 Control) -
http://image.shinhan.../4043/SCSK4.cabO16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) -
http://install.wildt...iveLauncher.cabO16 - DPF: {45FC3433-CC83-4D62-991A-BAE9F68EF710} (CrinityUpload Class) -
http://mail.khu.ac.k...inityUpload.cabO16 - DPF: {49233226-72EC-11D6-918E-0050DA8B1AD6} (AnyGuide Control) -
http://www.sdsgis.co...cx/anyGuide.ocxO16 - DPF: {56F41A0F-59D1-49B1-9C68-8A54EEF76AFD} (YessignIO Control) -
http://www.yessign.o...t/yessignIO.cabO16 - DPF: {5FDB1043-B796-4216-861E-116DECC932C1} (SlotMachine Control) -
http://www25.hompy.b.../HompyEvent.cabO16 - DPF: {662B4974-EE36-426D-BD11-E75122E6BE18} (EasyPlugX Control) -
http://info.anycert.com/c.wtz?i=96O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) -
http://so.bugs.co.kr...sOggPlay_11.CABO16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) -
http://image.shinhan...INIplugin40.cabO16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) -
http://emailimg.skte...niMasPlugin.cabO16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) -
http://www.seevideo....ace/cvtrace.cabO16 - DPF: {77771304-7777-1000-8000-080009AC61A9} (PowerBuilder Window Control) -
http://prtsrv.khu.ac...8/PBRuntime.CABO16 - DPF: {79E81BD1-2549-4625-8B70-3D55B1DAF971} (File Class) -
http://www.pdbox.co....up/FileUtil.cabO16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) -
http://img.kbstar.co...stall_v5410.cabO16 - DPF: {85772DF6-C593-4AB6-A231-E87D3459FE00} (myPhotalDownload.ctrlDownLoad) -
http://www.realog.ne...talDownload.CABO16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) -
http://player.bugs.c.../mv/p3bvset.cabO16 - DPF: {8FA141C5-29D7-4408-A57B-619C463ED7BB} (Cychannel_Club1_10.UserControl1) -
http://club.cyworld....lubmain1_11.CABO16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} (Launcher Class) -
http://app.ipop.co.kr/ipop/ipopx.cabO16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) -
http://cafeimg.hanma.../cab9/dmcc2.cabO16 - DPF: {957F8EA8-8F82-4220-AC1D-00B2DC19A98A} (Ibcd_kbsCtrl Class) -
http://img.kbs.co.kr/ib/ibcd_kbs.cabO16 - DPF: {98FBBB0F-9736-4B91-B926-31F4A5EE443C} (btpgClientCM Class) -
https://pg.banktown....tpgClientCM.cabO16 - DPF: {9B3D28D5-6A56-4BE4-9FAB-C79305D5C88D} (myPhotalFileUpload.ctrlUpload) -
http://www.realog.ne...lFileUpload.CABO16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) -
http://player.bugs.c...l/mv/XTools.cabO16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) -
http://plugin.inicis...INIwallet50.cabO16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) -
http://player.bugs.c...der20040811.cabO16 - DPF: {A2A4336A-E49E-44E8-B152-E98E841CFA24} (Update Control) -
http://www.chzero.co...roMapUpdate.cabO16 - DPF: {AD435D31-ED5C-4148-9DD8-92211F9DAC34} (RSA Class) -
http://pointsok.okca...KMPPClient2.cabO16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) -
http://cyimg2.cyworl...ImageUpload.cabO16 - DPF: {AE3F74F8-DD6C-4EA3-817F-99CD0F0EF478} (BBLauncher Class) -
http://www.buddybudd.../bblauncher.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) -
https://www.isaackor...ate/ilkactx.cabO16 - DPF: {BF22698D-3BED-4CB0-BA3A-64534FBC32B1} (SVWebPlayer Control) -
http://www.seevideo....SVWebPlayer.cabO16 - DPF: {C70B3202-68C6-11D4-B317-000086551DF6} (CPS_WEB Class) -
http://etax.seoul.go...ew/ps_xtive.cabO16 - DPF: {CB817A2F-4C2D-4994-A1B1-36952E9AC181} (MPIPI00 Control) -
http://plugin.inicis...mpi/MPIPI00.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
http://www.symantec....sa/SymAData.cabO16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) -
http://touch.imbc.com/ocx/SetGlb.cabO16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) -
http://update.nprote...ungcard/npx.cabO16 - DPF: {D44C7CBF-FB35-41CF-8D6C-C0A2143EB46C} (Yessign3 Control) -
http://www.yessign.o...rt/yessign3.cabO16 - DPF: {D4BD4AF6-0CEC-4E22-AD44-ECBCE0233620} (P3MaxLoad Class) -
http://www.maxmp3.co...8/p3maxload.cabO16 - DPF: {D4DCB587-AC09-4BE1-A13A-CF9F4FB8F168} (MAWS_SUHB Class) -
http://samsungcard.c.../MAOnFPS_SC.cabO16 - DPF: {D5722E4F-2BA0-11D6-A114-00D0591CC9BB} (HanaClient Class) -
http://www.hanabank..../HanaClient.cabO16 - DPF: {D572CD64-9310-4712-8FFC-A4F9DC9D4AC1} (QbicUpdate Control) -
http://qbic.hanafos..../QbicUpdate.CABO16 - DPF: {D6D424E5-DE1C-4E91-8B59-00F5D860E3BF} (KillRecord Control) -
http://wmpdownload.n.../KillRecord.cabO16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) -
http://update.nprote...gcard/npkcx.cabO16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) -
http://touch.imbc.com/ocx/Online.cabO16 - DPF: {DA3F9206-FDFF-4079-B5AA-E5361051EB3C} (PDBOXUploadCtrl Control) -
http://www.pdbox.co....PdBoxUpload.cabO16 - DPF: {DDB3CA41-B472-4EC4-BE10-90B470D06295} (Nexapi2 Control) -
http://www.buddybudd.../cab/bbmmgr.cabO16 - DPF: {DDE6FED7-88AB-405B-9D77-FD4CDA8B9EB5} (Qbic Control) -
http://qbic.hanafos....ponent/Qbic.CABO16 - DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} (BtPmntClient Class) -
https://pg.banktown....tPmntClient.cabO16 - DPF: {E831AA9C-C980-4F16-B252-09AAF40D0E9B} (Kdfense9 Control) -
http://kings.cachene...09/kdfense9.cabO16 - DPF: {E8580BEA-BC7D-40BC-AA2E-E2A44E12CED8} (MCInfoOCX Control) -
http://img.megastudy.net/InfoOcx.CabO16 - DPF: {E9702169-AFE2-477A-A79D-32151006E547} (IBSiteSigning.SiteSigning) -
http://www.sbs.co.kr...SiteSigning.CABO16 - DPF: {EA0995BF-45DD-4DB0-ADD5-A39C37397841} (ShbAutoTrustSite Control) -
http://image.shinhan...oTrustSiteX.cabO16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) -
http://www.pdbox.co....own/PDBox25.cabO16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) -
http://image.shinhan...NISafeWeb50.cabO16 - DPF: {F62ECE4D-217F-475A-A8F8-71160342C46B} (GCAXEXT Control) -
http://www.rcnt.net/...svc/gcaxext.cabO16 - DPF: {F684B4EA-0F0A-4AE3-9C7B-EEB60DA575F8} (MPICtl Class) -
https://mpi.dacom.ne...ate_XPayMPI.cabO23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\Ahnlab\Smart Update Utility\AhnSDsv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: bfjhwoliaxrj (kjsxlgqo6) - Unknown owner - C:\WINDOWS\system32\bczhrhpy6.exe (file missing)
O23 - Service: MonSvcNT - Ahnlab, Inc. - C:\Program Files\Ahnlab\V3\MonSvcNT.EXE
O23 - Service: Norton AntiVirus 자동 보호 서비스 (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe