I feel kind of bad for signing up for this one post, but I've been having problems for a while and finally figured it was time to check stuff out.

My comp is festering with viruses. It appears there is one screwing with the registry or something because my windows explorer closes when I connect to the internet. System Restore has also stopped working, which as you can guess is quite a problem. I tried using the windows full service scan on their webpage, but my computer reboots when I get to a certain point. They've pointed me to a certain virus (Win32/Apropos.b AKA WinNT/Zufyx.a AKA Spyware.Apropos.C AKA Trojan.Win32.Crypt.t), but unfortunately I don't get net service in safe mode, so I can't run their scan service to get rid of the file. Any programs I use that scan the system make my computer reboot, in addition.

So I'm in a *bit* of a pinch. I'm going to be getting a laptop very soon so this isn't a huge deal, but I'd still like to salvage what I can. Any help is appreciated. (note: I cut out one chunk of files that are host files for a program on my computer)

Thanks!

Logfile of HijackThis v1.97.7
Scan saved at 6:24:18 PM, on 1/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{1FFE4F9D-A9F7-6756-734C-08B53B595C56} - (no file)
F0 - syst>m.ini: Shell=
F0 - R >ystem.ini: Shel>=
F0 - R >ystem.ini: UserInit=
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\TAKEO\Application Data\Mozilla\Profiles\default\thr2gljn.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\TAKEO\Application Data\Mozilla\Profiles\default\thr2gljn.slt\prefs.js)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: (no name) - {02F96FB7-8AF6-439B-B7BA-2F952F9E4800} - (no file)
O2 - BHO: (no name) - {13589181-4F0D-4553-B9F8-B4B72172C139} - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\bkagv.dat
O2 - BHO: (no name) - {2527BEEF-1B3C-4D3B-98F0-7F3C1EB910A0} - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\itnaxaf.dat
O2 - BHO: (no name) - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\lrupi.dat (file missing)
O2 - BHO: (no name) - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\lrupi.dat (file missing)
O2 - BHO: (no name) - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\system32\qlink32.dll
O2 - BHO: (no name) - {96FCB370-B5EC-246C-2769-19FCB201B5FB} - C:\WINDOWS\Qnreewik.dll
O2 - BHO: (no name) - {98BC949B-3D81-4750-836F-4BC57BD032EE} - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\siiw.dat
O2 - BHO: (no name) - {BB54DE33-E539-4749-BFAC-CC49617E8F2A} - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\ccac.dat
O2 - BHO: (no name) - {D487068E-9B04-4FE5-8A83-08344F800BF5} - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\yeksp.dat
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Search - {948C5E2A-89A3-E7BC-1679-443C2AD8B960} - C:\WINDOWS\Qnreewik.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DJQW] C:\WINDOWS\DJQW.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [hox] C:\WINDOWS\hox.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [var] C:\WINDOWS\var.exe
O4 - HKLM\..\Run: [uxursb] C:\WINDOWS\uxursb.exe
O4 - HKLM\..\Run: [mryx] C:\WINDOWS\mryx.exe
O4 - HKLM\..\Run: [edmj] C:\WINDOWS\edmj.exe
O4 - HKLM\..\Run: [kjatoxgd] C:\WINDOWS\kjatoxgd.exe
O4 - HKLM\..\Run: [ynsp] C:\WINDOWS\ynsp.exe
O4 - HKLM\..\Run: [crgfglsf] C:\WINDOWS\crgfglsf.exe <I'm worried about this chunk
O4 - HKLM\..\Run: [ipurl] C:\WINDOWS\Registration\ipurl.exe
O4 - HKLM\..\Run: [*javalog] C:\WINDOWS\Web\javalog.exe
O4 - HKLM\..\Run: [*keys] C:\WINDOWS\msagent\keys.exe
O4 - HKLM\..\Run: [*diskinet] C:\WINDOWS\Web\PRINTERS\diskinet.exe
O4 - HKLM\..\Run: [*pskey] C:\WINDOWS\addins\pskey.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\RunOnce: [*WinLogon] C:\WINDOWS\repair\jpegtcp.exe ren my_time:1136935052
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Resume Windows Update Installation.lnk = C:\WINDOWS\Windows Update Setup Files\ie6setup.exe
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Ebates (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_10.CAB
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://so.bugs.co.kr/SetGlb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DCF0768D-BA7A-101A-B57A-0000C0C3ED5F} - http://203.199.200.61/ads/shareit/da/cab/SysUpd.CAB

Hi there.
While waiting to be assisted please get the latest version of hjt.
See this topic:
Before you post a log (http://forums.spybot.info/showthread.php?t=288)
Then copy paste the new log into this thread.
Also please clarify:

(note: I cut out one chunk of files that are host files for a program on my computer)
Cut from where?
Cheers.

Hi there.
While waiting to be assisted please get the latest version of hjt.
See this topic:
Before you post a log (http://forums.spybot.info/showthread.php?t=288)
Then copy paste the new log into this thread.
Also please clarify:

Cut from where?
Cheers.

Sorry, I thought I had the latest version! Haha...anyhow, here is the updated log file. I've noted where I cut files from.

Logfile of HijackThis v1.99.1
Scan saved at 4:12:49 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Save\Save.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\taskcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis2.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{1FFE4F9D-A9F7-6756-734C-08B53B595C56} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\TAKEO\Application Data\Mozilla\Profiles\default\thr2gljn.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\TAKEO\Application Data\Mozilla\Profiles\default\thr2gljn.slt\prefs.js)
<chunk cut, host files from winmx>
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: (no name) - {02F96FB7-8AF6-439B-B7BA-2F952F9E4800} - (no file)
O2 - BHO: CATLEvents Object - {13589181-4F0D-4553-B9F8-B4B72172C139} - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\bkagv.dat
O2 - BHO: CATLEvents Object - {2527BEEF-1B3C-4D3B-98F0-7F3C1EB910A0} - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\itnaxaf.dat
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\lrupi.dat (file missing)
O2 - BHO: CATLEvents Object - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\lrupi.dat (file missing)
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\system32\qlink32.dll
O2 - BHO: (no name) - {96FCB370-B5EC-246C-2769-19FCB201B5FB} - C:\WINDOWS\Qnreewik.dll
O2 - BHO: CATLEvents Object - {98BC949B-3D81-4750-836F-4BC57BD032EE} - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\siiw.dat
O2 - BHO: CATLEvents Object - {BB54DE33-E539-4749-BFAC-CC49617E8F2A} - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\ccac.dat
O2 - BHO: CATLEvents Object - {D487068E-9B04-4FE5-8A83-08344F800BF5} - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\yeksp.dat
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Search - {948C5E2A-89A3-E7BC-1679-443C2AD8B960} - C:\WINDOWS\Qnreewik.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DJQW] C:\WINDOWS\DJQW.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [hox] C:\WINDOWS\hox.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [var] C:\WINDOWS\var.exe
O4 - HKLM\..\Run: [uxursb] C:\WINDOWS\uxursb.exe
O4 - HKLM\..\Run: [mryx] C:\WINDOWS\mryx.exe
O4 - HKLM\..\Run: [edmj] C:\WINDOWS\edmj.exe
O4 - HKLM\..\Run: [kjatoxgd] C:\WINDOWS\kjatoxgd.exe
O4 - HKLM\..\Run: [ynsp] C:\WINDOWS\ynsp.exe
O4 - HKLM\..\Run: [crgfglsf] C:\WINDOWS\crgfglsf.exe
O4 - HKLM\..\Run: [ipurl] C:\WINDOWS\Registration\ipurl.exe
O4 - HKLM\..\Run: [*javalog] C:\WINDOWS\Web\javalog.exe
O4 - HKLM\..\Run: [*keys] C:\WINDOWS\msagent\keys.exe
O4 - HKLM\..\Run: [*diskinet] C:\WINDOWS\Web\PRINTERS\diskinet.exe
O4 - HKLM\..\Run: [*pskey] C:\WINDOWS\addins\pskey.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\RunOnce: [*WinLogon] C:\WINDOWS\taskcmd.exe ren my_time:1136967115
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Resume Windows Update Installation.lnk = C:\WINDOWS\Windows Update Setup Files\ie6setup.exe
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_10.CAB
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://so.bugs.co.kr/SetGlb.cab
O16 - DPF: {DCF0768D-BA7A-101A-B57A-0000C0C3ED5F} - http://203.199.200.61/ads/shareit/da/cab/SysUpd.CAB
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\system32\qlink32.dll
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O20 - Winlogon Notify: dllkey - C:\WINDOWS\addins\dllkey.dll
O20 - Winlogon Notify: expvga - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\agvpxe.dat (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: inetweb - C:\WINDOWS\repair\inetweb.dll
O20 - Winlogon Notify: infosvr - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\rvsofni.dat (file missing)
O20 - Winlogon Notify: javaip - C:\WINDOWS\security\LOGS\javaip.dll
O20 - Winlogon Notify: mp3ms - C:\WINDOWS\security\mp3ms.dll
O20 - Winlogon Notify: netwms - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\smwten.dat (file missing)
O20 - Winlogon Notify: olecat - C:\WINDOWS\Fonts\olecat.dll
O20 - Winlogon Notify: stask - C:\WINDOWS\Config\stask.dll
O20 - Winlogon Notify: unlog - C:\WINDOWS\Web\PRINTERS\unlog.dll
O20 - Winlogon Notify: winrun - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\nurniw.dat
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O20 - Winlogon Notify: wtapi - C:\WINDOWS\Config\wtapi.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

hi riceronin,

heres what we will do to start with:


if you can get on the internet do the following (to get downloads and update)

if you cant get on the internet just start the fix with using hjt (below) then delete files, boot to safe mode and run what apps you have while in safe mode


(i would copy this to a text file like notepad then save it somwhere so you can read it in safe mode.)

download 2 apps, update your antivirus and spybot. uninstall some files, then boot into safe mode

the 2 downloads:----> but dont run any of them just yet:

1)FixVundo.exe--- download to desktop or somewhere, (dosnt need updating)
http://securityresponse.symantec.com/avcenter/FixVundo.exe

2) Ewido security suite:

1. Download Ewido and install
Ewido Security Suite. It is a free trial version of the program:

http://www.ewido.net/en/download/

2. Install ewido security suite
3. Launch ewido, there should be an icon on your desktop double-click it.
4. The program will now go to the main screen

You will need to update ewido to the latest definition files.

1. On the left hand side of the main screen click update
2. Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use Ewido manual updates

while your out there check for updates to your antivirus/spybot.
-----------------------------------------------------

ok. you have everything updated, ewido and fixvundo.exe.

so now we will use htj, then delete some files via add/remove programs panel, then boot computer into SAFE MODE.

scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.


R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - _{1FFE4F9D-A9F7-6756-734C-08B53B595C56} - (no file)


O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll

O2 - BHO: (no name) - {02F96FB7-8AF6-439B-B7BA-2F952F9E4800} - (no file)


O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll

O2 - BHO: (no name) - {02F96FB7-8AF6-439B-B7BA-2F952F9E4800} - (no file)

O2 - BHO: CATLEvents Object - {13589181-4F0D-4553-B9F8-B4B72172C139} - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\bkagv.dat

O2 - BHO: CATLEvents Object - {2527BEEF-1B3C-4D3B-98F0-7F3C1EB910A0} - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\itnaxaf.dat

O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\lrupi.dat (file missing)

O2 - BHO: CATLEvents Object - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\lrupi.dat (file missing)

O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\system32\qlink32.dll

O2 - BHO: (no name) - {96FCB370-B5EC-246C-2769-19FCB201B5FB} - C:\WINDOWS\Qnreewik.dll

O2 - BHO: CATLEvents Object - {98BC949B-3D81-4750-836F-4BC57BD032EE} - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\siiw.dat

O2 - BHO: CATLEvents Object - {BB54DE33-E539-4749-BFAC-CC49617E8F2A} - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\ccac.dat

O2 - BHO: CATLEvents Object - {D487068E-9B04-4FE5-8A83-08344F800BF5} - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\yeksp.dat

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: Search - {948C5E2A-89A3-E7BC-1679-443C2AD8B960} - C:\WINDOWS\Qnreewik.dll


O4 - HKLM\..\Run: [DJQW] C:\WINDOWS\DJQW.exe
O4 - HKLM\..\Run: [hox] C:\WINDOWS\hox.exe
O4 - HKLM\..\Run: [var] C:\WINDOWS\var.exe
O4 - HKLM\..\Run: [uxursb] C:\WINDOWS\uxursb.exe
O4 - HKLM\..\Run: [mryx] C:\WINDOWS\mryx.exe
O4 - HKLM\..\Run: [edmj] C:\WINDOWS\edmj.exe
O4 - HKLM\..\Run: [kjatoxgd] C:\WINDOWS\kjatoxgd.exe
O4 - HKLM\..\Run: [ynsp] C:\WINDOWS\ynsp.exe
O4 - HKLM\..\Run: [crgfglsf] C:\WINDOWS\crgfglsf.exe
O4 - HKLM\..\Run: [ipurl] C:\WINDOWS\Registration\ipurl.exe
O4 - HKLM\..\Run: [*javalog] C:\WINDOWS\Web\javalog.exe
O4 - HKLM\..\Run: [*keys] C:\WINDOWS\msagent\keys.exe
O4 - HKLM\..\Run: [*diskinet] C:\WINDOWS\Web\PRINTERS\diskinet.exe
O4 - HKLM\..\Run: [*pskey] C:\WINDOWS\addins\pskey.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

O16 - DPF: {DCF0768D-BA7A-101A-B57A-0000C0C3ED5F} - http://203.199.200.61/ads/shareit/da/cab/SysUpd.CAB

O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\system32\qlink32.dll

O20 - Winlogon Notify: dllkey - C:\WINDOWS\addins\dllkey.dll

O20 - Winlogon Notify: expvga - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\agvpxe.dat (file missing)

O20 - Winlogon Notify: infosvr - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\rvsofni.dat (file missing)

O20 - Winlogon Notify: javaip - C:\WINDOWS\security\LOGS\javaip.dll

O20 - Winlogon Notify: mp3ms - C:\WINDOWS\security\mp3ms.dll

O20 - Winlogon Notify: netwms - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\smwten.dat (file missing)

O20 - Winlogon Notify: olecat - C:\WINDOWS\Fonts\olecat.dll
O20 - Winlogon Notify: stask - C:\WINDOWS\Config\stask.dll
O20 - Winlogon Notify: unlog - C:\WINDOWS\Web\PRINTERS\unlog.dll

O20 - Winlogon Notify: winrun - C:\DOCUME~1\TAKEO\LOCALS~1\Temp\nurniw.dat
-------------------------------------
ok now look in add/remove programs panel and uninstall these if present:

WhenUSave or Save
internet Optimizer
------------------------------------
now reboot computer into SAFE MODE. you reach SAFE MODE by tapping the f8 key during restart. chose the first option safe mode. ok once in safe mode run the saved:

FixVundo.exe

ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
When the scan is finished, click the Save report button at the bottom of the screen.
Save the report to your desktop

Close Ewido

run spybot search and destroy and your av app also

still in safe mode do this;
Click Start>Run then type %temp%



hit ok. delete all the files you can

Empty your Temp folders. Go to Start > Run and type:cleanmgr. Windows will scan. When done check these 3 and press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

Go to:

Start> Run

And type this in:

C:\windows\prefetch

Once this is open Delete everything in the folder
only whats in the folder, not the folder itself.
-------------------------------------------
reboot computer normally, rescan and post a new hjt log. i would like to see whats in your host file, no biggy- ive used about 8 p2p apps including winmx over the years-- (i collect them) now use bitcomet.


shelf life

Hello.
Due to lack of a response this topic will be archived, to prevent others with similar issues posting in it.
If you need it re-opened please pm me or one of the forum mods, and provide a link to the topic in question.