IBIS Toolbar Removal[inactive]
Hi guys,
Please help. I've already used Ad-Awarer and Spybot as recommended but still IBIS keeps on coming back. Below is the log of Hijackthis. this is on an NEC laptop with WinXp Japanese.
Thanks in advance...
Logfile of HijackThis v1.97.7
Scan saved at 10:43:38, on 2004/10/21
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CNAC1RPK.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\vsnphv71.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ccfgnt59.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\PE32.exe
C:\WINDOWS\system32\nt32.exe
C:\WINDOWS\system32\hhorSPPESP.exe
C:\WINDOWS\system32\s-sy.exe
C:\WINDOWS\system32\orntntPEnt.exe
C:\WINDOWS\system32\SPs-SPor.exe
C:\WINDOWS\system32\SPntPE.exe
C:\WINDOWS\system32\hh64.exe
C:\WINDOWS\system32\orSPsy.exe
C:\WINDOWS\PESPor3264.exe
C:\WINDOWS\system32\PEs-synts-.exe
C:\WINDOWS\hhsyhh64PE.exe
C:\WINDOWS\32PEsy.exe
C:\WINDOWS\system32\orhhSP.exe
C:\WINDOWS\system32\orsy.exe
C:\WINDOWS\hhsymsPE.exe
C:\WINDOWS\syms.exe
C:\WINDOWS\ntSPnt32.exe
C:\WINDOWS\system32\32hhhh.exe
C:\WINDOWS\system32\syor3232.exe
C:\WINDOWS\system32\nt64hh.exe
C:\WINDOWS\system32\orPEs-64.exe
C:\WINDOWS\PEsy64SPSP.exe
C:\WINDOWS\system32\mssy64.exe
C:\WINDOWS\or64sysy32.exe
C:\WINDOWS\system32\hhSPmss-32.exe
C:\WINDOWS\system32\syms64.exe
C:\WINDOWS\32ms.exe
C:\WINDOWS\sys-msPE.exe
C:\WINDOWS\system32\or32nts-.exe
C:\WINDOWS\system32\nthh64.exe
C:\WINDOWS\3264SPsyhh.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOWS\System32\powvoica.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
D:\HijackThis.exe
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
F0 - syst>m.ini: Shell=
F0 - R >ystem.ini: Shel>=
F0 - R >ystem.ini: UserInit=
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\System32\stlb2.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - C:\WINDOWS\DOWNLO~1\instafin.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\System32\stlb2.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SNPHV71] C:\WINDOWS\vsnphv71.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE CMS-V11
O4 - HKLM\..\Run: [CPTXjjy5] c:\documents and settings\okazaki\local settings\temp\CPTXjjy5.exe
O4 - HKLM\..\Run: [fyzw] c:\documents and settings\okazaki\local settings\temp\fyzw.exe
O4 - HKLM\..\Run: [ecLt] c:\documents and settings\okazaki\local settings\temp\ecLt.exe
O4 - HKLM\..\Run: [b6n] c:\documents and settings\okazaki\local settings\temp\b6n.exe
O4 - HKLM\..\Run: [aJA] c:\documents and settings\okazaki\local settings\temp\aJA.exe
O4 - HKLM\..\Run: [wE7Ct1W] c:\documents and settings\okazaki\local settings\temp\wE7Ct1W.exe
O4 - HKLM\..\Run: [vhjzPj] c:\documents and settings\okazaki\local settings\temp\vhjzPj.exe
O4 - HKLM\..\Run: [OsfPjHjGv] c:\documents and settings\okazaki\local settings\temp\OsfPjHjGv.exe
O4 - HKLM\..\Run: [80Z] c:\documents and settings\okazaki\local settings\temp\80Z.exe
O4 - HKLM\..\Run: [uUwvbB] c:\documents and settings\okazaki\local settings\temp\uUwvbB.exe
O4 - HKLM\..\Run: [tyIsxS] c:\documents and settings\okazaki\local settings\temp\tyIsxS.exe
O4 - HKLM\..\Run: [7Db] c:\documents and settings\okazaki\local settings\temp\7Db.exe
O4 - HKLM\..\Run: [LmREnywdO] c:\documents and settings\okazaki\local settings\temp\LmREnywdO.exe
O4 - HKLM\..\Run: [rP8lgs] c:\documents and settings\okazaki\local settings\temp\rP8lgs.exe
O4 - HKLM\..\Run: [o] C:\documents and settings\okazaki\local settings\temp\o.exe
O4 - HKLM\..\Run: [Ipih] C:\documents and settings\okazaki\local settings\temp\Ipih.exe
O4 - HKLM\..\Run: [4jPE7is] C:\documents and settings\okazaki\local settings\temp\4jPE7is.exe
O4 - HKLM\..\Run: [2AexQRV] C:\documents and settings\okazaki\local settings\temp\2AexQRV.exe
O4 - HKLM\..\Run: [3X2Btzc] C:\documents and settings\okazaki\local settings\temp\3X2Btzc.exe
O4 - HKLM\..\Run: [I2ve] C:\documents and settings\okazaki\local settings\temp\I2ve.exe
O4 - HKLM\..\Run: [GjU] C:\documents and settings\okazaki\local settings\temp\GjU.exe
O4 - HKLM\..\Run: [0REqyqo] C:\documents and settings\okazaki\local settings\temp\0REqyqo.exe
O4 - HKLM\..\Run: [ZuQnVI] C:\documents and settings\okazaki\local settings\temp\ZuQnVI.exe
O4 - HKLM\..\Run: [iFMDo5LMa] C:\documents and settings\okazaki\local settings\temp\iFMDo5LMa.exe
O4 - HKLM\..\Run: [Ddw] C:\documents and settings\okazaki\local settings\temp\Ddw.exe
O4 - HKLM\..\Run: [hjZzLnviC] C:\documents and settings\okazaki\local settings\temp\hjZzLnviC.exe
O4 - HKLM\..\Run: [XLfgDh] C:\documents and settings\okazaki\local settings\temp\XLfgDh.exe
O4 - HKLM\..\Run: [CR] C:\documents and settings\okazaki\local settings\temp\CR.exe
O4 - HKLM\..\Run: [V2F9mR] C:\documents and settings\okazaki\local settings\temp\V2F9mR.exe
O4 - HKLM\..\Run: [Bu] C:\documents and settings\okazaki\local settings\temp\Bu.exe
O4 - HKLM\..\Run: [jAldVh] C:\documents and settings\okazaki\local settings\temp\jAldVh.exe
O4 - HKLM\..\Run: [guX20] C:\documents and settings\okazaki\local settings\temp\guX20.exe
O4 - HKLM\..\Run: [A2Gm7eZZ] C:\documents and settings\okazaki\local settings\temp\A2Gm7eZZ.exe
O4 - HKLM\..\Run: [UA] C:\documents and settings\okazaki\local settings\temp\UA.exe
O4 - HKLM\..\Run: [yj5fQNs0] C:\documents and settings\okazaki\local settings\temp\yj5fQNs0.exe
O4 - HKLM\..\Run: c:\documents and settings\okazaki\local settings\temp\S.exe
O4 - HKLM\..\Run: [dpyS5] C:\documents and settings\okazaki\local settings\temp\dpyS5.exe
O4 - HKLM\..\Run: [xWibc5bw] C:\documents and settings\okazaki\local settings\temp\xWibc5bw.exe
O4 - HKLM\..\Run: [R] C:\documents and settings\okazaki\local settings\temp\R.exe
O4 - HKLM\..\Run: [tu6YDe7] C:\documents and settings\okazaki\local settings\temp\tu6YDe7.exe
O4 - HKLM\..\Run: [9WnE] C:\documents and settings\okazaki\local settings\temp\9WnE.exe
O4 - HKLM\..\Run: [8AzB] C:\documents and settings\okazaki\local settings\temp\8AzB.exe
O4 - HKLM\..\Run: [o5Rg] c:\documents and settings\okazaki\local settings\temp\o5Rg.exe
O4 - HKLM\..\Run: [IDBAqPh2] c:\documents and settings\okazaki\local settings\temp\IDBAqPh2.exe
O4 - HKLM\..\Run: [nJ4d] c:\documents and settings\okazaki\local settings\temp\nJ4d.exe
O4 - HKLM\..\Run: [GU0t8pK] c:\documents and settings\okazaki\local settings\temp\GU0t8pK.exe
O4 - HKLM\..\Run: [0] c:\documents and settings\okazaki\local settings\temp\0.exe
O4 - HKLM\..\Run: [l0t6] c:\documents and settings\okazaki\local settings\temp\l0t6.exe
O4 - HKLM\..\Run: [B51cWP] c:\documents and settings\okazaki\local settings\temp\B51cWP.exe
O4 - HKLM\..\Run: [AId8i7] c:\documents and settings\okazaki\local settings\temp\AId8i7.exe
O4 - HKLM\..\Run: [er] c:\documents and settings\okazaki\local settings\temp\er.exe
O4 - HKLM\..\Run: [yZC11G] c:\documents and settings\okazaki\local settings\temp\yZC11G.exe
O4 - HKLM\..\Run: [wg2UJ] c:\documents and settings\okazaki\local settings\temp\wg2UJ.exe
O4 - HKLM\..\Run: [bm] c:\documents and settings\okazaki\local settings\temp\bm.exe
O4 - HKLM\..\Run: [JVXdAJ] C:\documents and settings\okazaki\local settings\temp\JVXdAJ.exe
O4 - HKLM\..\Run: [36Tt47jHe] c:\documents and settings\okazaki\local settings\temp\36Tt47jHe.exe
O4 - HKLM\..\Run: [Hbm6jj] c:\documents and settings\okazaki\local settings\temp\Hbm6jj.exe
O4 - HKLM\..\Run: [2J5qqp2dF] c:\documents and settings\okazaki\local settings\temp\2J5qqp2dF.exe
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [s4IHu11HG] c:\documents and settings\okazaki\local settings\temp\s4IHu11HG.exe
O4 - HKLM\..\Run: [trwK7Jhbf] c:\documents and settings\okazaki\local settings\temp\trwK7Jhbf.exe
O4 - HKLM\..\Run: [OY] c:\documents and settings\okazaki\local settings\temp\OY.exe
O4 - HKLM\..\Run: [d9] c:\documents and settings\okazaki\local settings\temp\d9.exe
O4 - HKLM\..\Run: [RfZ00XF37] c:\documents and settings\okazaki\local settings\temp\RfZ00XF37.exe
O4 - HKLM\..\Run: [xHgGS] c:\documents and settings\okazaki\local settings\temp\xHgGS.exe
O4 - HKLM\..\Run: [0f80ec90c8ca] C:\WINDOWS\System32\ccfgnt59.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [xgFE5qx] c:\documents and settings\okazaki\local settings\temp\xgFE5qx.exe
O4 - HKLM\..\Run: [cm8h] c:\documents and settings\okazaki\local settings\temp\cm8h.exe
O4 - HKLM\..\Run: [VIlQjW] c:\documents and settings\okazaki\local settings\temp\VIlQjW.exe
O4 - HKLM\..\Run: [Wz9K] C:\documents and settings\okazaki\local settings\temp\Wz9K.exe
O4 - HKLM\..\Run: [huG7AKE] C:\documents and settings\okazaki\local settings\temp\huG7AKE.exe
O4 - HKLM\..\Run: C:\documents and settings\okazaki\local settings\temp\B.exe
O4 - HKLM\..\Run: [VdmH] C:\documents and settings\okazaki\local settings\temp\VdmH.exe
O4 - HKLM\..\Run: [UQzD] C:\documents and settings\okazaki\local settings\temp\UQzD.exe
O4 - HKLM\..\Run: [Qon] C:\documents and settings\okazaki\local settings\temp\Qon.exe
O4 - HKLM\..\Run: [cFHQna] C:\documents and settings\okazaki\local settings\temp\cFHQna.exe
O4 - HKLM\..\Run: [utQ3dPGjw] C:\documents and settings\okazaki\local settings\temp\utQ3dPGjw.exe
O4 - HKLM\..\Run: [S7Y] C:\documents and settings\okazaki\local settings\temp\S7Y.exe
O4 - HKLM\..\Run: [q1EPFYCmh] C:\documents and settings\okazaki\local settings\temp\q1EPFYCmh.exe
O4 - HKLM\..\Run: [0i8b] C:\documents and settings\okazaki\local settings\temp\0i8b.exe
O4 - HKLM\..\Run: [MV] C:\documents and settings\okazaki\local settings\temp\MV.exe
O4 - HKLM\..\Run: [G] C:\documents and settings\okazaki\local settings\temp\G.exe
O4 - HKLM\..\Run: [Ni] C:\documents and settings\okazaki\local settings\temp\Ni.exe
O4 - HKLM\..\Run: [lcFysoh] C:\documents and settings\okazaki\local settings\temp\lcFysoh.exe
O4 - HKLM\..\Run: [7QIzb] C:\documents and settings\okazaki\local settings\temp\7QIzb.exe
O4 - HKLM\..\Run: [kPSuOG0] C:\documents and settings\okazaki\local settings\temp\kPSuOG0.exe
O4 - HKLM\..\Run: [byHZ3] C:\documents and settings\okazaki\local settings\temp\byHZ3.exe
O4 - HKLM\..\Run: [w6rjalvxE] C:\documents and settings\okazaki\local settings\temp\w6rjalvxE.exe
O4 - HKLM\..\Run: [rc0B] C:\documents and settings\okazaki\local settings\temp\rc0B.exe
O4 - HKLM\..\Run: [MJKUC3c] C:\documents and settings\okazaki\local settings\temp\MJKUC3c.exe
O4 - HKLM\..\Run: [LnXRYkV] C:\documents and settings\okazaki\local settings\temp\LnXRYkV.exe
O4 - HKLM\..\Run: [6] C:\documents and settings\okazaki\local settings\temp\6.exe
O4 - HKLM\..\Run: [qPdx] C:\documents and settings\okazaki\local settings\temp\qPdx.exe
O4 - HKLM\..\Run: [psqu] C:\documents and settings\okazaki\local settings\temp\psqu.exe
O4 - HKLM\..\Run: [K09OkCF] C:\documents and settings\okazaki\local settings\temp\K09OkCF.exe
O4 - HKLM\..\Run: [qnTdeZs2] C:\documents and settings\okazaki\local settings\temp\qnTdeZs2.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PE32] C:\WINDOWS\system32\PE32.exe
O4 - HKCU\..\Run: [nt32] C:\WINDOWS\system32\nt32.exe
O4 - HKCU\..\Run: [hhorSPPESP] C:\WINDOWS\system32\hhorSPPESP.exe
O4 - HKCU\..\Run: [s-sy] C:\WINDOWS\system32\s-sy.exe
O4 - HKCU\..\Run: [orntntPEnt] C:\WINDOWS\system32\orntntPEnt.exe
O4 - HKCU\..\Run: [SPs-SPor] C:\WINDOWS\system32\SPs-SPor.exe
O4 - HKCU\..\Run: [SPntPE] C:\WINDOWS\system32\SPntPE.exe
O4 - HKCU\..\Run: [hh64] C:\WINDOWS\system32\hh64.exe
O4 - HKCU\..\Run: [orSPsy] C:\WINDOWS\system32\orSPsy.exe
O4 - HKCU\..\Run: [PESPor3264] C:\WINDOWS\PESPor3264.exe
O4 - HKCU\..\Run: [PEs-synts-] C:\WINDOWS\system32\PEs-synts-.exe
O4 - HKCU\..\Run: [hhsyhh64PE] C:\WINDOWS\hhsyhh64PE.exe
O4 - HKCU\..\Run: [32PEsy] C:\WINDOWS\32PEsy.exe
O4 - HKCU\..\Run: [orhhSP] C:\WINDOWS\system32\orhhSP.exe
O4 - HKCU\..\Run: [orsy] C:\WINDOWS\system32\orsy.exe
O4 - HKCU\..\Run: [hhsymsPE] C:\WINDOWS\hhsymsPE.exe
O4 - HKCU\..\Run: [syms] C:\WINDOWS\syms.exe
O4 - HKCU\..\Run: [ntSPnt32] C:\WINDOWS\ntSPnt32.exe
O4 - HKCU\..\Run: [32hhhh] C:\WINDOWS\system32\32hhhh.exe
O4 - HKCU\..\Run: [syor3232] C:\WINDOWS\system32\syor3232.exe
O4 - HKCU\..\Run: [nt64hh] C:\WINDOWS\system32\nt64hh.exe
O4 - HKCU\..\Run: [orPEs-64] C:\WINDOWS\system32\orPEs-64.exe
O4 - HKCU\..\Run: [PEsy64SPSP] C:\WINDOWS\PEsy64SPSP.exe
O4 - HKCU\..\Run: [mssy64] C:\WINDOWS\system32\mssy64.exe
O4 - HKCU\..\Run: [or64sysy32] C:\WINDOWS\or64sysy32.exe
O4 - HKCU\..\Run: [hhSPmss-32] C:\WINDOWS\system32\hhSPmss-32.exe
O4 - HKCU\..\Run: [syms64] C:\WINDOWS\system32\syms64.exe
O4 - HKCU\..\Run: [32ms] C:\WINDOWS\32ms.exe
O4 - HKCU\..\Run: [sys-msPE] C:\WINDOWS\sys-msPE.exe
O4 - HKCU\..\Run: [or32nts-] C:\WINDOWS\system32\or32nts-.exe
O4 - HKCU\..\Run: [nthh64] C:\WINDOWS\system32\nthh64.exe
O4 - HKCU\..\Run: [3264SPsyhh] C:\WINDOWS\3264SPsyhh.exe
O4 - HKCU\..\Run: [cwx7RgZ9R] powvoica.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - Startup: memtest32.sys
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: v2cab - http://18130.searchmiracle.com/cab/v2cab.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=dbf3472ebe52c322f709187adb80b40d48bffc78c796bad16c7c82d5a9c77210514bb820cefbf3ddf3bb414b740a1f16814ff152:4f7cc82533abb5d1b5cf6fb3c089a566
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://cam160125.miemasu.net/kxhcm10.ocx
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/sg/games3.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.pattayalivecam.com/AxisCamControl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38114.8882175926
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{846A0295-17BD-4CC0-964C-17416DF6A8BB}: NameServer = 203.116.1.78,203.116.1.94
Please help. I've already used Ad-Awarer and Spybot as recommended but still IBIS keeps on coming back. Below is the log of Hijackthis. this is on an NEC laptop with WinXp Japanese.
Thanks in advance...
Logfile of HijackThis v1.97.7
Scan saved at 10:43:38, on 2004/10/21
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CNAC1RPK.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\vsnphv71.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ccfgnt59.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\PE32.exe
C:\WINDOWS\system32\nt32.exe
C:\WINDOWS\system32\hhorSPPESP.exe
C:\WINDOWS\system32\s-sy.exe
C:\WINDOWS\system32\orntntPEnt.exe
C:\WINDOWS\system32\SPs-SPor.exe
C:\WINDOWS\system32\SPntPE.exe
C:\WINDOWS\system32\hh64.exe
C:\WINDOWS\system32\orSPsy.exe
C:\WINDOWS\PESPor3264.exe
C:\WINDOWS\system32\PEs-synts-.exe
C:\WINDOWS\hhsyhh64PE.exe
C:\WINDOWS\32PEsy.exe
C:\WINDOWS\system32\orhhSP.exe
C:\WINDOWS\system32\orsy.exe
C:\WINDOWS\hhsymsPE.exe
C:\WINDOWS\syms.exe
C:\WINDOWS\ntSPnt32.exe
C:\WINDOWS\system32\32hhhh.exe
C:\WINDOWS\system32\syor3232.exe
C:\WINDOWS\system32\nt64hh.exe
C:\WINDOWS\system32\orPEs-64.exe
C:\WINDOWS\PEsy64SPSP.exe
C:\WINDOWS\system32\mssy64.exe
C:\WINDOWS\or64sysy32.exe
C:\WINDOWS\system32\hhSPmss-32.exe
C:\WINDOWS\system32\syms64.exe
C:\WINDOWS\32ms.exe
C:\WINDOWS\sys-msPE.exe
C:\WINDOWS\system32\or32nts-.exe
C:\WINDOWS\system32\nthh64.exe
C:\WINDOWS\3264SPsyhh.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOWS\System32\powvoica.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
D:\HijackThis.exe
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
F0 - syst>m.ini: Shell=
F0 - R >ystem.ini: Shel>=
F0 - R >ystem.ini: UserInit=
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\System32\stlb2.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - C:\WINDOWS\DOWNLO~1\instafin.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\System32\stlb2.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SNPHV71] C:\WINDOWS\vsnphv71.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE CMS-V11
O4 - HKLM\..\Run: [CPTXjjy5] c:\documents and settings\okazaki\local settings\temp\CPTXjjy5.exe
O4 - HKLM\..\Run: [fyzw] c:\documents and settings\okazaki\local settings\temp\fyzw.exe
O4 - HKLM\..\Run: [ecLt] c:\documents and settings\okazaki\local settings\temp\ecLt.exe
O4 - HKLM\..\Run: [b6n] c:\documents and settings\okazaki\local settings\temp\b6n.exe
O4 - HKLM\..\Run: [aJA] c:\documents and settings\okazaki\local settings\temp\aJA.exe
O4 - HKLM\..\Run: [wE7Ct1W] c:\documents and settings\okazaki\local settings\temp\wE7Ct1W.exe
O4 - HKLM\..\Run: [vhjzPj] c:\documents and settings\okazaki\local settings\temp\vhjzPj.exe
O4 - HKLM\..\Run: [OsfPjHjGv] c:\documents and settings\okazaki\local settings\temp\OsfPjHjGv.exe
O4 - HKLM\..\Run: [80Z] c:\documents and settings\okazaki\local settings\temp\80Z.exe
O4 - HKLM\..\Run: [uUwvbB] c:\documents and settings\okazaki\local settings\temp\uUwvbB.exe
O4 - HKLM\..\Run: [tyIsxS] c:\documents and settings\okazaki\local settings\temp\tyIsxS.exe
O4 - HKLM\..\Run: [7Db] c:\documents and settings\okazaki\local settings\temp\7Db.exe
O4 - HKLM\..\Run: [LmREnywdO] c:\documents and settings\okazaki\local settings\temp\LmREnywdO.exe
O4 - HKLM\..\Run: [rP8lgs] c:\documents and settings\okazaki\local settings\temp\rP8lgs.exe
O4 - HKLM\..\Run: [o] C:\documents and settings\okazaki\local settings\temp\o.exe
O4 - HKLM\..\Run: [Ipih] C:\documents and settings\okazaki\local settings\temp\Ipih.exe
O4 - HKLM\..\Run: [4jPE7is] C:\documents and settings\okazaki\local settings\temp\4jPE7is.exe
O4 - HKLM\..\Run: [2AexQRV] C:\documents and settings\okazaki\local settings\temp\2AexQRV.exe
O4 - HKLM\..\Run: [3X2Btzc] C:\documents and settings\okazaki\local settings\temp\3X2Btzc.exe
O4 - HKLM\..\Run: [I2ve] C:\documents and settings\okazaki\local settings\temp\I2ve.exe
O4 - HKLM\..\Run: [GjU] C:\documents and settings\okazaki\local settings\temp\GjU.exe
O4 - HKLM\..\Run: [0REqyqo] C:\documents and settings\okazaki\local settings\temp\0REqyqo.exe
O4 - HKLM\..\Run: [ZuQnVI] C:\documents and settings\okazaki\local settings\temp\ZuQnVI.exe
O4 - HKLM\..\Run: [iFMDo5LMa] C:\documents and settings\okazaki\local settings\temp\iFMDo5LMa.exe
O4 - HKLM\..\Run: [Ddw] C:\documents and settings\okazaki\local settings\temp\Ddw.exe
O4 - HKLM\..\Run: [hjZzLnviC] C:\documents and settings\okazaki\local settings\temp\hjZzLnviC.exe
O4 - HKLM\..\Run: [XLfgDh] C:\documents and settings\okazaki\local settings\temp\XLfgDh.exe
O4 - HKLM\..\Run: [CR] C:\documents and settings\okazaki\local settings\temp\CR.exe
O4 - HKLM\..\Run: [V2F9mR] C:\documents and settings\okazaki\local settings\temp\V2F9mR.exe
O4 - HKLM\..\Run: [Bu] C:\documents and settings\okazaki\local settings\temp\Bu.exe
O4 - HKLM\..\Run: [jAldVh] C:\documents and settings\okazaki\local settings\temp\jAldVh.exe
O4 - HKLM\..\Run: [guX20] C:\documents and settings\okazaki\local settings\temp\guX20.exe
O4 - HKLM\..\Run: [A2Gm7eZZ] C:\documents and settings\okazaki\local settings\temp\A2Gm7eZZ.exe
O4 - HKLM\..\Run: [UA] C:\documents and settings\okazaki\local settings\temp\UA.exe
O4 - HKLM\..\Run: [yj5fQNs0] C:\documents and settings\okazaki\local settings\temp\yj5fQNs0.exe
O4 - HKLM\..\Run: c:\documents and settings\okazaki\local settings\temp\S.exe
O4 - HKLM\..\Run: [dpyS5] C:\documents and settings\okazaki\local settings\temp\dpyS5.exe
O4 - HKLM\..\Run: [xWibc5bw] C:\documents and settings\okazaki\local settings\temp\xWibc5bw.exe
O4 - HKLM\..\Run: [R] C:\documents and settings\okazaki\local settings\temp\R.exe
O4 - HKLM\..\Run: [tu6YDe7] C:\documents and settings\okazaki\local settings\temp\tu6YDe7.exe
O4 - HKLM\..\Run: [9WnE] C:\documents and settings\okazaki\local settings\temp\9WnE.exe
O4 - HKLM\..\Run: [8AzB] C:\documents and settings\okazaki\local settings\temp\8AzB.exe
O4 - HKLM\..\Run: [o5Rg] c:\documents and settings\okazaki\local settings\temp\o5Rg.exe
O4 - HKLM\..\Run: [IDBAqPh2] c:\documents and settings\okazaki\local settings\temp\IDBAqPh2.exe
O4 - HKLM\..\Run: [nJ4d] c:\documents and settings\okazaki\local settings\temp\nJ4d.exe
O4 - HKLM\..\Run: [GU0t8pK] c:\documents and settings\okazaki\local settings\temp\GU0t8pK.exe
O4 - HKLM\..\Run: [0] c:\documents and settings\okazaki\local settings\temp\0.exe
O4 - HKLM\..\Run: [l0t6] c:\documents and settings\okazaki\local settings\temp\l0t6.exe
O4 - HKLM\..\Run: [B51cWP] c:\documents and settings\okazaki\local settings\temp\B51cWP.exe
O4 - HKLM\..\Run: [AId8i7] c:\documents and settings\okazaki\local settings\temp\AId8i7.exe
O4 - HKLM\..\Run: [er] c:\documents and settings\okazaki\local settings\temp\er.exe
O4 - HKLM\..\Run: [yZC11G] c:\documents and settings\okazaki\local settings\temp\yZC11G.exe
O4 - HKLM\..\Run: [wg2UJ] c:\documents and settings\okazaki\local settings\temp\wg2UJ.exe
O4 - HKLM\..\Run: [bm] c:\documents and settings\okazaki\local settings\temp\bm.exe
O4 - HKLM\..\Run: [JVXdAJ] C:\documents and settings\okazaki\local settings\temp\JVXdAJ.exe
O4 - HKLM\..\Run: [36Tt47jHe] c:\documents and settings\okazaki\local settings\temp\36Tt47jHe.exe
O4 - HKLM\..\Run: [Hbm6jj] c:\documents and settings\okazaki\local settings\temp\Hbm6jj.exe
O4 - HKLM\..\Run: [2J5qqp2dF] c:\documents and settings\okazaki\local settings\temp\2J5qqp2dF.exe
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [s4IHu11HG] c:\documents and settings\okazaki\local settings\temp\s4IHu11HG.exe
O4 - HKLM\..\Run: [trwK7Jhbf] c:\documents and settings\okazaki\local settings\temp\trwK7Jhbf.exe
O4 - HKLM\..\Run: [OY] c:\documents and settings\okazaki\local settings\temp\OY.exe
O4 - HKLM\..\Run: [d9] c:\documents and settings\okazaki\local settings\temp\d9.exe
O4 - HKLM\..\Run: [RfZ00XF37] c:\documents and settings\okazaki\local settings\temp\RfZ00XF37.exe
O4 - HKLM\..\Run: [xHgGS] c:\documents and settings\okazaki\local settings\temp\xHgGS.exe
O4 - HKLM\..\Run: [0f80ec90c8ca] C:\WINDOWS\System32\ccfgnt59.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [xgFE5qx] c:\documents and settings\okazaki\local settings\temp\xgFE5qx.exe
O4 - HKLM\..\Run: [cm8h] c:\documents and settings\okazaki\local settings\temp\cm8h.exe
O4 - HKLM\..\Run: [VIlQjW] c:\documents and settings\okazaki\local settings\temp\VIlQjW.exe
O4 - HKLM\..\Run: [Wz9K] C:\documents and settings\okazaki\local settings\temp\Wz9K.exe
O4 - HKLM\..\Run: [huG7AKE] C:\documents and settings\okazaki\local settings\temp\huG7AKE.exe
O4 - HKLM\..\Run: C:\documents and settings\okazaki\local settings\temp\B.exe
O4 - HKLM\..\Run: [VdmH] C:\documents and settings\okazaki\local settings\temp\VdmH.exe
O4 - HKLM\..\Run: [UQzD] C:\documents and settings\okazaki\local settings\temp\UQzD.exe
O4 - HKLM\..\Run: [Qon] C:\documents and settings\okazaki\local settings\temp\Qon.exe
O4 - HKLM\..\Run: [cFHQna] C:\documents and settings\okazaki\local settings\temp\cFHQna.exe
O4 - HKLM\..\Run: [utQ3dPGjw] C:\documents and settings\okazaki\local settings\temp\utQ3dPGjw.exe
O4 - HKLM\..\Run: [S7Y] C:\documents and settings\okazaki\local settings\temp\S7Y.exe
O4 - HKLM\..\Run: [q1EPFYCmh] C:\documents and settings\okazaki\local settings\temp\q1EPFYCmh.exe
O4 - HKLM\..\Run: [0i8b] C:\documents and settings\okazaki\local settings\temp\0i8b.exe
O4 - HKLM\..\Run: [MV] C:\documents and settings\okazaki\local settings\temp\MV.exe
O4 - HKLM\..\Run: [G] C:\documents and settings\okazaki\local settings\temp\G.exe
O4 - HKLM\..\Run: [Ni] C:\documents and settings\okazaki\local settings\temp\Ni.exe
O4 - HKLM\..\Run: [lcFysoh] C:\documents and settings\okazaki\local settings\temp\lcFysoh.exe
O4 - HKLM\..\Run: [7QIzb] C:\documents and settings\okazaki\local settings\temp\7QIzb.exe
O4 - HKLM\..\Run: [kPSuOG0] C:\documents and settings\okazaki\local settings\temp\kPSuOG0.exe
O4 - HKLM\..\Run: [byHZ3] C:\documents and settings\okazaki\local settings\temp\byHZ3.exe
O4 - HKLM\..\Run: [w6rjalvxE] C:\documents and settings\okazaki\local settings\temp\w6rjalvxE.exe
O4 - HKLM\..\Run: [rc0B] C:\documents and settings\okazaki\local settings\temp\rc0B.exe
O4 - HKLM\..\Run: [MJKUC3c] C:\documents and settings\okazaki\local settings\temp\MJKUC3c.exe
O4 - HKLM\..\Run: [LnXRYkV] C:\documents and settings\okazaki\local settings\temp\LnXRYkV.exe
O4 - HKLM\..\Run: [6] C:\documents and settings\okazaki\local settings\temp\6.exe
O4 - HKLM\..\Run: [qPdx] C:\documents and settings\okazaki\local settings\temp\qPdx.exe
O4 - HKLM\..\Run: [psqu] C:\documents and settings\okazaki\local settings\temp\psqu.exe
O4 - HKLM\..\Run: [K09OkCF] C:\documents and settings\okazaki\local settings\temp\K09OkCF.exe
O4 - HKLM\..\Run: [qnTdeZs2] C:\documents and settings\okazaki\local settings\temp\qnTdeZs2.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PE32] C:\WINDOWS\system32\PE32.exe
O4 - HKCU\..\Run: [nt32] C:\WINDOWS\system32\nt32.exe
O4 - HKCU\..\Run: [hhorSPPESP] C:\WINDOWS\system32\hhorSPPESP.exe
O4 - HKCU\..\Run: [s-sy] C:\WINDOWS\system32\s-sy.exe
O4 - HKCU\..\Run: [orntntPEnt] C:\WINDOWS\system32\orntntPEnt.exe
O4 - HKCU\..\Run: [SPs-SPor] C:\WINDOWS\system32\SPs-SPor.exe
O4 - HKCU\..\Run: [SPntPE] C:\WINDOWS\system32\SPntPE.exe
O4 - HKCU\..\Run: [hh64] C:\WINDOWS\system32\hh64.exe
O4 - HKCU\..\Run: [orSPsy] C:\WINDOWS\system32\orSPsy.exe
O4 - HKCU\..\Run: [PESPor3264] C:\WINDOWS\PESPor3264.exe
O4 - HKCU\..\Run: [PEs-synts-] C:\WINDOWS\system32\PEs-synts-.exe
O4 - HKCU\..\Run: [hhsyhh64PE] C:\WINDOWS\hhsyhh64PE.exe
O4 - HKCU\..\Run: [32PEsy] C:\WINDOWS\32PEsy.exe
O4 - HKCU\..\Run: [orhhSP] C:\WINDOWS\system32\orhhSP.exe
O4 - HKCU\..\Run: [orsy] C:\WINDOWS\system32\orsy.exe
O4 - HKCU\..\Run: [hhsymsPE] C:\WINDOWS\hhsymsPE.exe
O4 - HKCU\..\Run: [syms] C:\WINDOWS\syms.exe
O4 - HKCU\..\Run: [ntSPnt32] C:\WINDOWS\ntSPnt32.exe
O4 - HKCU\..\Run: [32hhhh] C:\WINDOWS\system32\32hhhh.exe
O4 - HKCU\..\Run: [syor3232] C:\WINDOWS\system32\syor3232.exe
O4 - HKCU\..\Run: [nt64hh] C:\WINDOWS\system32\nt64hh.exe
O4 - HKCU\..\Run: [orPEs-64] C:\WINDOWS\system32\orPEs-64.exe
O4 - HKCU\..\Run: [PEsy64SPSP] C:\WINDOWS\PEsy64SPSP.exe
O4 - HKCU\..\Run: [mssy64] C:\WINDOWS\system32\mssy64.exe
O4 - HKCU\..\Run: [or64sysy32] C:\WINDOWS\or64sysy32.exe
O4 - HKCU\..\Run: [hhSPmss-32] C:\WINDOWS\system32\hhSPmss-32.exe
O4 - HKCU\..\Run: [syms64] C:\WINDOWS\system32\syms64.exe
O4 - HKCU\..\Run: [32ms] C:\WINDOWS\32ms.exe
O4 - HKCU\..\Run: [sys-msPE] C:\WINDOWS\sys-msPE.exe
O4 - HKCU\..\Run: [or32nts-] C:\WINDOWS\system32\or32nts-.exe
O4 - HKCU\..\Run: [nthh64] C:\WINDOWS\system32\nthh64.exe
O4 - HKCU\..\Run: [3264SPsyhh] C:\WINDOWS\3264SPsyhh.exe
O4 - HKCU\..\Run: [cwx7RgZ9R] powvoica.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - Startup: memtest32.sys
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: v2cab - http://18130.searchmiracle.com/cab/v2cab.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=dbf3472ebe52c322f709187adb80b40d48bffc78c796bad16c7c82d5a9c77210514bb820cefbf3ddf3bb414b740a1f16814ff152:4f7cc82533abb5d1b5cf6fb3c089a566
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://cam160125.miemasu.net/kxhcm10.ocx
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/sg/games3.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.pattayalivecam.com/AxisCamControl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38114.8882175926
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{846A0295-17BD-4CC0-964C-17416DF6A8BB}: NameServer = 203.116.1.78,203.116.1.94
0
This discussion has been closed.
Comments
If you are still in need of assistance please download the newest version of hijackthis from here....
http://www.short-media.com/download.php?dc=69 just put it in the same folder as the current version your using and delete the older version. update all of your windows>>> and internet explorer. and any antiviral programs you may have so that you have the latest security patches, etc. and run the new version of hijackthis and post the new log here. If you no longer require assistance then please let us know that as well so that we may close the thread.
respectfully
wilodthing423