Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - aeria1

Pages: [1]
1
Tech Clinic / another istsvc.exe problem
« on: February 22, 2005, 04:29:52 PM »
Wow! It took me a while but I managed to do exactly as instructed.
At first sight, it looks gone! Joy and jubilation!
One thing bugs me a bit. I did a Hijack scan a 2nd time in Safe Mode and fixed it twice but this one...

O23 - Service: Configuration Loadings (india111) - Unknown owner - C:\WINDOWS\System32\iSVCHOST.exe" -service (file missing)

doesn't go away.

Anyway, here is my latest log.
I wish I could somehow repay you for the tremendous help and englightenment you've given me. I really needed that clean up.

Logfile of HijackThis v1.99.1
Scan saved at 오후 9:25:29, on 2005-02-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ViRobotXP\Vrres.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 25
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: 비슷한 페이지 - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: 이전 링크 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: 페이지의 저장된 스냅샷 - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java 콘솔 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: {2882C368-D508-11D4-A2AB-000102598CE4} (LProtect Control) - http://www.livecall.co.kr/pds/module/livecall.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - http://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://speed.kornet.net/sw5/qtest/cab/KTSpeedNewCtrl.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://www.samsungcard.co.kr/XecureDemo/Xe...w50_install.cab
O16 - DPF: {93F83364-58E3-43C6-BE34-DE1252B26307} (Cruzbill Control) - http://211.189.120.205/sbill/cruzbill.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9699ACAA-934A-4156-A73E-76D004A55B8E} (InlivePlayer Control) - http://edu.pricequiz.com/include/ShortCut.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://ahnlabdownload.nefficient.co.kr/plu...yfirewall20.cab
O16 - DPF: {A2134278-B404-4B78-B751-8FB923B31935} (WiseLoader Control) - http://contents.wisebook.com/video/wiseboo.../WiseLoader.cab
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://ib.kfb.co.kr/ko_KR_new/initech/plug...NISafeWeb50.cab
O16 - DPF: {F684B4EA-0F0A-4AE3-9C7B-EEB60DA575F8} (MPICtl Class) - https://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPI.cab
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Configuration Loadings (india111) - Unknown owner - C:\WINDOWS\System32\iSVCHOST.exe" -service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe

2
Tech Clinic / another istsvc.exe problem
« on: February 21, 2005, 08:09:35 PM »
Ran Ad-Aware 1.05 (with updates) twice and here is the Hijack log.
(I think I'm getting into this!)

With gratitude...

Logfile of HijackThis v1.99.1
Scan saved at 오전 1:07:21, on 2005-02-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\WINDOWS\System32\winaa7088\Xeef.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ViRobotXP\Vrres.exe
C:\WINDOWS\wwirof.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\conime.exe
C:\DOCUME~1\민병은\LOCALS~1\Temp\K1b0dQ.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\hjt\HijackThis.exe

R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 25
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main
O4 - HKLM\..\Run: [Configuration Loadings] iSVCHOST.exe
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
O4 - HKLM\..\Run: [Xeef] C:\WINDOWS\System32\winaa7088\Xeef.exe ticket s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKLM\..\Run: [QDp9m] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [???4??] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [{P?/??늯틶nIW?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [-
] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [-
?G6x冷???n㎕C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [;?W껙+7?냰?ホ퍬:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [oi?,`??뻠,jq^X<?:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Configuration Loadings] iSVCHOST.exe
O4 - HKLM\..\RunServices: [65vrgfghfd] bbbbbbbbb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: 비슷한 페이지 - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: 이전 링크 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: 페이지의 저장된 스냅샷 - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java 콘솔 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {2882C368-D508-11D4-A2AB-000102598CE4} (LProtect Control) - http://www.livecall.co.kr/pds/module/livecall.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - http://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://speed.kornet.net/sw5/qtest/cab/KTSpeedNewCtrl.cab
O16 - DPF: {662B4974-EE36-426D-BD11-E75122E6BE18} (EasyPlugX Control) - http://info.anycert.com/c.wtz?i=96
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://www.samsungcard.co.kr/XecureDemo/Xe...w50_install.cab
O16 - DPF: {93F83364-58E3-43C6-BE34-DE1252B26307} (Cruzbill Control) - http://211.189.120.205/sbill/cruzbill.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9699ACAA-934A-4156-A73E-76D004A55B8E} (InlivePlayer Control) - http://edu.pricequiz.com/include/ShortCut.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://ahnlabdownload.nefficient.co.kr/plu...yfirewall20.cab
O16 - DPF: {A2134278-B404-4B78-B751-8FB923B31935} (WiseLoader Control) - http://contents.wisebook.com/video/wiseboo.../WiseLoader.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/samsungcard/npx.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/samsungcard/npkcx.cab
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://ib.kfb.co.kr/ko_KR_new/initech/plug...NISafeWeb50.cab
O16 - DPF: {F684B4EA-0F0A-4AE3-9C7B-EEB60DA575F8} (MPICtl Class) - https://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPI.cab
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Configuration Loadings (india111) - Unknown owner - C:\WINDOWS\System32\iSVCHOST.exe" -service (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe

3
Tech Clinic / another istsvc.exe problem
« on: February 21, 2005, 07:45:06 PM »
Alright! We're in business. Finally managed to install Ad-Aware 1.05 (after uninstalling previous version). It's set up and updated.

What next?

4
Tech Clinic / another istsvc.exe problem
« on: February 21, 2005, 07:09:46 PM »
Thanks. I'm giving it another try but once again it's stuck on 10 minutes 50 sec. I'll leave it for an hour or two I guess.
Will it get rid of the ISTsvc for sure?

I managed to get rid of it with Ad-Aware 1.03, but it keeps reinstallig itself after about 15 minutes. It's starting to drive me nuts.

Always grateful,

aeria1

5
Tech Clinic / another istsvc.exe problem
« on: February 21, 2005, 06:56:07 PM »
Hi,

I hope I selected the right part of the page.

Many thanks for the effort.

By the way, it's official. I can't seem to download Ad-Aware 1.05 no matter how long I wait.  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />

Service load:  0%        100%  
 
File:  Xeef.exe  
Status:  OK  
Packers detected:  None
   
AntiVir  No viruses found (0.86 seconds taken)
Avast  No viruses found (3.01 seconds taken)
AVG Antivirus  No viruses found (0.77 seconds taken)
BitDefender  No viruses found (0.89 seconds taken)
ClamAV  No viruses found (1.12 seconds taken)
Dr.Web  No viruses found (1.60 seconds taken)
F-Prot Antivirus  No viruses found (0.15 seconds taken)
Fortinet  No viruses found (0.81 seconds taken)
Kaspersky Anti-Virus  No viruses found (1.94 seconds taken)
mks_vir  No viruses found (0.55 seconds taken)
NOD32  No viruses found (0.90 seconds taken)
Norman Virus Control  No viruses found (1.61 seconds taken)

6
Tech Clinic / another istsvc.exe problem
« on: February 21, 2005, 05:53:13 PM »
Hi Guestolo,

Thanks ever so much for your help. I'm a lot more confident that I'll get through this without cleaning out my hard-drive since you replied, but I have trouble removing istsvc.exe from my CONTROL PANEL -ADD/REMOVE PROGRAMS.
Whenever I click on REMOVE, the window stops and I can't shut it down unless I restart the notebook.

I've managed to remove New.net and P2P Networking, but here is my Hijack Log.

Thanks again for you help.

p.s. I've been download Ad-Aware Personal SE 1.05 for the last half hour. It's stuck on 10 minutes and 50 seconds remaining. Does that happen?

Logfile of HijackThis v1.99.1
Scan saved at 오후 10:46:41, on 2005-02-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\WINDOWS\System32\winaa7088\Xeef.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ViRobotXP\Vrres.exe
C:\WINDOWS\wwirof.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 25
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main
O4 - HKLM\..\Run: [Configuration Loadings] iSVCHOST.exe
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
O4 - HKLM\..\Run: [Xeef] C:\WINDOWS\System32\winaa7088\Xeef.exe ticket s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKLM\..\Run: [QDp9m] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [???4??] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [{P?/??늯틶nIW?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [-
] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [-
?G6x冷???n㎕C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [;?W껙+7?냰?ホ퍬:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [oi?,`??뻠,jq^X<?:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Configuration Loadings] iSVCHOST.exe
O4 - HKLM\..\RunServices: [65vrgfghfd] bbbbbbbbb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Send to Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: 이전 링크 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Saved Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {2882C368-D508-11D4-A2AB-000102598CE4} (LProtect Control) - http://www.livecall.co.kr/pds/module/livecall.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - http://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://speed.kornet.net/sw5/qtest/cab/KTSpeedNewCtrl.cab
O16 - DPF: {662B4974-EE36-426D-BD11-E75122E6BE18} (EasyPlugX Control) - http://info.anycert.com/c.wtz?i=96
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://www.samsungcard.co.kr/XecureDemo/Xe...w50_install.cab
O16 - DPF: {93F83364-58E3-43C6-BE34-DE1252B26307} (Cruzbill Control) - http://211.189.120.205/sbill/cruzbill.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9699ACAA-934A-4156-A73E-76D004A55B8E} (InlivePlayer Control) - http://edu.pricequiz.com/include/ShortCut.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://ahnlabdownload.nefficient.co.kr/plu...yfirewall20.cab
O16 - DPF: {A2134278-B404-4B78-B751-8FB923B31935} (WiseLoader Control) - http://contents.wisebook.com/video/wiseboo.../WiseLoader.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/samsungcard/npx.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/samsungcard/npkcx.cab
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://ib.kfb.co.kr/ko_KR_new/initech/plug...NISafeWeb50.cab
O16 - DPF: {F684B4EA-0F0A-4AE3-9C7B-EEB60DA575F8} (MPICtl Class) - https://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPI.cab
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Configuration Loadings (india111) - Unknown owner - C:\WINDOWS\System32\iSVCHOST.exe" -service (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe

7
Tech Clinic / another istsvc.exe problem
« on: February 20, 2005, 01:52:44 PM »
Hi,

I was searching the web for istsvc.exe solutions and the best I could find was on this site.

I've seen some of the postings and followed part of it by copying the scan log.
I hope the solution hasn't changed. Can you please help me?

Many thanks

Logfile of HijackThis v1.99.1
Scan saved at 오후 6:38:27, on 2005-02-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\System32\winaa7088\Xeef.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ViRobotXP\Vrres.exe
C:\WINDOWS\wwirof.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_10.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 25
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main
O4 - HKLM\..\Run: [Configuration Loadings] iSVCHOST.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
O4 - HKLM\..\Run: [Xeef] C:\WINDOWS\System32\winaa7088\Xeef.exe ticket s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKLM\..\Run: [QDp9m] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [???4??] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [{P?/??늯틶nIW?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [-
] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [-
?G6x冷???n㎕C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [;?W껙+7?냰?ホ퍬:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [oi?,`??뻠,jq^X<?:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Configuration Loadings] iSVCHOST.exe
O4 - HKLM\..\RunServices: [65vrgfghfd] bbbbbbbbb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: 비슷한 페이지 - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: 이전 링크 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: 페이지의 저장된 스냅샷 - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java 콘솔 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2882C368-D508-11D4-A2AB-000102598CE4} (LProtect Control) - http://www.livecall.co.kr/pds/module/livecall.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - http://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://speed.kornet.net/sw5/qtest/cab/KTSpeedNewCtrl.cab
O16 - DPF: {662B4974-EE36-426D-BD11-E75122E6BE18} (EasyPlugX Control) - http://info.anycert.com/c.wtz?i=96
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://www.samsungcard.co.kr/XecureDemo/Xe...w50_install.cab
O16 - DPF: {93F83364-58E3-43C6-BE34-DE1252B26307} (Cruzbill Control) - http://211.189.120.205/sbill/cruzbill.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9699ACAA-934A-4156-A73E-76D004A55B8E} (InlivePlayer Control) - http://edu.pricequiz.com/include/ShortCut.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://ahnlabdownload.nefficient.co.kr/plu...yfirewall20.cab
O16 - DPF: {A2134278-B404-4B78-B751-8FB923B31935} (WiseLoader Control) - http://contents.wisebook.com/video/wiseboo.../WiseLoader.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/samsungcard/npx.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/samsungcard/npkcx.cab
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://ib.kfb.co.kr/ko_KR_new/initech/plug...NISafeWeb50.cab
O16 - DPF: {F684B4EA-0F0A-4AE3-9C7B-EEB60DA575F8} (MPICtl Class) - https://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPI.cab
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Configuration Loadings (india111) - Unknown owner - C:\WINDOWS\System32\iSVCHOST.exe" -service (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe

Pages: [1]