Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Help, have hijackthis log
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Help, have hijackthis log  
Forum Quick Jump
 
New Topic Post reply to : Help, have hijackthis log Printable version of : Help, have hijackthis log
[ << Previous Thread | Next Thread >> ]

yellowmanjv
New Member


Date Joined Jun 2004
Total Posts : 9
  		   Posted 7-18-2004 6:10 (GMT +1)    Quote: Help, have hijackthis logAlert an admin about: Help, have hijackthis log
I've run a lot of spyguard and spyware removal programs, and a couple of antivirus programs. I've found some trojan viruses that i've deleted. My computer still hasnt changed, still the same spyware problems and virus problems. Here is my recent hijackthis log. Someone please read and tell me what to do...   thanks for any help.
 
Logfile of HijackThis v1.98.0
Scan saved at 12:09:18 AM, on 7/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\systk32.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\AvConsol.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\javaen32.exe
C:\WINDOWS\addtq32.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\aim\aim\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\clstz.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://clstz.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://clstz.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\clstz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\clstz.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://clstz.dll/index.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {F25C11A7-4B1F-5738-A16E-7A1B2A977B88} - C:\WINDOWS\system32\appqp32.dll
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [vpwqaqkxhbdk] C:\WINDOWS\System32\bjlwhi.exe
O4 - HKLM\..\Run: [added.exe] C:\WINDOWS\system32\added.exe
O4 - HKLM\..\Run: [javaen32.exe] C:\WINDOWS\system32\javaen32.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [ipjj.exe] C:\WINDOWS\ipjj.exe
O4 - HKLM\..\RunOnce: [addqb.exe] C:\WINDOWS\system32\addqb.exe
O4 - HKLM\..\RunOnce: [iptx32.exe] C:\WINDOWS\iptx32.exe
O4 - HKLM\..\RunOnce: [syspu.exe] C:\WINDOWS\system32\syspu.exe
O4 - HKLM\..\RunOnce: [nthk.exe] C:\WINDOWS\nthk.exe
O4 - HKLM\..\RunOnce: [crmc32.exe] C:\WINDOWS\system32\crmc32.exe
O4 - HKLM\..\RunOnce: [javate32.exe] C:\WINDOWS\javate32.exe
O4 - HKLM\..\RunOnce: [ieeh32.exe] C:\WINDOWS\ieeh32.exe
O4 - HKLM\..\RunOnce: [ntcc.exe] C:\WINDOWS\system32\ntcc.exe
O4 - HKLM\..\RunOnce: [iecw.exe] C:\WINDOWS\system32\iecw.exe
O4 - HKLM\..\RunOnce: [iegj32.exe] C:\WINDOWS\iegj32.exe
O4 - HKLM\..\RunOnce: [javasd.exe] C:\WINDOWS\javasd.exe
O4 - HKLM\..\RunOnce: [sysby.exe] C:\WINDOWS\sysby.exe
O4 - HKLM\..\RunOnce: [addow32.exe] C:\WINDOWS\addow32.exe
O4 - HKLM\..\RunOnce: [mfcax.exe] C:\WINDOWS\mfcax.exe
O4 - HKLM\..\RunOnce: [mspv.exe] C:\WINDOWS\system32\mspv.exe
O4 - HKLM\..\RunOnce: [crnj.exe] C:\WINDOWS\crnj.exe
O4 - HKLM\..\RunOnce: [netrw32.exe] C:\WINDOWS\system32\netrw32.exe
O4 - HKLM\..\RunOnce: [ieqn32.exe] C:\WINDOWS\ieqn32.exe
O4 - HKLM\..\RunOnce: [ippu32.exe] C:\WINDOWS\ippu32.exe
O4 - HKLM\..\RunOnce: [addyo.exe] C:\WINDOWS\addyo.exe
O4 - HKLM\..\RunOnce: [iejh32.exe] C:\WINDOWS\system32\iejh32.exe
O4 - HKLM\..\RunOnce: [ipyf32.exe] C:\WINDOWS\ipyf32.exe
O4 - HKLM\..\RunOnce: [addby.exe] C:\WINDOWS\addby.exe
O4 - HKLM\..\RunOnce: [addzx.exe] C:\WINDOWS\system32\addzx.exe
O4 - HKLM\..\RunOnce: [winxq32.exe] C:\WINDOWS\system32\winxq32.exe
O4 - HKLM\..\RunOnce: [mfcff.exe] C:\WINDOWS\system32\mfcff.exe
O4 - HKLM\..\RunOnce: [sdkrh.exe] C:\WINDOWS\system32\sdkrh.exe
O4 - HKLM\..\RunOnce: [iexs.exe] C:\WINDOWS\iexs.exe
O4 - HKLM\..\RunOnce: [ievj.exe] C:\WINDOWS\system32\ievj.exe
O4 - HKLM\..\RunOnce: [ntzb32.exe] C:\WINDOWS\system32\ntzb32.exe
O4 - HKLM\..\RunOnce: [appyj.exe] C:\WINDOWS\system32\appyj.exe
O4 - HKLM\..\RunOnce: [adduq32.exe] C:\WINDOWS\system32\adduq32.exe
O4 - HKLM\..\RunOnce: [ntoe.exe] C:\WINDOWS\ntoe.exe
O4 - HKLM\..\RunOnce: [d3xz32.exe] C:\WINDOWS\system32\d3xz32.exe
O4 - HKLM\..\RunOnce: [addsx.exe] C:\WINDOWS\system32\addsx.exe
O4 - HKLM\..\RunOnce: [addmq32.exe] C:\WINDOWS\addmq32.exe
O4 - HKLM\..\RunOnce: [crit32.exe] C:\WINDOWS\system32\crit32.exe
O4 - HKLM\..\RunOnce: [sdkec.exe] C:\WINDOWS\sdkec.exe
O4 - HKLM\..\RunOnce: [atlhv32.exe] C:\WINDOWS\atlhv32.exe
O4 - HKLM\..\RunOnce: [apiio32.exe] C:\WINDOWS\system32\apiio32.exe
O4 - HKLM\..\RunOnce: [crsl.exe] C:\WINDOWS\crsl.exe
O4 - HKLM\..\RunOnce: [javaqb.exe] C:\WINDOWS\system32\javaqb.exe
O4 - HKLM\..\RunOnce: [appnw.exe] C:\WINDOWS\system32\appnw.exe
O4 - HKLM\..\RunOnce: [ipdj.exe] C:\WINDOWS\system32\ipdj.exe
O4 - HKLM\..\RunOnce: [javarj.exe] C:\WINDOWS\javarj.exe
O4 - HKLM\..\RunOnce: [mssd.exe] C:\WINDOWS\system32\mssd.exe
O4 - HKLM\..\RunOnce: [atlhf.exe] C:\WINDOWS\system32\atlhf.exe
O4 - HKLM\..\RunOnce: [apixh.exe] C:\WINDOWS\system32\apixh.exe
O4 - HKLM\..\RunOnce: [atltz32.exe] C:\WINDOWS\atltz32.exe
O4 - HKLM\..\RunOnce: [atljr32.exe] C:\WINDOWS\system32\atljr32.exe
O4 - HKLM\..\RunOnce: [apiwu32.exe] C:\WINDOWS\system32\apiwu32.exe
O4 - HKLM\..\RunOnce: [addgm.exe] C:\WINDOWS\addgm.exe
O4 - HKLM\..\RunOnce: [ntqa32.exe] C:\WINDOWS\ntqa32.exe
O4 - HKLM\..\RunOnce: [d3po.exe] C:\WINDOWS\d3po.exe
O4 - HKLM\..\RunOnce: [javagm32.exe] C:\WINDOWS\system32\javagm32.exe
O4 - HKLM\..\RunOnce: [sysrj32.exe] C:\WINDOWS\sysrj32.exe
O4 - HKLM\..\RunOnce: [addzm.exe] C:\WINDOWS\system32\addzm.exe
O4 - HKLM\..\RunOnce: [addxd32.exe] C:\WINDOWS\addxd32.exe
O4 - HKLM\..\RunOnce: [ipzj.exe] C:\WINDOWS\system32\ipzj.exe
O4 - HKLM\..\RunOnce: [winan.exe] C:\WINDOWS\winan.exe
O4 - HKLM\..\RunOnce: [addkc.exe] C:\WINDOWS\addkc.exe
O4 - HKLM\..\RunOnce: [winsx32.exe] C:\WINDOWS\winsx32.exe
O4 - HKLM\..\RunOnce: [iplk.exe] C:\WINDOWS\system32\iplk.exe
O4 - HKLM\..\RunOnce: [craa.exe] C:\WINDOWS\system32\craa.exe
O4 - HKLM\..\RunOnce: [netfe32.exe] C:\WINDOWS\netfe32.exe
O4 - HKLM\..\RunOnce: [ipkb.exe] C:\WINDOWS\ipkb.exe
O4 - HKLM\..\RunOnce: [msox.exe] C:\WINDOWS\msox.exe
O4 - HKLM\..\RunOnce: [mssa32.exe] C:\WINDOWS\mssa32.exe
O4 - HKLM\..\RunOnce: [sdklz.exe] C:\WINDOWS\sdklz.exe
O4 - HKLM\..\RunOnce: [winso.exe] C:\WINDOWS\system32\winso.exe
O4 - HKLM\..\RunOnce: [mfcmg32.exe] C:\WINDOWS\system32\mfcmg32.exe
O4 - HKLM\..\RunOnce: [atlwk32.exe] C:\WINDOWS\atlwk32.exe
O4 - HKLM\..\RunOnce: [atlsr.exe] C:\WINDOWS\atlsr.exe
O4 - HKLM\..\RunOnce: [netcv32.exe] C:\WINDOWS\netcv32.exe
O4 - HKLM\..\RunOnce: [apipo.exe] C:\WINDOWS\apipo.exe
O4 - HKLM\..\RunOnce: [atlwj.exe] C:\WINDOWS\atlwj.exe
O4 - HKLM\..\RunOnce: [javayp32.exe] C:\WINDOWS\javayp32.exe
O4 - HKLM\..\RunOnce: [sysma.exe] C:\WINDOWS\system32\sysma.exe
O4 - HKLM\..\RunOnce: [mfcdn.exe] C:\WINDOWS\system32\mfcdn.exe
O4 - HKLM\..\RunOnce: [apikl32.exe] C:\WINDOWS\apikl32.exe
O4 - HKLM\..\RunOnce: [javabg.exe] C:\WINDOWS\javabg.exe
O4 - HKLM\..\RunOnce: [sdknl32.exe] C:\WINDOWS\sdknl32.exe
O4 - HKLM\..\RunOnce: [msrn32.exe] C:\WINDOWS\msrn32.exe
O4 - HKLM\..\RunOnce: [addja.exe] C:\WINDOWS\system32\addja.exe
O4 - HKLM\..\RunOnce: [addhr.exe] C:\WINDOWS\addhr.exe
O4 - HKLM\..\RunOnce: [winug32.exe] C:\WINDOWS\system32\winug32.exe
O4 - HKLM\..\RunOnce: [atlev32.exe] C:\WINDOWS\atlev32.exe
O4 - HKLM\..\RunOnce: [winhj.exe] C:\WINDOWS\system32\winhj.exe
O4 - HKLM\..\RunOnce: [msho.exe] C:\WINDOWS\msho.exe
O4 - HKLM\..\RunOnce: [mfcak.exe] C:\WINDOWS\system32\mfcak.exe
O4 - HKLM\..\RunOnce: [ipep32.exe] C:\WINDOWS\system32\ipep32.exe
O4 - HKLM\..\RunOnce: [sdkyg32.exe] C:\WINDOWS\system32\sdkyg32.exe
O4 - HKLM\..\RunOnce: [atlra.exe] C:\WINDOWS\system32\atlra.exe
O4 - HKLM\..\RunOnce: [msvt32.exe] C:\WINDOWS\msvt32.exe
O4 - HKLM\..\RunOnce: [addzu32.exe] C:\WINDOWS\system32\addzu32.exe
O4 - HKLM\..\RunOnce: [sysav32.exe] C:\WINDOWS\system32\sysav32.exe
O4 - HKLM\..\RunOnce: [atlex32.exe] C:\WINDOWS\system32\atlex32.exe
O4 - HKLM\..\RunOnce: [ntnk.exe] C:\WINDOWS\system32\ntnk.exe
O4 - HKLM\..\RunOnce: [iefh32.exe] C:\WINDOWS\system32\iefh32.exe
O4 - HKLM\..\RunOnce: [iptt32.exe] C:\WINDOWS\system32\iptt32.exe
O4 - HKLM\..\RunOnce: [apitd32.exe] C:\WINDOWS\system32\apitd32.exe
O4 - HKLM\..\RunOnce: [ieoo32.exe] C:\WINDOWS\system32\ieoo32.exe
O4 - HKLM\..\RunOnce: [msqb32.exe] C:\WINDOWS\system32\msqb32.exe
O4 - HKLM\..\RunOnce: [appks32.exe] C:\WINDOWS\appks32.exe
O4 - HKLM\..\RunOnce: [d3lb.exe] C:\WINDOWS\system32\d3lb.exe
O4 - HKLM\..\RunOnce: [netqf.exe] C:\WINDOWS\netqf.exe
O4 - HKLM\..\RunOnce: [ntcy32.exe] C:\WINDOWS\ntcy32.exe
O4 - HKLM\..\RunOnce: [ntuv.exe] C:\WINDOWS\ntuv.exe
O4 - HKLM\..\RunOnce: [addoq.exe] C:\WINDOWS\addoq.exe
O4 - HKLM\..\RunOnce: [sdkey.exe] C:\WINDOWS\system32\sdkey.exe
O4 - HKLM\..\RunOnce: [msia.exe] C:\WINDOWS\msia.exe
O4 - HKLM\..\RunOnce: [msgy.exe] C:\WINDOWS\system32\msgy.exe
O4 - HKLM\..\RunOnce: [winne32.exe] C:\WINDOWS\system32\winne32.exe
O4 - HKLM\..\RunOnce: [ieyl32.exe] C:\WINDOWS\system32\ieyl32.exe
O4 - HKLM\..\RunOnce: [crcv.exe] C:\WINDOWS\system32\crcv.exe
O4 - HKLM\..\RunOnce: [winrg.exe] C:\WINDOWS\winrg.exe
O4 - HKLM\..\RunOnce: [apijn32.exe] C:\WINDOWS\apijn32.exe
O4 - HKLM\..\RunOnce: [ntzc32.exe] C:\WINDOWS\system32\ntzc32.exe
O4 - HKLM\..\RunOnce: [winvz.exe] C:\WINDOWS\winvz.exe
O4 - HKLM\..\RunOnce: [addap.exe] C:\WINDOWS\addap.exe
O4 - HKLM\..\RunOnce: [ntma32.exe] C:\WINDOWS\ntma32.exe
O4 - HKLM\..\RunOnce: [javasc.exe] C:\WINDOWS\system32\javasc.exe
O4 - HKLM\..\RunOnce: [addyd.exe] C:\WINDOWS\addyd.exe
O4 - HKLM\..\RunOnce: [crsu32.exe] C:\WINDOWS\system32\crsu32.exe
O4 - HKLM\..\RunOnce: [msfe32.exe] C:\WINDOWS\system32\msfe32.exe
O4 - HKLM\..\RunOnce: [netvm.exe] C:\WINDOWS\system32\netvm.exe
O4 - HKLM\..\RunOnce: [addru.exe] C:\WINDOWS\system32\addru.exe
O4 - HKLM\..\RunOnce: [wineg32.exe] C:\WINDOWS\system32\wineg32.exe
O4 - HKLM\..\RunOnce: [addqh.exe] C:\WINDOWS\system32\addqh.exe
O4 - HKLM\..\RunOnce: [sdkce32.exe] C:\WINDOWS\sdkce32.exe
O4 - HKLM\..\RunOnce: [sdkfr.exe] C:\WINDOWS\sdkfr.exe
O4 - HKLM\..\RunOnce: [mfclu32.exe] C:\WINDOWS\system32\mfclu32.exe
O4 - HKLM\..\RunOnce: [sysno.exe] C:\WINDOWS\system32\sysno.exe
O4 - HKLM\..\RunOnce: [cryv.exe] C:\WINDOWS\cryv.exe
O4 - HKLM\..\RunOnce: [ipys.exe] C:\WINDOWS\system32\ipys.exe
O4 - HKLM\..\RunOnce: [ievf32.exe] C:\WINDOWS\ievf32.exe
O4 - HKLM\..\RunOnce: [javazd32.exe] C:\WINDOWS\javazd32.exe
O4 - HKLM\..\RunOnce: [apppm32.exe] C:\WINDOWS\apppm32.exe
O4 - HKLM\..\RunOnce: [winux32.exe] C:\WINDOWS\winux32.exe
O4 - HKLM\..\RunOnce: [javahm.exe] C:\WINDOWS\javahm.exe
O4 - HKLM\..\RunOnce: [ntnf.exe] C:\WINDOWS\system32\ntnf.exe
O4 - HKLM\..\RunOnce: [sdkmb.exe] C:\WINDOWS\sdkmb.exe
O4 - HKLM\..\RunOnce: [ntwy32.exe] C:\WINDOWS\system32\ntwy32.exe
O4 - HKLM\..\RunOnce: [appbc32.exe] C:\WINDOWS\system32\appbc32.exe
O4 - HKLM\..\RunOnce: [d3ac.exe] C:\WINDOWS\system32\d3ac.exe
O4 - HKLM\..\RunOnce: [winfd32.exe] C:\WINDOWS\winfd32.exe
O4 - HKLM\..\RunOnce: [sysoh32.exe] C:\WINDOWS\system32\sysoh32.exe
O4 - HKLM\..\RunOnce: [ntvq.exe] C:\WINDOWS\system32\ntvq.exe
O4 - HKLM\..\RunOnce: [addie32.exe] C:\WINDOWS\system32\addie32.exe
O4 - HKLM\..\RunOnce: [ieci.exe] C:\WINDOWS\system32\ieci.exe
O4 - HKLM\..\RunOnce: [sdklx32.exe] C:\WINDOWS\system32\sdklx32.exe
O4 - HKLM\..\RunOnce: [winby.exe] C:\WINDOWS\winby.exe
O4 - HKLM\..\RunOnce: [winzo.exe] C:\WINDOWS\system32\winzo.exe
O4 - HKLM\..\RunOnce: [appbd32.exe] C:\WINDOWS\system32\appbd32.exe
O4 - HKLM\..\RunOnce: [wingp.exe] C:\WINDOWS\wingp.exe
O4 - HKLM\..\RunOnce: [javaxt.exe] C:\WINDOWS\javaxt.exe
O4 - HKLM\..\RunOnce: [addnr32.exe] C:\WINDOWS\system32\addnr32.exe
O4 - HKLM\..\RunOnce: [iedg32.exe] C:\WINDOWS\system32\iedg32.exe
O4 - HKLM\..\RunOnce: [appre.exe] C:\WINDOWS\system32\appre.exe
O4 - HKLM\..\RunOnce: [d3wg32.exe] C:\WINDOWS\system32\d3wg32.exe
O4 - HKLM\..\RunOnce: [ntvm.exe] C:\WINDOWS\ntvm.exe
O4 - HKLM\..\RunOnce: [appub32.exe] C:\WINDOWS\system32\appub32.exe
O4 - HKLM\..\RunOnce: [netow.exe] C:\WINDOWS\netow.exe
O4 - HKLM\..\RunOnce: [sdkfd32.exe] C:\WINDOWS\system32\sdkfd32.exe
O4 - HKLM\..\RunOnce: [netcw32.exe] C:\WINDOWS\netcw32.exe
O4 - HKLM\..\RunOnce: [javakb32.exe] C:\WINDOWS\system32\javakb32.exe
O4 - HKLM\..\RunOnce: [systo32.exe] C:\WINDOWS\system32\systo32.exe
O4 - HKLM\..\RunOnce: [sysjz.exe] C:\WINDOWS\sysjz.exe
O4 - HKLM\..\RunOnce: [atldd.exe] C:\WINDOWS\system32\atldd.exe
O4 - HKLM\..\RunOnce: [winuu.exe] C:\WINDOWS\winuu.exe
O4 - HKLM\..\RunOnce: [applv32.exe] C:\WINDOWS\applv32.exe
O4 - HKLM\..\RunOnce: [atlhy.exe] C:\WINDOWS\atlhy.exe
O4 - HKLM\..\RunOnce: [sdkxn32.exe] C:\WINDOWS\sdkxn32.exe
O4 - HKLM\..\RunOnce: [ntcj32.exe] C:\WINDOWS\system32\ntcj32.exe
O4 - HKLM\..\RunOnce: [ieym.exe] C:\WINDOWS\ieym.exe
O4 - HKLM\..\RunOnce: [msmb.exe] C:\WINDOWS\system32\msmb.exe
O4 - HKLM\..\RunOnce: [ipjz.exe] C:\WINDOWS\ipjz.exe
O4 - HKLM\..\RunOnce: [crsm32.exe] C:\WINDOWS\crsm32.exe
O4 - HKLM\..\RunOnce: [msmd.exe] C:\WINDOWS\system32\msmd.exe
O4 - HKLM\..\RunOnce: [mfcwn.exe] C:\WINDOWS\system32\mfcwn.exe
O4 - HKLM\..\RunOnce: [mfcum.exe] C:\WINDOWS\mfcum.exe
O4 - HKLM\..\RunOnce: [netwr32.exe] C:\WINDOWS\system32\netwr32.exe
O4 - HKLM\..\RunOnce: [cred.exe] C:\WINDOWS\cred.exe
O4 - HKLM\..\RunOnce: [winan32.exe] C:\WINDOWS\winan32.exe
O4 - HKLM\..\RunOnce: [mfcdi32.exe] C:\WINDOWS\system32\mfcdi32.exe
O4 - HKLM\..\RunOnce: [mfcut.exe] C:\WINDOWS\mfcut.exe
O4 - HKLM\..\RunOnce: [mfcqn.exe] C:\WINDOWS\mfcqn.exe
O4 - HKLM\..\RunOnce: [apiay.exe] C:\WINDOWS\system32\apiay.exe
O4 - HKLM\..\RunOnce: [sysmb32.exe] C:\WINDOWS\sysmb32.exe
O4 - HKLM\..\RunOnce: [ntyu.exe] C:\WINDOWS\ntyu.exe
O4 - HKLM\..\RunOnce: [javabu.exe] C:\WINDOWS\javabu.exe
O4 - HKLM\..\RunOnce: [wingk.exe] C:\WINDOWS\system32\wingk.exe
O4 - HKLM\..\RunOnce: [crvk.exe] C:\WINDOWS\system32\crvk.exe
O4 - HKLM\..\RunOnce: [javaej.exe] C:\WINDOWS\javaej.exe
O4 - HKLM\..\RunOnce: [ierp32.exe] C:\WINDOWS\ierp32.exe
O4 - HKLM\..\RunOnce: [sdket32.exe] C:\WINDOWS\system32\sdket32.exe
O4 - HKLM\..\RunOnce: [msxu.exe] C:\WINDOWS\system32\msxu.exe
O4 - HKLM\..\RunOnce: [addlq32.exe] C:\WINDOWS\addlq32.exe
O4 - HKLM\..\RunOnce: [mfcky32.exe] C:\WINDOWS\system32\mfcky32.exe
O4 - HKLM\..\RunOnce: [appdy32.exe] C:\WINDOWS\system32\appdy32.exe
O4 - HKLM\..\RunOnce: [apipv.exe] C:\WINDOWS\system32\apipv.exe
O4 - HKLM\..\RunOnce: [winvp32.exe] C:\WINDOWS\winvp32.exe
O4 - HKLM\..\RunOnce: [ntpy.exe] C:\WINDOWS\system32\ntpy.exe
O4 - HKLM\..\RunOnce: [apizv32.exe] C:\WINDOWS\apizv32.exe
O4 - HKLM\..\RunOnce: [ipuh32.exe] C:\WINDOWS\system32\ipuh32.exe
O4 - HKLM\..\RunOnce: [appuf.exe] C:\WINDOWS\appuf.exe
O4 - HKLM\..\RunOnce: [sysda32.exe] C:\WINDOWS\sysda32.exe
O4 - HKLM\..\RunOnce: [javakw.exe] C:\WINDOWS\javakw.exe
O4 - HKLM\..\RunOnce: [sysvs.exe] C:\WINDOWS\system32\sysvs.exe
O4 - HKLM\..\RunOnce: [apini32.exe] C:\WINDOWS\system32\apini32.exe
O4 - HKLM\..\RunOnce: [ipgm.exe] C:\WINDOWS\ipgm.exe
O4 - HKLM\..\RunOnce: [cris.exe] C:\WINDOWS\cris.exe
O4 - HKLM\..\RunOnce: [msab32.exe] C:\WINDOWS\system32\msab32.exe
O4 - HKLM\..\RunOnce: [sysvc.exe] C:\WINDOWS\system32\sysvc.exe
O4 - HKLM\..\RunOnce: [winij32.exe] C:\WINDOWS\system32\winij32.exe
O4 - HKLM\..\RunOnce: [sdkmn.exe] C:\WINDOWS\system32\sdkmn.exe
O4 - HKLM\..\RunOnce: [ietj32.exe] C:\WINDOWS\ietj32.exe
O4 - HKLM\..\RunOnce: [crwo.exe] C:\WINDOWS\system32\crwo.exe
O4 - HKLM\..\RunOnce: [appwk32.exe] C:\WINDOWS\appwk32.exe
O4 - HKLM\..\RunOnce: [javapk.exe] C:\WINDOWS\javapk.exe
O4 - HKLM\..\RunOnce: [mfcue.exe] C:\WINDOWS\mfcue.exe
O4 - HKLM\..\RunOnce: [javaab32.exe] C:\WINDOWS\javaab32.exe
O4 - HKLM\..\RunOnce: [ieaa.exe] C:\WINDOWS\system32\ieaa.exe
O4 - HKLM\..\RunOnce: [d3sh32.exe] C:\WINDOWS\d3sh32.exe
O4 - HKLM\..\RunOnce: [winsp32.exe] C:\WINDOWS\winsp32.exe
O4 - HKLM\..\RunOnce: [d3mc.exe] C:\WINDOWS\system32\d3mc.exe
O4 - HKLM\..\RunOnce: [netck.exe] C:\WINDOWS\system32\netck.exe
O4 - HKLM\..\RunOnce: [addve.exe] C:\WINDOWS\system32\addve.exe
O4 - HKLM\..\RunOnce: [crul.exe] C:\WINDOWS\crul.exe
O4 - HKLM\..\RunOnce: [apixg32.exe] C:\WINDOWS\apixg32.exe
O4 - HKLM\..\RunOnce: [mfczr32.exe] C:\WINDOWS\system32\mfczr32.exe
O4 - HKLM\..\RunOnce: [apizl32.exe] C:\WINDOWS\system32\apizl32.exe
O4 - HKLM\..\RunOnce: [netxe.exe] C:\WINDOWS\system32\netxe.exe
O4 - HKLM\..\RunOnce: [crqa.exe] C:\WINDOWS\system32\crqa.exe
O4 - HKLM\..\RunOnce: [atlsq.exe] C:\WINDOWS\system32\atlsq.exe
O4 - HKLM\..\RunOnce: [crwl.exe] C:\WINDOWS\system32\crwl.exe
O4 - HKLM\..\RunOnce: [atleq.exe] C:\WINDOWS\system32\atleq.exe
O4 - HKLM\..\RunOnce: [addkb32.exe] C:\WINDOWS\system32\addkb32.exe
O4 - HKLM\..\RunOnce: [ntrg.exe] C:\WINDOWS\ntrg.exe
O4 - HKLM\..\RunOnce: [crzx.exe] C:\WINDOWS\crzx.exe
O4 - HKLM\..\RunOnce: [sdkvz32.exe] C:\WINDOWS\system32\sdkvz32.exe
O4 - HKLM\..\RunOnce: [sdkro.exe] C:\WINDOWS\system32\sdkro.exe
O4 - HKLM\..\RunOnce: [d3fo.exe] C:\WINDOWS\system32\d3fo.exe
O4 - HKLM\..\RunOnce: [winiy32.exe] C:\WINDOWS\system32\winiy32.exe
O4 - HKLM\..\RunOnce: [addcv.exe] C:\WINDOWS\system32\addcv.exe
O4 - HKLM\..\RunOnce: [javana.exe] C:\WINDOWS\javana.exe
O4 - HKLM\..\RunOnce: [winhq32.exe] C:\WINDOWS\winhq32.exe
O4 - HKLM\..\RunOnce: [msan32.exe] C:\WINDOWS\system32\msan32.exe
O4 - HKLM\..\RunOnce: [appyh32.exe] C:\WINDOWS\appyh32.exe
O4 - HKLM\..\RunOnce: [addbr.exe] C:\WINDOWS\addbr.exe
O4 - HKLM\..\RunOnce: [nttz.exe] C:\WINDOWS\nttz.exe
O4 - HKLM\..\RunOnce: [javadi32.exe] C:\WINDOWS\system32\javadi32.exe
O4 - HKLM\..\RunOnce: [d3yd32.exe] C:\WINDOWS\d3yd32.exe
O4 - HKLM\..\RunOnce: [addfg32.exe] C:\WINDOWS\system32\addfg32.exe
O4 - HKLM\..\RunOnce: [crki32.exe] C:\WINDOWS\crki32.exe
O4 - HKLM\..\RunOnce: [sdksd.exe] C:\WINDOWS\system32\sdksd.exe
O4 - HKLM\..\RunOnce: [winmr32.exe] C:\WINDOWS\system32\winmr32.exe
O4 - HKLM\..\RunOnce: [crpb.exe] C:\WINDOWS\system32\crpb.exe
O4 - HKLM\..\RunOnce: [sdkxw32.exe] C:\WINDOWS\system32\sdkxw32.exe
O4 - HKLM\..\RunOnce: [msja.exe] C:\WINDOWS\system32\msja.exe
O4 - HKLM\..\RunOnce: [syspc.exe] C:\WINDOWS\system32\syspc.exe
O4 - HKLM\..\RunOnce: [javarw.exe] C:\WINDOWS\javarw.exe
O4 - HKLM\..\RunOnce: [apids.exe] C:\WINDOWS\apids.exe
O4 - HKLM\..\RunOnce: [appjg.exe] C:\WINDOWS\system32\appjg.exe
O4 - HKLM\..\RunOnce: [atlwz.exe] C:\WINDOWS\atlwz.exe
O4 - HKLM\..\RunOnce: [atlcv32.exe] C:\WINDOWS\system32\atlcv32.exe
O4 - HKLM\..\RunOnce: [atlam32.exe] C:\WINDOWS\atlam32.exe
O4 - HKLM\..\RunOnce: [nttq.exe] C:\WINDOWS\nttq.exe
O4 - HKLM\..\RunOnce: [netfq32.exe] C:\WINDOWS\system32\netfq32.exe
O4 - HKLM\..\RunOnce: [appbo32.exe] C:\WINDOWS\system32\appbo32.exe
O4 - HKLM\..\RunOnce: [addvu32.exe] C:\WINDOWS\system32\addvu32.exe
O4 - HKLM\..\RunOnce: [addaw.exe] C:\WINDOWS\system32\addaw.exe
O4 - HKLM\..\RunOnce: [netey.exe] C:\WINDOWS\system32\netey.exe
O4 - HKLM\..\RunOnce: [atlxm32.exe] C:\WINDOWS\atlxm32.exe
O4 - HKLM\..\RunOnce: [apihz.exe] C:\WINDOWS\apihz.exe
O4 - HKLM\..\RunOnce: [sysil.exe] C:\WINDOWS\sysil.exe
O4 - HKLM\..\RunOnce: [winpy32.exe] C:\WINDOWS\system32\winpy32.exe
O4 - HKLM\..\RunOnce: [syshk32.exe] C:\WINDOWS\syshk32.exe
O4 - HKLM\..\RunOnce: [sdkbj.exe] C:\WINDOWS\system32\sdkbj.exe
O4 - HKLM\..\RunOnce: [atlgx32.exe] C:\WINDOWS\atlgx32.exe
O4 - HKLM\..\RunOnce: [winmd32.exe] C:\WINDOWS\system32\winmd32.exe
O4 - HKLM\..\RunOnce: [mssb.exe] C:\WINDOWS\system32\mssb.exe
O4 - HKLM\..\RunOnce: [apixw.exe] C:\WINDOWS\system32\apixw.exe
O4 - HKLM\..\RunOnce: [sysjc32.exe] C:\WINDOWS\sysjc32.exe
O4 - HKLM\..\RunOnce: [appuv32.exe] C:\WINDOWS\system32\appuv32.exe
O4 - HKLM\..\RunOnce: [msyp.exe] C:\WINDOWS\msyp.exe
O4 - HKLM\..\RunOnce: [atlrw32.exe] C:\WINDOWS\atlrw32.exe
O4 - HKLM\..\RunOnce: [javaek.exe] C:\WINDOWS\system32\javaek.exe
O4 - HKLM\..\RunOnce: [appxw32.exe] C:\WINDOWS\appxw32.exe
O4 - HKLM\..\RunOnce: [d3wh32.exe] C:\WINDOWS\system32\d3wh32.exe
O4 - HKLM\..\RunOnce: [msqy32.exe] C:\WINDOWS\msqy32.exe
O4 - HKLM\..\RunOnce: [sysli.exe] C:\WINDOWS\system32\sysli.exe
O4 - HKLM\..\RunOnce: [d3rf.exe] C:\WINDOWS\d3rf.exe
O4 - HKLM\..\RunOnce: [crgx32.exe] C:\WINDOWS\system32\crgx32.exe
O4 - HKLM\..\RunOnce: [ntzt.exe] C:\WINDOWS\system32\ntzt.exe
O4 - HKLM\..\RunOnce: [atlcj32.exe] C:\WINDOWS\atlcj32.exe
O4 - HKLM\..\RunOnce: [ipbu.exe] C:\WINDOWS\system32\ipbu.exe
O4 - HKLM\..\RunOnce: [crev32.exe] C:\WINDOWS\crev32.exe
O4 - HKLM\..\RunOnce: [apizr32.exe] C:\WINDOWS\apizr32.exe
O4 - HKLM\..\RunOnce: [d3un.exe] C:\WINDOWS\d3un.exe
O4 - HKLM\..\RunOnce: [javapr.exe] C:\WINDOWS\javapr.exe
O4 - HKLM\..\RunOnce: [ieok.exe] C:\WINDOWS\ieok.exe
O4 - HKLM\..\RunOnce: [ipbw.exe] C:\WINDOWS\system32\ipbw.exe
O4 - HKLM\..\RunOnce: [appiz.exe] C:\WINDOWS\appiz.exe
O4 - HKLM\..\RunOnce: [systk32.exe] C:\WINDOWS\systk32.exe
O4 - HKLM\..\RunOnce: [appfg.exe] C:\WINDOWS\system32\appfg.exe
O4 - HKLM\..\RunOnce: [syscq32.exe] C:\WINDOWS\system32\syscq32.exe
O4 - HKLM\..\RunOnce: [ipbd32.exe] C:\WINDOWS\system32\ipbd32.exe
O4 - HKLM\..\RunOnce: [winoa.exe] C:\WINDOWS\winoa.exe
O4 - HKLM\..\RunOnce: [winrg32.exe] C:\WINDOWS\system32\winrg32.exe
O4 - HKLM\..\RunOnce: [crfv32.exe] C:\WINDOWS\crfv32.exe
O4 - HKLM\..\RunOnce: [netnm.exe] C:\WINDOWS\netnm.exe
O4 - HKLM\..\RunOnce: [mswl32.exe] C:\WINDOWS\mswl32.exe
O4 - HKLM\..\RunOnce: [winii.exe] C:\WINDOWS\system32\winii.exe
O4 - HKLM\..\RunOnce: [netxc.exe] C:\WINDOWS\system32\netxc.exe
O4 - HKLM\..\RunOnce: [javabe.exe] C:\WINDOWS\javabe.exe
O4 - HKLM\..\RunOnce: [mfcew32.exe] C:\WINDOWS\system32\mfcew32.exe
O4 - HKLM\..\RunOnce: [sdkti32.exe] C:\WINDOWS\sdkti32.exe
O4 - HKLM\..\RunOnce: [ntmq.exe] C:\WINDOWS\ntmq.exe
O4 - HKLM\..\RunOnce: [javaii.exe] C:\WINDOWS\system32\javaii.exe
O4 - HKLM\..\RunOnce: [apikn.exe] C:\WINDOWS\system32\apikn.exe
O4 - HKLM\..\RunOnce: [winuq.exe] C:\WINDOWS\winuq.exe
O4 - HKLM\..\RunOnce: [winls32.exe] C:\WINDOWS\winls32.exe
O4 - HKLM\..\RunOnce: [javazw32.exe] C:\WINDOWS\javazw32.exe
O4 - HKLM\..\RunOnce: [javaax.exe] C:\WINDOWS\system32\javaax.exe
O4 - HKLM\..\RunOnce: [d3rq32.exe] C:\WINDOWS\d3rq32.exe
O4 - HKLM\..\RunOnce: [winsz.exe] C:\WINDOWS\system32\winsz.exe
O4 - HKLM\..\RunOnce: [crgl.exe] C:\WINDOWS\system32\crgl.exe
O4 - HKLM\..\RunOnce: [sdknm.exe] C:\WINDOWS\sdknm.exe
O4 - HKLM\..\RunOnce: [sdkll.exe] C:\WINDOWS\system32\sdkll.exe
O4 - HKLM\..\RunOnce: [crks32.exe] C:\WINDOWS\crks32.exe
O4 - HKLM\..\RunOnce: [appqs32.exe] C:\WINDOWS\system32\appqs32.exe
O4 - HKLM\..\RunOnce: [winhr.exe] C:\WINDOWS\winhr.exe
O4 - HKLM\..\RunOnce: [d3hk32.exe] C:\WINDOWS\system32\d3hk32.exe
O4 - HKLM\..\RunOnce: [javaoh32.exe] C:\WINDOWS\system32\javaoh32.exe
O4 - HKLM\..\RunOnce: [crvh32.exe] C:\WINDOWS\system32\crvh32.exe
O4 - HKLM\..\RunOnce: [apiad32.exe] C:\WINDOWS\system32\apiad32.exe
O4 - HKLM\..\RunOnce: [syshu32.exe] C:\WINDOWS\syshu32.exe
O4 - HKLM\..\RunOnce: [ntlh.exe] C:\WINDOWS\system32\ntlh.exe
O4 - HKLM\..\RunOnce: [mfcnc32.exe] C:\WINDOWS\system32\mfcnc32.exe
O4 - HKLM\..\RunOnce: [wincy.exe] C:\WINDOWS\wincy.exe
O4 - HKLM\..\RunOnce: [javafi32.exe] C:\WINDOWS\javafi32.exe
O4 - HKLM\..\RunOnce: [d3cf.exe] C:\WINDOWS\d3cf.exe
O4 - HKLM\..\RunOnce: [mslp32.exe] C:\WINDOWS\mslp32.exe
O4 - HKLM\..\RunOnce: [ipxf32.exe] C:\WINDOWS\ipxf32.exe
O4 - HKLM\..\RunOnce: [netbq.exe] C:\WINDOWS\system32\netbq.exe
O4 - HKLM\..\RunOnce: [netvw.exe] C:\WINDOWS\system32\netvw.exe
O4 - HKLM\..\RunOnce: [apphh.exe] C:\WINDOWS\apphh.exe
O4 - HKLM\..\RunOnce: [mska32.exe] C:\WINDOWS\mska32.exe
O4 - HKLM\..\RunOnce: [crfm.exe] C:\WINDOWS\crfm.exe
O4 - HKLM\..\RunOnce: [apizh32.exe] C:\WINDOWS\apizh32.exe
O4 - HKLM\..\RunOnce: [iekm32.exe] C:\WINDOWS\iekm32.exe
O4 - HKLM\..\RunOnce: [addym.exe] C:\WINDOWS\system32\addym.exe
O4 - HKLM\..\RunOnce: [atlkq32.exe] C:\WINDOWS\system32\atlkq32.exe
O4 - HKLM\..\RunOnce: [sysvh.exe] C:\WINDOWS\system32\sysvh.exe
O4 - HKLM\..\RunOnce: [sdkjt32.exe] C:\WINDOWS\system32\sdkjt32.exe
O4 - HKLM\..\RunOnce: [ntea.exe] C:\WINDOWS\system32\ntea.exe
O4 - HKLM\..\RunOnce: [d3ln.exe] C:\WINDOWS\system32\d3ln.exe
O4 - HKLM\..\RunOnce: [msfp32.exe] C:\WINDOWS\msfp32.exe
O4 - HKLM\..\RunOnce: [d3zu.exe] C:\WINDOWS\d3zu.exe
O4 - HKLM\..\RunOnce: [crfo32.exe] C:\WINDOWS\system32\crfo32.exe
O4 - HKLM\..\RunOnce: [sysnc.exe] C:\WINDOWS\system32\sysnc.exe
O4 - HKLM\..\RunOnce: [javana32.exe] C:\WINDOWS\javana32.exe
O4 - HKLM\..\RunOnce: [appdy.exe] C:\WINDOWS\appdy.exe
O4 - HKLM\..\RunOnce: [ipll.exe] C:\WINDOWS\ipll.exe
O4 - HKLM\..\RunOnce: [javase32.exe] C:\WINDOWS\javase32.exe
O4 - HKLM\..\RunOnce: [sysyp32.exe] C:\WINDOWS\system32\sysyp32.exe
O4 - HKLM\..\RunOnce: [mssx32.exe] C:\WINDOWS\system32\mssx32.exe
O4 - HKLM\..\RunOnce: [javatr.exe] C:\WINDOWS\system32\javatr.exe
O4 - HKLM\..\RunOnce: [netmt.exe] C:\WINDOWS\netmt.exe
O4 - HKLM\..\RunOnce: [atlup.exe] C:\WINDOWS\system32\atlup.exe
O4 - HKLM\..\RunOnce: [addtq32.exe] C:\WINDOWS\addtq32.exe
O4 - HKLM\..\RunOnce: [crpy.exe] C:\WINDOWS\system32\crpy.exe
O4 - HKLM\..\RunOnce: [sysrq.exe] C:\WINDOWS\system32\sysrq.exe
O4 - HKLM\..\RunOnce: [sdkre.exe] C:\WINDOWS\system32\sdkre.exe
O4 - HKLM\..\RunOnce: [d3ll.exe] C:\WINDOWS\d3ll.exe
O4 - HKLM\..\RunOnce: [mfcjo32.exe] C:\WINDOWS\system32\mfcjo32.exe
O4 - HKLM\..\RunOnce: [msio32.exe] C:\WINDOWS\system32\msio32.exe
O4 - HKLM\..\RunOnce: [sdkap32.exe] C:\WINDOWS\sdkap32.exe
O4 - HKLM\..\RunOnce: [ielm32.exe] C:\WINDOWS\system32\ielm32.exe
O4 - HKLM\..\RunOnce: [appqn.exe] C:\WINDOWS\system32\appqn.exe
O4 - HKLM\..\RunOnce: [addbx32.exe] C:\WINDOWS\addbx32.exe
O4 - HKLM\..\RunOnce: [ntis32.exe] C:\WINDOWS\system32\ntis32.exe
O4 - HKLM\..\RunOnce: [javaar.exe] C:\WINDOWS\system32\javaar.exe
O4 - HKLM\..\RunOnce: [sdkqm32.exe] C:\WINDOWS\sdkqm32.exe
O4 - HKLM\..\RunOnce: [croy32.exe] C:\WINDOWS\croy32.exe
O4 - HKLM\..\RunOnce: [sdkjw.exe] C:\WINDOWS\sdkjw.exe
O4 - HKLM\..\RunOnce: [crao32.exe] C:\WINDOWS\system32\crao32.exe
O4 - HKLM\..\RunOnce: [javare.exe] C:\WINDOWS\javare.exe
O4 - HKLM\..\RunOnce: [ieow32.exe] C:\WINDOWS\ieow32.exe
O4 - HKLM\..\RunOnce: [mscn32.exe] C:\WINDOWS\mscn32.exe
O4 - HKLM\..\RunOnce: [d3nx.exe] C:\WINDOWS\system32\d3nx.exe
O4 - HKLM\..\RunOnce: [atlrn32.exe] C:\WINDOWS\atlrn32.exe
O4 - HKLM\..\RunOnce: [atlpd32.exe] C:\WINDOWS\atlpd32.exe
O4 - HKLM\..\RunOnce: [ipfd32.exe] C:\WINDOWS\system32\ipfd32.exe
O4 - HKLM\..\RunOnce: [sysmf32.exe] C:\WINDOWS\system32\sysmf32.exe
O4 - HKLM\..\RunOnce: [msns32.exe] C:\WINDOWS\system32\msns32.exe
O4 - HKLM\..\RunOnce: [msuu.exe] C:\WINDOWS\msuu.exe
O4 - HKLM\..\RunOnce: [iedt.exe] C:\WINDOWS\iedt.exe
O4 - HKLM\..\RunOnce: [ntec32.exe] C:\WINDOWS\ntec32.exe
O4 - HKLM\..\RunOnce: [atlmq32.exe] C:\WINDOWS\system32\atlmq32.exe
O4 - HKLM\..\RunOnce: [d3sb.exe] C:\WINDOWS\system32\d3sb.exe
O4 - HKLM\..\RunOnce: [winkh32.exe] C:\WINDOWS\winkh32.exe
O4 - HKLM\..\RunOnce: [d3qx32.exe] C:\WINDOWS\d3qx32.exe
O4 - HKLM\..\RunOnce: [ntrr.exe] C:\WINDOWS\ntrr.exe
O4 - HKLM\..\RunOnce: [atllo.exe] C:\WINDOWS\system32\atllo.exe
O4 - HKLM\..\RunOnce: [netyk32.exe] C:\WINDOWS\system32\netyk32.exe
O4 - HKLM\..\RunOnce: [d3pw.exe] C:\WINDOWS\system32\d3pw.exe
O4 - HKLM\..\RunOnce: [addlh.exe] C:\WINDOWS\system32\addlh.exe
O4 - HKLM\..\RunOnce: [winko.exe] C:\WINDOWS\winko.exe
O4 - HKLM\..\RunOnce: [javalx32.exe] C:\WINDOWS\javalx32.exe
O4 - HKLM\..\RunOnce: [ipdi.exe] C:\WINDOWS\system32\ipdi.exe
O4 - HKLM\..\RunOnce: [sdkqx.exe] C:\WINDOWS\system32\sdkqx.exe
O4 - HKLM\..\RunOnce: [atlhj.exe] C:\WINDOWS\atlhj.exe
O4 - HKLM\..\RunOnce: [addpg.exe] C:\WINDOWS\system32\addpg.exe
O4 - HKLM\..\RunOnce: [msqa32.exe] C:\WINDOWS\msqa32.exe
O4 - HKLM\..\RunOnce: [appnc32.exe] C:\WINDOWS\appnc32.exe
O4 - HKLM\..\RunOnce: [addjr32.exe] C:\WINDOWS\system32\addjr32.exe
O4 - HKLM\..\RunOnce: [mssi.exe] C:\WINDOWS\mssi.exe
O4 - HKLM\..\RunOnce: [appdf32.exe] C:\WINDOWS\system32\appdf32.exe
O4 - HKLM\..\RunOnce: [winfu.exe] C:\WINDOWS\system32\winfu.exe
O4 - HKLM\..\RunOnce: [sdkjh.exe] C:\WINDOWS\sdkjh.exe
O4 - HKLM\..\RunOnce: [sysyj.exe] C:\WINDOWS\system32\sysyj.exe
O4 - HKLM\..\RunOnce: [apipm32.exe] C:\WINDOWS\apipm32.exe
O4 - HKLM\..\RunOnce: [javaet32.exe] C:\WINDOWS\javaet32.exe
O4 - HKLM\..\RunOnce: [mfcbe32.exe] C:\WINDOWS\system32\mfcbe32.exe
O4 - HKLM\..\RunOnce: [sdkyj32.exe] C:\WINDOWS\system32\sdkyj32.exe
O4 - HKLM\..\RunOnce: [ntez32.exe] C:\WINDOWS\ntez32.exe
O4 - HKLM\..\RunOnce: [netwy32.exe] C:\WINDOWS\netwy32.exe
O4 - HKLM\..\RunOnce: [addvl32.exe] C:\WINDOWS\addvl32.exe
O4 - HKLM\..\RunOnce: [netfu.exe] C:\WINDOWS\netfu.exe
O4 - HKLM\..\RunOnce: [sysmw32.exe] C:\WINDOWS\sysmw32.exe
O4 - HKLM\..\RunOnce: [sdkrq32.exe] C:\WINDOWS\system32\sdkrq32.exe
O4 - HKLM\..\RunOnce: [ievs32.exe] C:\WINDOWS\system32\ievs32.exe
O4 - HKLM\..\RunOnce: [mfcig32.exe] C:\WINDOWS\system32\mfcig32.exe
O4 - HKLM\..\RunOnce: [sysna.exe] C:\WINDOWS\system32\sysna.exe
O4 - HKLM\..\RunOnce: [atlsc.exe] C:\WINDOWS\atlsc.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\RunOnce: [ieku32.exe] C:\WINDOWS\system32\ieku32.exe
O4 - HKLM\..\RunOnce: [d3pi32.exe] C:\WINDOWS\system32\d3pi32.exe
O4 - HKLM\..\RunOnce: [iebz.exe] C:\WINDOWS\system32\iebz.exe
O4 - HKLM\..\RunOnce: [iprs.exe] C:\WINDOWS\system32\iprs.exe
O4 - HKLM\..\RunOnce: [ierl.exe] C:\WINDOWS\system32\ierl.exe
O4 - HKLM\..\RunOnce: [javaov32.exe] C:\WINDOWS\system32\javaov32.exe
O4 - HKLM\..\RunOnce: [crue.exe] C:\WINDOWS\crue.exe
O4 - HKLM\..\RunOnce: [crgo32.exe] C:\WINDOWS\crgo32.exe
O4 - HKLM\..\RunOnce: [apidt32.exe] C:\WINDOWS\system32\apidt32.exe
O4 - HKLM\..\RunOnce: [ipbl.exe] C:\WINDOWS\ipbl.exe
O4 - HKLM\..\RunOnce: [apira.exe] C:\WINDOWS\system32\apira.exe
O4 - HKLM\..\RunOnce: [ieqh.exe] C:\WINDOWS\ieqh.exe
O4 - HKLM\..\RunOnce: [atlpq32.exe] C:\WINDOWS\system32\atlpq32.exe
O4 - HKLM\..\RunOnce: [crwu32.exe] C:\WINDOWS\system32\crwu32.exe
O4 - HKLM\..\RunOnce: [msoe32.exe] C:\WINDOWS\msoe32.exe
O4 - HKLM\..\RunOnce: [atlvi.exe] C:\WINDOWS\atlvi.exe
O4 - HKLM\..\RunOnce: [netuo32.exe] C:\WINDOWS\system32\netuo32.exe
O4 - HKLM\..\RunOnce: [ievc.exe] C:\WINDOWS\ievc.exe
O4 - HKLM\..\RunOnce: [iewh32.exe] C:\WINDOWS\system32\iewh32.exe
O4 - HKLM\..\RunOnce: [netxx.exe] C:\WINDOWS\netxx.exe
O4 - HKLM\..\RunOnce: [wintf.exe] C:\WINDOWS\system32\wintf.exe
O4 - HKLM\..\RunOnce: [appjn.exe] C:\WINDOWS\system32\appjn.exe
O4 - HKLM\..\RunOnce: [d3oc.exe] C:\WINDOWS\d3oc.exe
O4 - HKLM\..\RunOnce: [sysvm32.exe] C:\WINDOWS\sysvm32.exe
O4 - HKLM\..\RunOnce: [ntaa32.exe] C:\WINDOWS\system32\ntaa32.exe
O4 - HKLM\..\RunOnce: [crpt32.exe] C:\WINDOWS\crpt32.exe
O4 - HKLM\..\RunOnce: [iehw.exe] C:\WINDOWS\iehw.exe
O4 - HKLM\..\RunOnce: [atlhp32.exe] C:\WINDOWS\system32\atlhp32.exe
O4 - HKLM\..\RunOnce: [ntwc32.exe] C:\WINDOWS\ntwc32.exe
O4 - HKLM\..\RunOnce: [crmn.exe] C:\WINDOWS\crmn.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Socks4/5 Ad Blocker] C:\Sab\sab.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40} - C:\Program Files\CommonName\Toolbar\cnbabe.dll


Back to Top
 

eagle
Senior Member


Date Joined May 2004
Total Posts : 805
  		   Posted 7-18-2004 8:03 (GMT +1)    Quote: Help, have hijackthis logAlert an admin about: Help, have hijackthis log
Have you disabled macaffe first before you did the scan? If you have more than one AV tool on your machine you can get conflicts.
Eaglesmilewinkgrin
Back to Top
 

yellowmanjv
New Member


Date Joined Jun 2004
Total Posts : 9
  		   Posted 7-18-2004 9:14 (GMT +1)    Quote: Help, have hijackthis logAlert an admin about: Help, have hijackthis log
Ah, my windows desktop didnt load up its just the sceen of the wallpaper, i had to open everything from Task Manager. When i booted up my computer and logged on to one of my xp accounts there was a lot of errors about couldnt load _____.___    a bunch of different programs. how can i turn mcafee off from task manager? i went to vsmain.exe but i didnt see anywhere about turning it off.  here is a recent log.
Logfile of HijackThis v1.98.0
Scan saved at 3:04:39 PM, on 7/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\WINDOWS\systk32.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\system32\appub32.exe
C:\Program Files\TV Media\Tvm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\javaen32.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\McAfee\McAfee VirusScan\AlogServ.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gjoxf.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://gjoxf.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://gjoxf.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\gjoxf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gjoxf.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://gjoxf.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {6602821E-1F16-2AAC-597D-DB12248285E3} - C:\WINDOWS\system32\sdkvz.dll
O2 - BHO: (no name) - {F25C11A7-4B1F-5738-A16E-7A1B2A977B88} - C:\WINDOWS\system32\appqp32.dll
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [vpwqaqkxhbdk] C:\WINDOWS\System32\bjlwhi.exe
O4 - HKLM\..\Run: [added.exe] C:\WINDOWS\system32\added.exe
O4 - HKLM\..\Run: [javaen32.exe] C:\WINDOWS\system32\javaen32.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [javasc.exe] C:\WINDOWS\system32\javasc.exe
O4 - HKLM\..\RunOnce: [winfd32.exe] C:\WINDOWS\winfd32.exe
O4 - HKLM\..\RunOnce: [ntvm.exe] C:\WINDOWS\ntvm.exe
O4 - HKLM\..\RunOnce: [appub32.exe] C:\WINDOWS\system32\appub32.exe
O4 - HKLM\..\RunOnce: [systk32.exe] C:\WINDOWS\systk32.exe
O4 - HKLM\..\RunOnce: [appfg.exe] C:\WINDOWS\system32\appfg.exe
O4 - HKLM\..\RunOnce: [syscq32.exe] C:\WINDOWS\system32\syscq32.exe
O4 - HKLM\..\RunOnce: [ipbd32.exe] C:\WINDOWS\system32\ipbd32.exe
O4 - HKLM\..\RunOnce: [winoa.exe] C:\WINDOWS\winoa.exe
O4 - HKLM\..\RunOnce: [winrg32.exe] C:\WINDOWS\system32\winrg32.exe
O4 - HKLM\..\RunOnce: [crfv32.exe] C:\WINDOWS\crfv32.exe
O4 - HKLM\..\RunOnce: [netnm.exe] C:\WINDOWS\netnm.exe
O4 - HKLM\..\RunOnce: [mswl32.exe] C:\WINDOWS\mswl32.exe
O4 - HKLM\..\RunOnce: [winii.exe] C:\WINDOWS\system32\winii.exe
O4 - HKLM\..\RunOnce: [netxc.exe] C:\WINDOWS\system32\netxc.exe
O4 - HKLM\..\RunOnce: [javabe.exe] C:\WINDOWS\javabe.exe
O4 - HKLM\..\RunOnce: [mfcew32.exe] C:\WINDOWS\system32\mfcew32.exe
O4 - HKLM\..\RunOnce: [sdkti32.exe] C:\WINDOWS\sdkti32.exe
O4 - HKLM\..\RunOnce: [ntmq.exe] C:\WINDOWS\ntmq.exe
O4 - HKLM\..\RunOnce: [javaii.exe] C:\WINDOWS\system32\javaii.exe
O4 - HKLM\..\RunOnce: [apikn.exe] C:\WINDOWS\system32\apikn.exe
O4 - HKLM\..\RunOnce: [winuq.exe] C:\WINDOWS\winuq.exe
O4 - HKLM\..\RunOnce: [winls32.exe] C:\WINDOWS\winls32.exe
O4 - HKLM\..\RunOnce: [javazw32.exe] C:\WINDOWS\javazw32.exe
O4 - HKLM\..\RunOnce: [javaax.exe] C:\WINDOWS\system32\javaax.exe
O4 - HKLM\..\RunOnce: [d3rq32.exe] C:\WINDOWS\d3rq32.exe
O4 - HKLM\..\RunOnce: [winsz.exe] C:\WINDOWS\system32\winsz.exe
O4 - HKLM\..\RunOnce: [crgl.exe] C:\WINDOWS\system32\crgl.exe
O4 - HKLM\..\RunOnce: [sdknm.exe] C:\WINDOWS\sdknm.exe
O4 - HKLM\..\RunOnce: [sdkll.exe] C:\WINDOWS\system32\sdkll.exe
O4 - HKLM\..\RunOnce: [crks32.exe] C:\WINDOWS\crks32.exe
O4 - HKLM\..\RunOnce: [appqs32.exe] C:\WINDOWS\system32\appqs32.exe
O4 - HKLM\..\RunOnce: [winhr.exe] C:\WINDOWS\winhr.exe
O4 - HKLM\..\RunOnce: [d3hk32.exe] C:\WINDOWS\system32\d3hk32.exe
O4 - HKLM\..\RunOnce: [javaoh32.exe] C:\WINDOWS\system32\javaoh32.exe
O4 - HKLM\..\RunOnce: [crvh32.exe] C:\WINDOWS\system32\crvh32.exe
O4 - HKLM\..\RunOnce: [apiad32.exe] C:\WINDOWS\system32\apiad32.exe
O4 - HKLM\..\RunOnce: [syshu32.exe] C:\WINDOWS\syshu32.exe
O4 - HKLM\..\RunOnce: [ntlh.exe] C:\WINDOWS\system32\ntlh.exe
O4 - HKLM\..\RunOnce: [mfcnc32.exe] C:\WINDOWS\system32\mfcnc32.exe
O4 - HKLM\..\RunOnce: [wincy.exe] C:\WINDOWS\wincy.exe
O4 - HKLM\..\RunOnce: [javafi32.exe] C:\WINDOWS\javafi32.exe
O4 - HKLM\..\RunOnce: [d3cf.exe] C:\WINDOWS\d3cf.exe
O4 - HKLM\..\RunOnce: [mslp32.exe] C:\WINDOWS\mslp32.exe
O4 - HKLM\..\RunOnce: [ipxf32.exe] C:\WINDOWS\ipxf32.exe
O4 - HKLM\..\RunOnce: [netbq.exe] C:\WINDOWS\system32\netbq.exe
O4 - HKLM\..\RunOnce: [netvw.exe] C:\WINDOWS\system32\netvw.exe
O4 - HKLM\..\RunOnce: [apphh.exe] C:\WINDOWS\apphh.exe
O4 - HKLM\..\RunOnce: [mska32.exe] C:\WINDOWS\mska32.exe
O4 - HKLM\..\RunOnce: [crfm.exe] C:\WINDOWS\crfm.exe
O4 - HKLM\..\RunOnce: [apizh32.exe] C:\WINDOWS\apizh32.exe
O4 - HKLM\..\RunOnce: [iekm32.exe] C:\WINDOWS\iekm32.exe
O4 - HKLM\..\RunOnce: [addym.exe] C:\WINDOWS\system32\addym.exe
O4 - HKLM\..\RunOnce: [atlkq32.exe] C:\WINDOWS\system32\atlkq32.exe
O4 - HKLM\..\RunOnce: [sysvh.exe] C:\WINDOWS\system32\sysvh.exe
O4 - HKLM\..\RunOnce: [sdkjt32.exe] C:\WINDOWS\system32\sdkjt32.exe
O4 - HKLM\..\RunOnce: [ntea.exe] C:\WINDOWS\system32\ntea.exe
O4 - HKLM\..\RunOnce: [d3ln.exe] C:\WINDOWS\system32\d3ln.exe
O4 - HKLM\..\RunOnce: [msfp32.exe] C:\WINDOWS\msfp32.exe
O4 - HKLM\..\RunOnce: [d3zu.exe] C:\WINDOWS\d3zu.exe
O4 - HKLM\..\RunOnce: [crfo32.exe] C:\WINDOWS\system32\crfo32.exe
O4 - HKLM\..\RunOnce: [sysnc.exe] C:\WINDOWS\system32\sysnc.exe
O4 - HKLM\..\RunOnce: [javana32.exe] C:\WINDOWS\javana32.exe
O4 - HKLM\..\RunOnce: [appdy.exe] C:\WINDOWS\appdy.exe
O4 - HKLM\..\RunOnce: [ipll.exe] C:\WINDOWS\ipll.exe
O4 - HKLM\..\RunOnce: [javase32.exe] C:\WINDOWS\javase32.exe
O4 - HKLM\..\RunOnce: [sysyp32.exe] C:\WINDOWS\system32\sysyp32.exe
O4 - HKLM\..\RunOnce: [mssx32.exe] C:\WINDOWS\system32\mssx32.exe
O4 - HKLM\..\RunOnce: [javatr.exe] C:\WINDOWS\system32\javatr.exe
O4 - HKLM\..\RunOnce: [netmt.exe] C:\WINDOWS\netmt.exe
O4 - HKLM\..\RunOnce: [atlup.exe] C:\WINDOWS\system32\atlup.exe
O4 - HKLM\..\RunOnce: [addtq32.exe] C:\WINDOWS\addtq32.exe
O4 - HKLM\..\RunOnce: [crpy.exe] C:\WINDOWS\system32\crpy.exe
O4 - HKLM\..\RunOnce: [sysrq.exe] C:\WINDOWS\system32\sysrq.exe
O4 - HKLM\..\RunOnce: [sdkre.exe] C:\WINDOWS\system32\sdkre.exe
O4 - HKLM\..\RunOnce: [d3ll.exe] C:\WINDOWS\d3ll.exe
O4 - HKLM\..\RunOnce: [mfcjo32.exe] C:\WINDOWS\system32\mfcjo32.exe
O4 - HKLM\..\RunOnce: [msio32.exe] C:\WINDOWS\system32\msio32.exe
O4 - HKLM\..\RunOnce: [sdkap32.exe] C:\WINDOWS\sdkap32.exe
O4 - HKLM\..\RunOnce: [ielm32.exe] C:\WINDOWS\system32\ielm32.exe
O4 - HKLM\..\RunOnce: [appqn.exe] C:\WINDOWS\system32\appqn.exe
O4 - HKLM\..\RunOnce: [addbx32.exe] C:\WINDOWS\addbx32.exe
O4 - HKLM\..\RunOnce: [ntis32.exe] C:\WINDOWS\system32\ntis32.exe
O4 - HKLM\..\RunOnce: [javaar.exe] C:\WINDOWS\system32\javaar.exe
O4 - HKLM\..\RunOnce: [sdkqm32.exe] C:\WINDOWS\sdkqm32.exe
O4 - HKLM\..\RunOnce: [croy32.exe] C:\WINDOWS\croy32.exe
O4 - HKLM\..\RunOnce: [sdkjw.exe] C:\WINDOWS\sdkjw.exe
O4 - HKLM\..\RunOnce: [crao32.exe] C:\WINDOWS\system32\crao32.exe
O4 - HKLM\..\RunOnce: [javare.exe] C:\WINDOWS\javare.exe
O4 - HKLM\..\RunOnce: [ieow32.exe] C:\WINDOWS\ieow32.exe
O4 - HKLM\..\RunOnce: [mscn32.exe] C:\WINDOWS\mscn32.exe
O4 - HKLM\..\RunOnce: [d3nx.exe] C:\WINDOWS\system32\d3nx.exe
O4 - HKLM\..\RunOnce: [atlrn32.exe] C:\WINDOWS\atlrn32.exe
O4 - HKLM\..\RunOnce: [atlpd32.exe] C:\WINDOWS\atlpd32.exe
O4 - HKLM\..\RunOnce: [ipfd32.exe] C:\WINDOWS\system32\ipfd32.exe
O4 - HKLM\..\RunOnce: [sysmf32.exe] C:\WINDOWS\system32\sysmf32.exe
O4 - HKLM\..\RunOnce: [msns32.exe] C:\WINDOWS\system32\msns32.exe
O4 - HKLM\..\RunOnce: [msuu.exe] C:\WINDOWS\msuu.exe
O4 - HKLM\..\RunOnce: [iedt.exe] C:\WINDOWS\iedt.exe
O4 - HKLM\..\RunOnce: [ntec32.exe] C:\WINDOWS\ntec32.exe
O4 - HKLM\..\RunOnce: [atlmq32.exe] C:\WINDOWS\system32\atlmq32.exe
O4 - HKLM\..\RunOnce: [d3sb.exe] C:\WINDOWS\system32\d3sb.exe
O4 - HKLM\..\RunOnce: [winkh32.exe] C:\WINDOWS\winkh32.exe
O4 - HKLM\..\RunOnce: [d3qx32.exe] C:\WINDOWS\d3qx32.exe
O4 - HKLM\..\RunOnce: [ntrr.exe] C:\WINDOWS\ntrr.exe
O4 - HKLM\..\RunOnce: [atllo.exe] C:\WINDOWS\system32\atllo.exe
O4 - HKLM\..\RunOnce: [netyk32.exe] C:\WINDOWS\system32\netyk32.exe
O4 - HKLM\..\RunOnce: [d3pw.exe] C:\WINDOWS\system32\d3pw.exe
O4 - HKLM\..\RunOnce: [addlh.exe] C:\WINDOWS\system32\addlh.exe
O4 - HKLM\..\RunOnce: [winko.exe] C:\WINDOWS\winko.exe
O4 - HKLM\..\RunOnce: [javalx32.exe] C:\WINDOWS\javalx32.exe
O4 - HKLM\..\RunOnce: [ipdi.exe] C:\WINDOWS\system32\ipdi.exe
O4 - HKLM\..\RunOnce: [sdkqx.exe] C:\WINDOWS\system32\sdkqx.exe
O4 - HKLM\..\RunOnce: [atlhj.exe] C:\WINDOWS\atlhj.exe
O4 - HKLM\..\RunOnce: [addpg.exe] C:\WINDOWS\system32\addpg.exe
O4 - HKLM\..\RunOnce: [msqa32.exe] C:\WINDOWS\msqa32.exe
O4 - HKLM\..\RunOnce: [appnc32.exe] C:\WINDOWS\appnc32.exe
O4 - HKLM\..\RunOnce: [addjr32.exe] C:\WINDOWS\system32\addjr32.exe
O4 - HKLM\..\RunOnce: [mssi.exe] C:\WINDOWS\mssi.exe
O4 - HKLM\..\RunOnce: [appdf32.exe] C:\WINDOWS\system32\appdf32.exe
O4 - HKLM\..\RunOnce: [winfu.exe] C:\WINDOWS\system32\winfu.exe
O4 - HKLM\..\RunOnce: [sdkjh.exe] C:\WINDOWS\sdkjh.exe
O4 - HKLM\..\RunOnce: [sysyj.exe] C:\WINDOWS\system32\sysyj.exe
O4 - HKLM\..\RunOnce: [apipm32.exe] C:\WINDOWS\apipm32.exe
O4 - HKLM\..\RunOnce: [javaet32.exe] C:\WINDOWS\javaet32.exe
O4 - HKLM\..\RunOnce: [mfcbe32.exe] C:\WINDOWS\system32\mfcbe32.exe
O4 - HKLM\..\RunOnce: [sdkyj32.exe] C:\WINDOWS\system32\sdkyj32.exe
O4 - HKLM\..\RunOnce: [ntez32.exe] C:\WINDOWS\ntez32.exe
O4 - HKLM\..\RunOnce: [netwy32.exe] C:\WINDOWS\netwy32.exe
O4 - HKLM\..\RunOnce: [addvl32.exe] C:\WINDOWS\addvl32.exe
O4 - HKLM\..\RunOnce: [netfu.exe] C:\WINDOWS\netfu.exe
O4 - HKLM\..\RunOnce: [sysmw32.exe] C:\WINDOWS\sysmw32.exe
O4 - HKLM\..\RunOnce: [sdkrq32.exe] C:\WINDOWS\system32\sdkrq32.exe
O4 - HKLM\..\RunOnce: [ievs32.exe] C:\WINDOWS\system32\ievs32.exe
O4 - HKLM\..\RunOnce: [mfcig32.exe] C:\WINDOWS\system32\mfcig32.exe
O4 - HKLM\..\RunOnce: [sysna.exe] C:\WINDOWS\system32\sysna.exe
O4 - HKLM\..\RunOnce: [atlsc.exe] C:\WINDOWS\atlsc.exe
O4 - HKLM\..\RunOnce: [ieku32.exe] C:\WINDOWS\system32\ieku32.exe
O4 - HKLM\..\RunOnce: [d3pi32.exe] C:\WINDOWS\system32\d3pi32.exe
O4 - HKLM\..\RunOnce: [iebz.exe] C:\WINDOWS\system32\iebz.exe
O4 - HKLM\..\RunOnce: [iprs.exe] C:\WINDOWS\system32\iprs.exe
O4 - HKLM\..\RunOnce: [ierl.exe] C:\WINDOWS\system32\ierl.exe
O4 - HKLM\..\RunOnce: [javaov32.exe] C:\WINDOWS\system32\javaov32.exe
O4 - HKLM\..\RunOnce: [crue.exe] C:\WINDOWS\crue.exe
O4 - HKLM\..\RunOnce: [crgo32.exe] C:\WINDOWS\crgo32.exe
O4 - HKLM\..\RunOnce: [apidt32.exe] C:\WINDOWS\system32\apidt32.exe
O4 - HKLM\..\RunOnce: [ipbl.exe] C:\WINDOWS\ipbl.exe
O4 - HKLM\..\RunOnce: [apira.exe] C:\WINDOWS\system32\apira.exe
O4 - HKLM\..\RunOnce: [ieqh.exe] C:\WINDOWS\ieqh.exe
O4 - HKLM\..\RunOnce: [atlpq32.exe] C:\WINDOWS\system32\atlpq32.exe
O4 - HKLM\..\RunOnce: [crwu32.exe] C:\WINDOWS\system32\crwu32.exe
O4 - HKLM\..\RunOnce: [msoe32.exe] C:\WINDOWS\msoe32.exe
O4 - HKLM\..\RunOnce: [atlvi.exe] C:\WINDOWS\atlvi.exe
O4 - HKLM\..\RunOnce: [netuo32.exe] C:\WINDOWS\system32\netuo32.exe
O4 - HKLM\..\RunOnce: [ievc.exe] C:\WINDOWS\ievc.exe
O4 - HKLM\..\RunOnce: [iewh32.exe] C:\WINDOWS\system32\iewh32.exe
O4 - HKLM\..\RunOnce: [netxx.exe] C:\WINDOWS\netxx.exe
O4 - HKLM\..\RunOnce: [wintf.exe] C:\WINDOWS\system32\wintf.exe
O4 - HKLM\..\RunOnce: [appjn.exe] C:\WINDOWS\system32\appjn.exe
O4 - HKLM\..\RunOnce: [d3oc.exe] C:\WINDOWS\d3oc.exe
O4 - HKLM\..\RunOnce: [sysvm32.exe] C:\WINDOWS\sysvm32.exe
O4 - HKLM\..\RunOnce: [ntaa32.exe] C:\WINDOWS\system32\ntaa32.exe
O4 - HKLM\..\RunOnce: [crpt32.exe] C:\WINDOWS\crpt32.exe
O4 - HKLM\..\RunOnce: [iehw.exe] C:\WINDOWS\iehw.exe
O4 - HKLM\..\RunOnce: [atlhp32.exe] C:\WINDOWS\system32\atlhp32.exe
O4 - HKLM\..\RunOnce: [ntwc32.exe] C:\WINDOWS\ntwc32.exe
O4 - HKLM\..\RunOnce: [crmn.exe] C:\WINDOWS\crmn.exe
O4 - HKLM\..\RunOnce: [javari.exe] C:\WINDOWS\javari.exe
O4 - HKLM\..\RunOnce: [d3om32.exe] C:\WINDOWS\d3om32.exe
O4 - HKLM\..\RunOnce: [javaky.exe] C:\WINDOWS\javaky.exe
O4 - HKLM\..\RunOnce: [mfcyh32.exe] C:\WINDOWS\mfcyh32.exe
O4 - HKLM\..\RunOnce: [sdkhu32.exe] C:\WINDOWS\sdkhu32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40} - C:\Program Files\CommonName\Toolbar\cnbabe.dll




Back to Top
 

eagle
Senior Member


Date Joined May 2004
Total Posts : 805
  		   Posted 7-19-2004 5:21 (GMT +1)    Quote: Help, have hijackthis logAlert an admin about: Help, have hijackthis log
There should be a macaffe icon either on your desktop or in your task bar, for the one in the task bar simply right click highlight disable, click and that should shut it down. Now if you want to remove it go into your control panel add/remove programs, highlight it and click change/remove. That will take it out. for the one on desk top left click and it should bring up a config screen and you  should be able to shut it down in there, not real familiar with macaffe since lost mine. good luck and keep in touch.
           Eaglesmilewinkgrin
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14350
  		   Posted 7-19-2004 7:29 (GMT +1)    Quote: Help, have hijackthis logAlert an admin about: Help, have hijackthis log
yellowmanjv  You have many kind of infections in this logfilesmhair


We take it piece by piece-ok?
unzip to own folder.
Download Hs remove: http://www.hsremove.com/ make sure, it is version 2.39!
Boot to safe mode- tapping F8 while rebooting
Run Cwshredder, close all other windows- FIX
Run Hsremove. Your Startpage will be changed! we change it back later
Post a new log


Back to Top
 

eagle
Senior Member


Date Joined May 2004
Total Posts : 805
  		   Posted 7-19-2004 4:20 (GMT +1)    Quote: Help, have hijackthis logAlert an admin about: Help, have hijackthis log
Yeah do that didn't see all that, want to see if that works.
 Eaglesmilewinkgrin
Back to Top
 

yellowmanjv
New Member


Date Joined Jun 2004
Total Posts : 9
  		   Posted 7-20-2004 12:39 (GMT +1)    Quote: Help, have hijackthis logAlert an admin about: Help, have hijackthis log
Ok i did all that, here is my recent log.

Logfile of HijackThis v1.98.0
Scan saved at 6:38:18 PM, on 7/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\systk32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\S3tray2.exe
C:\WINDOWS\system32\javaen32.exe
C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\okyzf.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://okyzf.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://okyzf.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\okyzf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\okyzf.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://okyzf.dll/index.html#37049
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1BE2B2AB-53D2-4036-F80C-58CE9EFF47A6} - C:\WINDOWS\mshf.dll
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [vpwqaqkxhbdk] C:\WINDOWS\System32\bjlwhi.exe
O4 - HKLM\..\Run: [added.exe] C:\WINDOWS\system32\added.exe
O4 - HKLM\..\Run: [javaen32.exe] C:\WINDOWS\system32\javaen32.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [winls32.exe] C:\WINDOWS\winls32.exe
O4 - HKLM\..\RunOnce: [javazw32.exe] C:\WINDOWS\javazw32.exe
O4 - HKLM\..\RunOnce: [javaax.exe] C:\WINDOWS\system32\javaax.exe
O4 - HKLM\..\RunOnce: [d3rq32.exe] C:\WINDOWS\d3rq32.exe
O4 - HKLM\..\RunOnce: [winsz.exe] C:\WINDOWS\system32\winsz.exe
O4 - HKLM\..\RunOnce: [crgl.exe] C:\WINDOWS\system32\crgl.exe
O4 - HKLM\..\RunOnce: [sdknm.exe] C:\WINDOWS\sdknm.exe
O4 - HKLM\..\RunOnce: [sdkll.exe] C:\WINDOWS\system32\sdkll.exe
O4 - HKLM\..\RunOnce: [crks32.exe] C:\WINDOWS\crks32.exe
O4 - HKLM\..\RunOnce: [appqs32.exe] C:\WINDOWS\system32\appqs32.exe
O4 - HKLM\..\RunOnce: [winhr.exe] C:\WINDOWS\winhr.exe
O4 - HKLM\..\RunOnce: [d3hk32.exe] C:\WINDOWS\system32\d3hk32.exe
O4 - HKLM\..\RunOnce: [javaoh32.exe] C:\WINDOWS\system32\javaoh32.exe
O4 - HKLM\..\RunOnce: [crvh32.exe] C:\WINDOWS\system32\crvh32.exe
O4 - HKLM\..\RunOnce: [apiad32.exe] C:\WINDOWS\system32\apiad32.exe
O4 - HKLM\..\RunOnce: [syshu32.exe] C:\WINDOWS\syshu32.exe
O4 - HKLM\..\RunOnce: [ntlh.exe] C:\WINDOWS\system32\ntlh.exe
O4 - HKLM\..\RunOnce: [mfcnc32.exe] C:\WINDOWS\system32\mfcnc32.exe
O4 - HKLM\..\RunOnce: [wincy.exe] C:\WINDOWS\wincy.exe
O4 - HKLM\..\RunOnce: [javafi32.exe] C:\WINDOWS\javafi32.exe
O4 - HKLM\..\RunOnce: [d3cf.exe] C:\WINDOWS\d3cf.exe
O4 - HKLM\..\RunOnce: [mslp32.exe] C:\WINDOWS\mslp32.exe
O4 - HKLM\..\RunOnce: [ipxf32.exe] C:\WINDOWS\ipxf32.exe
O4 - HKLM\..\RunOnce: [netbq.exe] C:\WINDOWS\system32\netbq.exe
O4 - HKLM\..\RunOnce: [netvw.exe] C:\WINDOWS\system32\netvw.exe
O4 - HKLM\..\RunOnce: [apphh.exe] C:\WINDOWS\apphh.exe
O4 - HKLM\..\RunOnce: [mska32.exe] C:\WINDOWS\mska32.exe
O4 - HKLM\..\RunOnce: [crfm.exe] C:\WINDOWS\crfm.exe
O4 - HKLM\..\RunOnce: [apizh32.exe] C:\WINDOWS\apizh32.exe
O4 - HKLM\..\RunOnce: [iekm32.exe] C:\WINDOWS\iekm32.exe
O4 - HKLM\..\RunOnce: [addym.exe] C:\WINDOWS\system32\addym.exe
O4 - HKLM\..\RunOnce: [atlkq32.exe] C:\WINDOWS\system32\atlkq32.exe
O4 - HKLM\..\RunOnce: [sysvh.exe] C:\WINDOWS\system32\sysvh.exe
O4 - HKLM\..\RunOnce: [sdkjt32.exe] C:\WINDOWS\system32\sdkjt32.exe
O4 - HKLM\..\RunOnce: [ntea.exe] C:\WINDOWS\system32\ntea.exe
O4 - HKLM\..\RunOnce: [d3ln.exe] C:\WINDOWS\system32\d3ln.exe
O4 - HKLM\..\RunOnce: [msfp32.exe] C:\WINDOWS\msfp32.exe
O4 - HKLM\..\RunOnce: [d3zu.exe] C:\WINDOWS\d3zu.exe
O4 - HKLM\..\RunOnce: [crfo32.exe] C:\WINDOWS\system32\crfo32.exe
O4 - HKLM\..\RunOnce: [sysnc.exe] C:\WINDOWS\system32\sysnc.exe
O4 - HKLM\..\RunOnce: [javana32.exe] C:\WINDOWS\javana32.exe
O4 - HKLM\..\RunOnce: [appdy.exe] C:\WINDOWS\appdy.exe
O4 - HKLM\..\RunOnce: [ipll.exe] C:\WINDOWS\ipll.exe
O4 - HKLM\..\RunOnce: [javase32.exe] C:\WINDOWS\javase32.exe
O4 - HKLM\..\RunOnce: [sysyp32.exe] C:\WINDOWS\system32\sysyp32.exe
O4 - HKLM\..\RunOnce: [mssx32.exe] C:\WINDOWS\system32\mssx32.exe
O4 - HKLM\..\RunOnce: [javatr.exe] C:\WINDOWS\system32\javatr.exe
O4 - HKLM\..\RunOnce: [netmt.exe] C:\WINDOWS\netmt.exe
O4 - HKLM\..\RunOnce: [atlup.exe] C:\WINDOWS\system32\atlup.exe
O4 - HKLM\..\RunOnce: [addtq32.exe] C:\WINDOWS\addtq32.exe
O4 - HKLM\..\RunOnce: [crpy.exe] C:\WINDOWS\system32\crpy.exe
O4 - HKLM\..\RunOnce: [sysrq.exe] C:\WINDOWS\system32\sysrq.exe
O4 - HKLM\..\RunOnce: [sdkre.exe] C:\WINDOWS\system32\sdkre.exe
O4 - HKLM\..\RunOnce: [d3ll.exe] C:\WINDOWS\d3ll.exe
O4 - HKLM\..\RunOnce: [mfcjo32.exe] C:\WINDOWS\system32\mfcjo32.exe
O4 - HKLM\..\RunOnce: [msio32.exe] C:\WINDOWS\system32\msio32.exe
O4 - HKLM\..\RunOnce: [sdkap32.exe] C:\WINDOWS\sdkap32.exe
O4 - HKLM\..\RunOnce: [ielm32.exe] C:\WINDOWS\system32\ielm32.exe
O4 - HKLM\..\RunOnce: [appqn.exe] C:\WINDOWS\system32\appqn.exe
O4 - HKLM\..\RunOnce: [addbx32.exe] C:\WINDOWS\addbx32.exe
O4 - HKLM\..\RunOnce: [mfcro.exe] C:\WINDOWS\mfcro.exe
O4 - HKLM\..\RunOnce: [mfczp.exe] C:\WINDOWS\system32\mfczp.exe
O4 - HKLM\..\RunOnce: [ntkc.exe] C:\WINDOWS\system32\ntkc.exe
O4 - HKLM\..\RunOnce: [appjk32.exe] C:\WINDOWS\system32\appjk32.exe
O4 - HKLM\..\RunOnce: [addpg.exe] C:\WINDOWS\system32\addpg.exe
O4 - HKLM\..\RunOnce: [msqa32.exe] C:\WINDOWS\msqa32.exe
O4 - HKLM\..\RunOnce: [appnc32.exe] C:\WINDOWS\appnc32.exe
O4 - HKLM\..\RunOnce: [addjr32.exe] C:\WINDOWS\system32\addjr32.exe
O4 - HKLM\..\RunOnce: [mssi.exe] C:\WINDOWS\mssi.exe
O4 - HKLM\..\RunOnce: [appdf32.exe] C:\WINDOWS\system32\appdf32.exe
O4 - HKLM\..\RunOnce: [winfu.exe] C:\WINDOWS\system32\winfu.exe
O4 - HKLM\..\RunOnce: [sdkjh.exe] C:\WINDOWS\sdkjh.exe
O4 - HKLM\..\RunOnce: [sysyj.exe] C:\WINDOWS\system32\sysyj.exe
O4 - HKLM\..\RunOnce: [apipm32.exe] C:\WINDOWS\apipm32.exe
O4 - HKLM\..\RunOnce: [javaet32.exe] C:\WINDOWS\javaet32.exe
O4 - HKLM\..\RunOnce: [mfcbe32.exe] C:\WINDOWS\system32\mfcbe32.exe
O4 - HKLM\..\RunOnce: [sdkyj32.exe] C:\WINDOWS\system32\sdkyj32.exe
O4 - HKLM\..\RunOnce: [ntez32.exe] C:\WINDOWS\ntez32.exe
O4 - HKLM\..\RunOnce: [netwy32.exe] C:\WINDOWS\netwy32.exe
O4 - HKLM\..\RunOnce: [addvl32.exe] C:\WINDOWS\addvl32.exe
O4 - HKLM\..\RunOnce: [netfu.exe] C:\WINDOWS\netfu.exe
O4 - HKLM\..\RunOnce: [sysmw32.exe] C:\WINDOWS\sysmw32.exe
O4 - HKLM\..\RunOnce: [sdkrq32.exe] C:\WINDOWS\system32\sdkrq32.exe
O4 - HKLM\..\RunOnce: [ievs32.exe] C:\WINDOWS\system32\ievs32.exe
O4 - HKLM\..\RunOnce: [mfcig32.exe] C:\WINDOWS\system32\mfcig32.exe
O4 - HKLM\..\RunOnce: [sysna.exe] C:\WINDOWS\system32\sysna.exe
O4 - HKLM\..\RunOnce: [atlsc.exe] C:\WINDOWS\atlsc.exe
O4 - HKLM\..\RunOnce: [ieku32.exe] C:\WINDOWS\system32\ieku32.exe
O4 - HKLM\..\RunOnce: [d3pi32.exe] C:\WINDOWS\system32\d3pi32.exe
O4 - HKLM\..\RunOnce: [iebz.exe] C:\WINDOWS\system32\iebz.exe
O4 - HKLM\..\RunOnce: [iprs.exe] C:\WINDOWS\system32\iprs.exe
O4 - HKLM\..\RunOnce: [ierl.exe] C:\WINDOWS\system32\ierl.exe
O4 - HKLM\..\RunOnce: [javaov32.exe] C:\WINDOWS\system32\javaov32.exe
O4 - HKLM\..\RunOnce: [crue.exe] C:\WINDOWS\crue.exe
O4 - HKLM\..\RunOnce: [crgo32.exe] C:\WINDOWS\crgo32.exe
O4 - HKLM\..\RunOnce: [apidt32.exe] C:\WINDOWS\system32\apidt32.exe
O4 - HKLM\..\RunOnce: [ipbl.exe] C:\WINDOWS\ipbl.exe
O4 - HKLM\..\RunOnce: [apira.exe] C:\WINDOWS\system32\apira.exe
O4 - HKLM\..\RunOnce: [ieqh.exe] C:\WINDOWS\ieqh.exe
O4 - HKLM\..\RunOnce: [atlpq32.exe] C:\WINDOWS\system32\atlpq32.exe
O4 - HKLM\..\RunOnce: [crwu32.exe] C:\WINDOWS\system32\crwu32.exe
O4 - HKLM\..\RunOnce: [msoe32.exe] C:\WINDOWS\msoe32.exe
O4 - HKLM\..\RunOnce: [atlvi.exe] C:\WINDOWS\atlvi.exe
O4 - HKLM\..\RunOnce: [netuo32.exe] C:\WINDOWS\system32\netuo32.exe
O4 - HKLM\..\RunOnce: [ievc.exe] C:\WINDOWS\ievc.exe
O4 - HKLM\..\RunOnce: [iewh32.exe] C:\WINDOWS\system32\iewh32.exe
O4 - HKLM\..\RunOnce: [netxx.exe] C:\WINDOWS\netxx.exe
O4 - HKLM\..\RunOnce: [wintf.exe] C:\WINDOWS\system32\wintf.exe
O4 - HKLM\..\RunOnce: [appjn.exe] C:\WINDOWS\system32\appjn.exe
O4 - HKLM\..\RunOnce: [d3oc.exe] C:\WINDOWS\d3oc.exe
O4 - HKLM\..\RunOnce: [sysvm32.exe] C:\WINDOWS\sysvm32.exe
O4 - HKLM\..\RunOnce: [ntaa32.exe] C:\WINDOWS\system32\ntaa32.exe
O4 - HKLM\..\RunOnce: [crpt32.exe] C:\WINDOWS\crpt32.exe
O4 - HKLM\..\RunOnce: [iehw.exe] C:\WINDOWS\iehw.exe
O4 - HKLM\..\RunOnce: [atlhp32.exe] C:\WINDOWS\system32\atlhp32.exe
O4 - HKLM\..\RunOnce: [ntwc32.exe] C:\WINDOWS\ntwc32.exe
O4 - HKLM\..\RunOnce: [crmn.exe] C:\WINDOWS\crmn.exe
O4 - HKLM\..\RunOnce: [javari.exe] C:\WINDOWS\javari.exe
O4 - HKLM\..\RunOnce: [d3om32.exe] C:\WINDOWS\d3om32.exe
O4 - HKLM\..\RunOnce: [javaky.exe] C:\WINDOWS\javaky.exe
O4 - HKLM\..\RunOnce: [mfcyh32.exe] C:\WINDOWS\mfcyh32.exe
O4 - HKLM\..\RunOnce: [sdkhu32.exe] C:\WINDOWS\sdkhu32.exe
O4 - HKLM\..\RunOnce: [netlq.exe] C:\WINDOWS\netlq.exe
O4 - HKLM\..\RunOnce: [ieoa32.exe] C:\WINDOWS\system32\ieoa32.exe
O4 - HKLM\..\RunOnce: [ntvm.exe] C:\WINDOWS\ntvm.exe
O4 - HKLM\..\RunOnce: [appub32.exe] C:\WINDOWS\system32\appub32.exe
O4 - HKLM\..\RunOnce: [systk32.exe] C:\WINDOWS\systk32.exe
O4 - HKLM\..\RunOnce: [appfg.exe] C:\WINDOWS\system32\appfg.exe
O4 - HKLM\..\RunOnce: [syscq32.exe] C:\WINDOWS\system32\syscq32.exe
O4 - HKLM\..\RunOnce: [ipbd32.exe] C:\WINDOWS\system32\ipbd32.exe
O4 - HKLM\..\RunOnce: [winoa.exe] C:\WINDOWS\winoa.exe
O4 - HKLM\..\RunOnce: [winrg32.exe] C:\WINDOWS\system32\winrg32.exe
O4 - HKLM\..\RunOnce: [crfv32.exe] C:\WINDOWS\crfv32.exe
O4 - HKLM\..\RunOnce: [netnm.exe] C:\WINDOWS\netnm.exe
O4 - HKLM\..\RunOnce: [mswl32.exe] C:\WINDOWS\mswl32.exe
O4 - HKLM\..\RunOnce: [winii.exe] C:\WINDOWS\system32\winii.exe
O4 - HKLM\..\RunOnce: [netxc.exe] C:\WINDOWS\system32\netxc.exe
O4 - HKLM\..\RunOnce: [javabe.exe] C:\WINDOWS\javabe.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\RunOnce: [appvg.exe] C:\WINDOWS\system32\appvg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - HKCU\..\Run: [Socks4/5 Ad Blocker] C:\Sab\sab.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot7_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40} - C:\PROGRA~1\COMMON~2\Toolbar\cnbabe.dll
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14350
  		   Posted 7-20-2004 6:04 (GMT +1)    Quote: Help, have hijackthis logAlert an admin about: Help, have hijackthis log
It´s getting better;-)
Download this program:  http://www.rokop-security.de/main/download.php?op=getit&lid=59

Unzip, and run exe file, push -  Disinfektion starten. Computer will reboot, and finish cleaning. After this, run Cwshredder. You still have deactivated-system restore?
Run Hijackthis, put a checkmark to these, close all other windows, and fix:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\okyzf.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://okyzf.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://okyzf.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\okyzf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\okyzf.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://okyzf.dll/index.html#37049
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O4 - HKLM\..\Run: [vpwqaqkxhbdk] C:\WINDOWS\System32\bjlwhi.exe
O4 - HKLM\..\Run: [javaen32.exe] C:\WINDOWS\system32\javaen32.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
 O4 - HKLM\..\RunOnce: [winls32.exe] C:\WINDOWS\winls32.exe
O4 - HKLM\..\RunOnce: [javazw32.exe] C:\WINDOWS\javazw32.exe
O4 - HKLM\..\RunOnce: [javaax.exe] C:\WINDOWS\system32\javaax.exe
O4 - HKLM\..\RunOnce: [d3rq32.exe] C:\WINDOWS\d3rq32.exe
O4 - HKLM\..\RunOnce: [winsz.exe] C:\WINDOWS\system32\winsz.exe
O4 - HKLM\..\RunOnce: [crgl.exe] C:\WINDOWS\system32\crgl.exe
O4 - HKLM\..\RunOnce: [sdknm.exe] C:\WINDOWS\sdknm.exe
O4 - HKLM\..\RunOnce: [sdkll.exe] C:\WINDOWS\system32\sdkll.exe
O4 - HKLM\..\RunOnce: [crks32.exe] C:\WINDOWS\crks32.exe
O4 - HKLM\..\RunOnce: [appqs32.exe] C:\WINDOWS\system32\appqs32.exe
O4 - HKLM\..\RunOnce: [winhr.exe] C:\WINDOWS\winhr.exe
O4 - HKLM\..\RunOnce: [d3hk32.exe] C:\WINDOWS\system32\d3hk32.exe
O4 - HKLM\..\RunOnce: [javaoh32.exe] C:\WINDOWS\system32\javaoh32.exe
O4 - HKLM\..\RunOnce: [crvh32.exe] C:\WINDOWS\system32\crvh32.exe
O4 - HKLM\..\RunOnce: [apiad32.exe] C:\WINDOWS\system32\apiad32.exe
O4 - HKLM\..\RunOnce: [syshu32.exe] C:\WINDOWS\syshu32.exe
O4 - HKLM\..\RunOnce: [ntlh.exe] C:\WINDOWS\system32\ntlh.exe
O4 - HKLM\..\RunOnce: [mfcnc32.exe] C:\WINDOWS\system32\mfcnc32.exe
O4 - HKLM\..\RunOnce: [wincy.exe] C:\WINDOWS\wincy.exe
O4 - HKLM\..\RunOnce: [javafi32.exe] C:\WINDOWS\javafi32.exe
O4 - HKLM\..\RunOnce: [d3cf.exe] C:\WINDOWS\d3cf.exe
O4 - HKLM\..\RunOnce: [mslp32.exe] C:\WINDOWS\mslp32.exe
O4 - HKLM\..\RunOnce: [ipxf32.exe] C:\WINDOWS\ipxf32.exe
O4 - HKLM\..\RunOnce: [netbq.exe] C:\WINDOWS\system32\netbq.exe
O4 - HKLM\..\RunOnce: [netvw.exe] C:\WINDOWS\system32\netvw.exe
O4 - HKLM\..\RunOnce: [apphh.exe] C:\WINDOWS\apphh.exe
O4 - HKLM\..\RunOnce: [mska32.exe] C:\WINDOWS\mska32.exe
O4 - HKLM\..\RunOnce: [crfm.exe] C:\WINDOWS\crfm.exe
O4 - HKLM\..\RunOnce: [apizh32.exe] C:\WINDOWS\apizh32.exe
O4 - HKLM\..\RunOnce: [iekm32.exe] C:\WINDOWS\iekm32.exe
O4 - HKLM\..\RunOnce: [addym.exe] C:\WINDOWS\system32\addym.exe
O4 - HKLM\..\RunOnce: [atlkq32.exe] C:\WINDOWS\system32\atlkq32.exe
O4 - HKLM\..\RunOnce: [sysvh.exe] C:\WINDOWS\system32\sysvh.exe
O4 - HKLM\..\RunOnce: [sdkjt32.exe] C:\WINDOWS\system32\sdkjt32.exe
O4 - HKLM\..\RunOnce: [ntea.exe] C:\WINDOWS\system32\ntea.exe
O4 - HKLM\..\RunOnce: [d3ln.exe] C:\WINDOWS\system32\d3ln.exe
O4 - HKLM\..\RunOnce: [msfp32.exe] C:\WINDOWS\msfp32.exe
O4 - HKLM\..\RunOnce: [d3zu.exe] C:\WINDOWS\d3zu.exe
O4 - HKLM\..\RunOnce: [crfo32.exe] C:\WINDOWS\system32\crfo32.exe
O4 - HKLM\..\RunOnce: [sysnc.exe] C:\WINDOWS\system32\sysnc.exe
O4 - HKLM\..\RunOnce: [javana32.exe] C:\WINDOWS\javana32.exe
O4 - HKLM\..\RunOnce: [appdy.exe] C:\WINDOWS\appdy.exe
O4 - HKLM\..\RunOnce: [ipll.exe] C:\WINDOWS\ipll.exe
O4 - HKLM\..\RunOnce: [javase32.exe] C:\WINDOWS\javase32.exe
O4 - HKLM\..\RunOnce: [sysyp32.exe] C:\WINDOWS\system32\sysyp32.exe
O4 - HKLM\..\RunOnce: [mssx32.exe] C:\WINDOWS\system32\mssx32.exe
O4 - HKLM\..\RunOnce: [javatr.exe] C:\WINDOWS\system32\javatr.exe
O4 - HKLM\..\RunOnce: [netmt.exe] C:\WINDOWS\netmt.exe
O4 - HKLM\..\RunOnce: [atlup.exe] C:\WINDOWS\system32\atlup.exe
O4 - HKLM\..\RunOnce: [addtq32.exe] C:\WINDOWS\addtq32.exe
O4 - HKLM\..\RunOnce: [crpy.exe] C:\WINDOWS\system32\crpy.exe
O4 - HKLM\..\RunOnce: [sysrq.exe] C:\WINDOWS\system32\sysrq.exe
O4 - HKLM\..\RunOnce: [sdkre.exe] C:\WINDOWS\system32\sdkre.exe
O4 - HKLM\..\RunOnce: [d3ll.exe] C:\WINDOWS\d3ll.exe
O4 - HKLM\..\RunOnce: [mfcjo32.exe] C:\WINDOWS\system32\mfcjo32.exe
O4 - HKLM\..\RunOnce: [msio32.exe] C:\WINDOWS\system32\msio32.exe
O4 - HKLM\..\RunOnce: [sdkap32.exe] C:\WINDOWS\sdkap32.exe
O4 - HKLM\..\RunOnce: [ielm32.exe] C:\WINDOWS\system32\ielm32.exe
O4 - HKLM\..\RunOnce: [appqn.exe] C:\WINDOWS\system32\appqn.exe
O4 - HKLM\..\RunOnce: [addbx32.exe] C:\WINDOWS\addbx32.exe
O4 - HKLM\..\RunOnce: [mfcro.exe] C:\WINDOWS\mfcro.exe
O4 - HKLM\..\RunOnce: [mfczp.exe] C:\WINDOWS\system32\mfczp.exe
O4 - HKLM\..\RunOnce: [ntkc.exe] C:\WINDOWS\system32\ntkc.exe
O4 - HKLM\..\RunOnce: [appjk32.exe] C:\WINDOWS\system32\appjk32.exe
O4 - HKLM\..\RunOnce: [addpg.exe] C:\WINDOWS\system32\addpg.exe
O4 - HKLM\..\RunOnce: [msqa32.exe] C:\WINDOWS\msqa32.exe
O4 - HKLM\..\RunOnce: [appnc32.exe] C:\WINDOWS\appnc32.exe
O4 - HKLM\..\RunOnce: [addjr32.exe] C:\WINDOWS\system32\addjr32.exe
O4 - HKLM\..\RunOnce: [mssi.exe] C:\WINDOWS\mssi.exe
O4 - HKLM\..\RunOnce: [appdf32.exe] C:\WINDOWS\system32\appdf32.exe
O4 - HKLM\..\RunOnce: [winfu.exe] C:\WINDOWS\system32\winfu.exe
O4 - HKLM\..\RunOnce: [sdkjh.exe] C:\WINDOWS\sdkjh.exe
O4 - HKLM\..\RunOnce: [sysyj.exe] C:\WINDOWS\system32\sysyj.exe
O4 - HKLM\..\RunOnce: [apipm32.exe] C:\WINDOWS\apipm32.exe
O4 - HKLM\..\RunOnce: [javaet32.exe] C:\WINDOWS\javaet32.exe
O4 - HKLM\..\RunOnce: [mfcbe32.exe] C:\WINDOWS\system32\mfcbe32.exe
O4 - HKLM\..\RunOnce: [sdkyj32.exe] C:\WINDOWS\system32\sdkyj32.exe
O4 - HKLM\..\RunOnce: [ntez32.exe] C:\WINDOWS\ntez32.exe
O4 - HKLM\..\RunOnce: [netwy32.exe] C:\WINDOWS\netwy32.exe
O4 - HKLM\..\RunOnce: [addvl32.exe] C:\WINDOWS\addvl32.exe
O4 - HKLM\..\RunOnce: [netfu.exe] C:\WINDOWS\netfu.exe
O4 - HKLM\..\RunOnce: [sysmw32.exe] C:\WINDOWS\sysmw32.exe
O4 - HKLM\..\RunOnce: [sdkrq32.exe] C:\WINDOWS\system32\sdkrq32.exe
O4 - HKLM\..\RunOnce: [ievs32.exe] C:\WINDOWS\system32\ievs32.exe
O4 - HKLM\..\RunOnce: [mfcig32.exe] C:\WINDOWS\system32\mfcig32.exe
O4 - HKLM\..\RunOnce: [sysna.exe] C:\WINDOWS\system32\sysna.exe
O4 - HKLM\..\RunOnce: [atlsc.exe] C:\WINDOWS\atlsc.exe
O4 - HKLM\..\RunOnce: [ieku32.exe] C:\WINDOWS\system32\ieku32.exe
O4 - HKLM\..\RunOnce: [d3pi32.exe] C:\WINDOWS\system32\d3pi32.exe
O4 - HKLM\..\RunOnce: [iebz.exe] C:\WINDOWS\system32\iebz.exe
O4 - HKLM\..\RunOnce: [iprs.exe] C:\WINDOWS\system32\iprs.exe
O4 - HKLM\..\RunOnce: [ierl.exe] C:\WINDOWS\system32\ierl.exe
O4 - HKLM\..\RunOnce: [javaov32.exe] C:\WINDOWS\system32\javaov32.exe
O4 - HKLM\..\RunOnce: [crue.exe] C:\WINDOWS\crue.exe
O4 - HKLM\..\RunOnce: [crgo32.exe] C:\WINDOWS\crgo32.exe
O4 - HKLM\..\RunOnce: [apidt32.exe] C:\WINDOWS\system32\apidt32.exe
O4 - HKLM\..\RunOnce: [ipbl.exe] C:\WINDOWS\ipbl.exe
O4 - HKLM\..\RunOnce: [apira.exe] C:\WINDOWS\system32\apira.exe
O4 - HKLM\..\RunOnce: [ieqh.exe] C:\WINDOWS\ieqh.exe
O4 - HKLM\..\RunOnce: [atlpq32.exe] C:\WINDOWS\system32\atlpq32.exe
O4 - HKLM\..\RunOnce: [crwu32.exe] C:\WINDOWS\system32\crwu32.exe
O4 - HKLM\..\RunOnce: [msoe32.exe] C:\WINDOWS\msoe32.exe
O4 - HKLM\..\RunOnce: [atlvi.exe] C:\WINDOWS\atlvi.exe
O4 - HKLM\..\RunOnce: [netuo32.exe] C:\WINDOWS\system32\netuo32.exe
O4 - HKLM\..\RunOnce: [ievc.exe] C:\WINDOWS\ievc.exe
O4 - HKLM\..\RunOnce: [iewh32.exe] C:\WINDOWS\system32\iewh32.exe
O4 - HKLM\..\RunOnce: [netxx.exe] C:\WINDOWS\netxx.exe
O4 - HKLM\..\RunOnce: [wintf.exe] C:\WINDOWS\system32\wintf.exe
O4 - HKLM\..\RunOnce: [appjn.exe] C:\WINDOWS\system32\appjn.exe
O4 - HKLM\..\RunOnce: [d3oc.exe] C:\WINDOWS\d3oc.exe
O4 - HKLM\..\RunOnce: [sysvm32.exe] C:\WINDOWS\sysvm32.exe
O4 - HKLM\..\RunOnce: [ntaa32.exe] C:\WINDOWS\system32\ntaa32.exe
O4 - HKLM\..\RunOnce: [crpt32.exe] C:\WINDOWS\crpt32.exe
O4 - HKLM\..\RunOnce: [iehw.exe] C:\WINDOWS\iehw.exe
O4 - HKLM\..\RunOnce: [atlhp32.exe] C:\WINDOWS\system32\atlhp32.exe
O4 - HKLM\..\RunOnce: [ntwc32.exe] C:\WINDOWS\ntwc32.exe
O4 - HKLM\..\RunOnce: [crmn.exe] C:\WINDOWS\crmn.exe
O4 - HKLM\..\RunOnce: [javari.exe] C:\WINDOWS\javari.exe
O4 - HKLM\..\RunOnce: [d3om32.exe] C:\WINDOWS\d3om32.exe
O4 - HKLM\..\RunOnce: [javaky.exe] C:\WINDOWS\javaky.exe
O4 - HKLM\..\RunOnce: [mfcyh32.exe] C:\WINDOWS\mfcyh32.exe
O4 - HKLM\..\RunOnce: [sdkhu32.exe] C:\WINDOWS\sdkhu32.exe
O4 - HKLM\..\RunOnce: [netlq.exe] C:\WINDOWS\netlq.exe
O4 - HKLM\..\RunOnce: [ieoa32.exe] C:\WINDOWS\system32\ieoa32.exe
O4 - HKLM\..\RunOnce: [ntvm.exe] C:\WINDOWS\ntvm.exe
O4 - HKLM\..\RunOnce: [appub32.exe] C:\WINDOWS\system32\appub32.exe
O4 - HKLM\..\RunOnce: [systk32.exe] C:\WINDOWS\systk32.exe
O4 - HKLM\..\RunOnce: [appfg.exe] C:\WINDOWS\system32\appfg.exe
O4 - HKLM\..\RunOnce: [syscq32.exe] C:\WINDOWS\system32\syscq32.exe
O4 - HKLM\..\RunOnce: [ipbd32.exe] C:\WINDOWS\system32\ipbd32.exe
O4 - HKLM\..\RunOnce: [winoa.exe] C:\WINDOWS\winoa.exe
O4 - HKLM\..\RunOnce: [winrg32.exe] C:\WINDOWS\system32\winrg32.exe
O4 - HKLM\..\RunOnce: [crfv32.exe] C:\WINDOWS\crfv32.exe
O4 - HKLM\..\RunOnce: [netnm.exe] C:\WINDOWS\netnm.exe
O4 - HKLM\..\RunOnce: [mswl32.exe] C:\WINDOWS\mswl32.exe
O4 - HKLM\..\RunOnce: [winii.exe] C:\WINDOWS\system32\winii.exe
O4 - HKLM\..\RunOnce: [netxc.exe] C:\WINDOWS\system32\netxc.exe
O4 - HKLM\..\RunOnce: [javabe.exe] C:\WINDOWS\javabe.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\RunOnce: [appvg.exe] C:\WINDOWS\system32\appvg.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O18 - Protocol: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40} - C:\PROGRA~1\COMMON~2\Toolbar\cnbabe.dll
Reboot to safe mode- F8
Find and delete:
C:\WINDOWS\System32\bjlwhi.exe
C:\WINDOWS\system32\javaen32.exe
C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
C:\Program Files\TV Media\Tvm.exe<<<<<<Folder-Tv Media
O4 - HKLM\..\RunOnce <<<ALL FIXED exe files
C:\PROGRA~1\COMMON~2\Toolbar\cnbabe.dll
Reboot, and post new log

 

Post Edited (Touch) : 7/20/2004 6:24:29 AM GMT

Back to Top
 

eagle
Senior Member


Date Joined May 2004
Total Posts : 805
  		   Posted 7-20-2004 1:35 (GMT +1)    Quote: Help, have hijackthis logAlert an admin about: Help, have hijackthis log
Go touch, you git this one going good!
Eagle
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14350
  		   Posted 7-20-2004 4:35 (GMT +1)    Quote: Help, have hijackthis logAlert an admin about: Help, have hijackthis log
Eagle> Thankscool
Back to Top
 

yellowmanjv
New Member


Date Joined Jun 2004
Total Posts : 9
  		   Posted 7-20-2004 11:34 (GMT +1)    Quote: Help, have hijackthis logAlert an admin about: Help, have hijackthis log
Logfile of HijackThis v1.98.0
Scan saved at 5:34:14 PM, on 7/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\systk32.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\System32\S3tray2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\javaen32.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\uqxiy.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://uqxiy.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://uqxiy.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\uqxiy.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\uqxiy.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://uqxiy.dll/index.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1BE2B2AB-53D2-4036-F80C-58CE9EFF47A6} - C:\WINDOWS\mshf.dll
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [added.exe] C:\WINDOWS\system32\added.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [javaen32.exe] C:\WINDOWS\system32\javaen32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - HKCU\..\Run: [Socks4/5 Ad Blocker] C:\Sab\sab.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot7_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40} - C:\PROGRA~1\COMMON~2\Toolbar\cnbabe.dll
Back to Top