hijack log
-
hijack log
Hi Owen
I enclose a new log with all files showing.
Regards
Len
Logfile of HijackThis v1.98.2
Scan saved at 21:18:45, on 09/08/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\mfcah32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mspa32.exe
C:\WINDOWS\System32\WinSVCservice.exe
C:\WINDOWS\system32\deinst_qfe002.exe
C:\Program Files\Messenger\msmsgs.exe
D:\PROGRA~1\MICROS~1\Office10\OUTLOOK.EXE
D:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe
D:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zmqaf.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fcuop.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://fcuop.dll/index.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://fcuop.dll/index.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\fcuop.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zmqaf.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fcuop.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://fcuop.dll/index.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zmqaf.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zmqaf.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by UTV Internet
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {18C9B52B-7151-9593-8427-72C86515DCDE} - C:\WINDOWS\appcb.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_ 12_0.dll (file missing)
O4 - HKLM\..\Run: [mspa32.exe] C:\WINDOWS\mspa32.exe
O4 - HKLM\..\Run: [UPNPService] WinSVCservice.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe"
O4 - HKLM\..\RunServices: [UPNPService] WinSVCservice.exe
O4 - HKLM\..\RunOnce: [appxv32.exe] C:\WINDOWS\system32\appxv32.exe
O4 - HKLM\..\RunOnce: [javabt.exe] C:\WINDOWS\system32\javabt.exe
O4 - HKLM\..\RunOnce: [winoh.exe] C:\WINDOWS\system32\winoh.exe
O4 - HKLM\..\RunOnce: [d3rc.exe] C:\WINDOWS\system32\d3rc.exe
O4 - HKLM\..\RunOnce: [crwc.exe] C:\WINDOWS\crwc.exe
O4 - HKLM\..\RunOnce: [sysqx.exe] C:\WINDOWS\sysqx.exe
O4 - HKLM\..\RunOnce: [iert.exe] C:\WINDOWS\system32\iert.exe
O4 - HKLM\..\RunOnce: [d3kv32.exe] C:\WINDOWS\system32\d3kv32.exe
O4 - HKLM\..\RunOnce: [sdksw32.exe] C:\WINDOWS\system32\sdksw32.exe
O4 - HKLM\..\RunOnce: [addwh.exe] C:\WINDOWS\addwh.exe
O4 - HKLM\..\RunOnce: [sdkel.exe] C:\WINDOWS\sdkel.exe
O4 - HKLM\..\RunOnce: [msei32.exe] C:\WINDOWS\msei32.exe
O4 - HKLM\..\RunOnce: [crja32.exe] C:\WINDOWS\crja32.exe
O4 - HKLM\..\RunOnce: [addna.exe] C:\WINDOWS\system32\addna.exe
O4 - HKLM\..\RunOnce: [crsj.exe] C:\WINDOWS\crsj.exe
O4 - HKLM\..\RunOnce: [msjv32.exe] C:\WINDOWS\system32\msjv32.exe
O4 - HKLM\..\RunOnce: [apikt.exe] C:\WINDOWS\system32\apikt.exe
O4 - HKLM\..\RunOnce: [apicd32.exe] C:\WINDOWS\system32\apicd32.exe
O4 - HKLM\..\RunOnce: [netmh.exe] C:\WINDOWS\netmh.exe
O4 - HKLM\..\RunOnce: [ntup32.exe] C:\WINDOWS\system32\ntup32.exe
O4 - HKLM\..\RunOnce: [ippt32.exe] C:\WINDOWS\system32\ippt32.exe
O4 - HKLM\..\RunOnce: [javadd32.exe] C:\WINDOWS\javadd32.exe
O4 - HKLM\..\RunOnce: [ntkr.exe] C:\WINDOWS\ntkr.exe
O4 - HKLM\..\RunOnce: [addqv.exe] C:\WINDOWS\system32\addqv.exe
O4 - HKLM\..\RunOnce: [sysfh.exe] C:\WINDOWS\sysfh.exe
O4 - HKLM\..\RunOnce: [atlpg32.exe] C:\WINDOWS\atlpg32.exe
O4 - HKLM\..\RunOnce: [appgx32.exe] C:\WINDOWS\appgx32.exe
O4 - HKLM\..\RunOnce: [apiwv.exe] C:\WINDOWS\system32\apiwv.exe
O4 - HKLM\..\RunOnce: [appja.exe] C:\WINDOWS\appja.exe
O4 - HKLM\..\RunOnce: [iebr32.exe] C:\WINDOWS\system32\iebr32.exe
O4 - HKLM\..\RunOnce: [addte.exe] C:\WINDOWS\system32\addte.exe
O4 - HKLM\..\RunOnce: [apilv32.exe] C:\WINDOWS\system32\apilv32.exe
O4 - HKLM\..\RunOnce: [mfcbz32.exe] C:\WINDOWS\system32\mfcbz32.exe
O4 - HKLM\..\RunOnce: [d3gr.exe] C:\WINDOWS\d3gr.exe
O4 - HKLM\..\RunOnce: [netyf32.exe] C:\WINDOWS\system32\netyf32.exe
O4 - HKLM\..\RunOnce: [netpi.exe] C:\WINDOWS\system32\netpi.exe
O4 - HKLM\..\RunOnce: [crfc32.exe] C:\WINDOWS\system32\crfc32.exe
O4 - HKLM\..\RunOnce: [d3jv.exe] C:\WINDOWS\d3jv.exe
O4 - HKLM\..\RunOnce: [atlvd32.exe] C:\WINDOWS\atlvd32.exe
O4 - HKLM\..\RunOnce: [mfcri32.exe] C:\WINDOWS\system32\mfcri32.exe
O4 - HKLM\..\RunOnce: [winpa.exe] C:\WINDOWS\winpa.exe
O4 - HKLM\..\RunOnce: [crdo32.exe] C:\WINDOWS\system32\crdo32.exe
O4 - HKLM\..\RunOnce: [ntcf.exe] C:\WINDOWS\system32\ntcf.exe
O4 - HKLM\..\RunOnce: [ieat32.exe] C:\WINDOWS\system32\ieat32.exe
O4 - HKLM\..\RunOnce: [addlf.exe] C:\WINDOWS\system32\addlf.exe
O4 - HKLM\..\RunOnce: [atlhi32.exe] C:\WINDOWS\atlhi32.exe
O4 - HKLM\..\RunOnce: [d3ek32.exe] C:\WINDOWS\system32\d3ek32.exe
O4 - HKLM\..\RunOnce: [sdktl32.exe] C:\WINDOWS\sdktl32.exe
O4 - HKLM\..\RunOnce: [ntro.exe] C:\WINDOWS\ntro.exe
O4 - HKLM\..\RunOnce: [mfcyn.exe] C:\WINDOWS\system32\mfcyn.exe
O4 - HKLM\..\RunOnce: [sdkzt.exe] C:\WINDOWS\sdkzt.exe
O4 - HKLM\..\RunOnce: [addgw32.exe] C:\WINDOWS\system32\addgw32.exe
O4 - HKLM\..\RunOnce: [winhh.exe] C:\WINDOWS\system32\winhh.exe
O4 - HKLM\..\RunOnce: [netnr32.exe] C:\WINDOWS\system32\netnr32.exe
O4 - HKLM\..\RunOnce: [sdkqa.exe] C:\WINDOWS\sdkqa.exe
O4 - HKLM\..\RunOnce: [ipui.exe] C:\WINDOWS\system32\ipui.exe
O4 - HKLM\..\RunOnce: [crep32.exe] C:\WINDOWS\crep32.exe
O4 - HKLM\..\RunOnce: [msho.exe] C:\WINDOWS\system32\msho.exe
O4 - HKLM\..\RunOnce: [addvo.exe] C:\WINDOWS\system32\addvo.exe
O4 - HKLM\..\RunOnce: [mfcjd.exe] C:\WINDOWS\mfcjd.exe
O4 - HKLM\..\RunOnce: [mfcaw.exe] C:\WINDOWS\mfcaw.exe
O4 - HKLM\..\RunOnce: [winhl.exe] C:\WINDOWS\system32\winhl.exe
O4 - HKLM\..\RunOnce: [msna.exe] C:\WINDOWS\system32\msna.exe
O4 - HKLM\..\RunOnce: [mspd.exe] C:\WINDOWS\mspd.exe
O4 - HKLM\..\RunOnce: [sysoo32.exe] C:\WINDOWS\sysoo32.exe
O4 - HKLM\..\RunOnce: [addrb.exe] C:\WINDOWS\addrb.exe
O4 - HKCU\..\Run: [SpywareGuard] C:\WINDOWS\system32\deinst_qfe001.exe
O4 - HKCU\..\Run: [Windows Update Checker] C:\WINDOWS\system32\deinst_qfe002.exe
O4 - Global Startup: Microsoft Office.lnk = D:\program files\microsoft office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\program files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\program files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://u.tv
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab28177.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\bwjuxhkf.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab28578.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28177.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{48D16442-86E4-48BE-A7DE-443E93B75978}: NameServer = 195.218.116.2 194.46.8.57
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)
-
Hiya,
Close all browser windows, restart Hijack This and put a checkmark next to the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by UTV Internet
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {18C9B52B-7151-9593-8427-72C86515DCDE} - C:\WINDOWS\appcb.dll
O4 - HKLM\..\RunOnce: [appxv32.exe] C:\WINDOWS\system32\appxv32.exe
O4 - HKLM\..\RunOnce: [javabt.exe] C:\WINDOWS\system32\javabt.exe
O4 - HKLM\..\RunOnce: [winoh.exe] C:\WINDOWS\system32\winoh.exe
O4 - HKLM\..\RunOnce: [d3rc.exe] C:\WINDOWS\system32\d3rc.exe
O4 - HKLM\..\RunOnce: [crwc.exe] C:\WINDOWS\crwc.exe
O4 - HKLM\..\RunOnce: [sysqx.exe] C:\WINDOWS\sysqx.exe
O4 - HKLM\..\RunOnce: [iert.exe] C:\WINDOWS\system32\iert.exe
O4 - HKLM\..\RunOnce: [d3kv32.exe] C:\WINDOWS\system32\d3kv32.exe
O4 - HKLM\..\RunOnce: [sdksw32.exe] C:\WINDOWS\system32\sdksw32.exe
O4 - HKLM\..\RunOnce: [addwh.exe] C:\WINDOWS\addwh.exe
O4 - HKLM\..\RunOnce: [sdkel.exe] C:\WINDOWS\sdkel.exe
O4 - HKLM\..\RunOnce: [msei32.exe] C:\WINDOWS\msei32.exe
O4 - HKLM\..\RunOnce: [crja32.exe] C:\WINDOWS\crja32.exe
O4 - HKLM\..\RunOnce: [addna.exe] C:\WINDOWS\system32\addna.exe
O4 - HKLM\..\RunOnce: [crsj.exe] C:\WINDOWS\crsj.exe
O4 - HKLM\..\RunOnce: [msjv32.exe] C:\WINDOWS\system32\msjv32.exe
O4 - HKLM\..\RunOnce: [apikt.exe] C:\WINDOWS\system32\apikt.exe
O4 - HKLM\..\RunOnce: [apicd32.exe] C:\WINDOWS\system32\apicd32.exe
O4 - HKLM\..\RunOnce: [netmh.exe] C:\WINDOWS\netmh.exe
O4 - HKLM\..\RunOnce: [ntup32.exe] C:\WINDOWS\system32\ntup32.exe
O4 - HKLM\..\RunOnce: [ippt32.exe] C:\WINDOWS\system32\ippt32.exe
O4 - HKLM\..\RunOnce: [javadd32.exe] C:\WINDOWS\javadd32.exe
O4 - HKLM\..\RunOnce: [ntkr.exe] C:\WINDOWS\ntkr.exe
O4 - HKLM\..\RunOnce: [addqv.exe] C:\WINDOWS\system32\addqv.exe
O4 - HKLM\..\RunOnce: [sysfh.exe] C:\WINDOWS\sysfh.exe
O4 - HKLM\..\RunOnce: [atlpg32.exe] C:\WINDOWS\atlpg32.exe
O4 - HKLM\..\RunOnce: [appgx32.exe] C:\WINDOWS\appgx32.exe
O4 - HKLM\..\RunOnce: [apiwv.exe] C:\WINDOWS\system32\apiwv.exe
O4 - HKLM\..\RunOnce: [appja.exe] C:\WINDOWS\appja.exe
O4 - HKLM\..\RunOnce: [iebr32.exe] C:\WINDOWS\system32\iebr32.exe
O4 - HKLM\..\RunOnce: [addte.exe] C:\WINDOWS\system32\addte.exe
O4 - HKLM\..\RunOnce: [apilv32.exe] C:\WINDOWS\system32\apilv32.exe
O4 - HKLM\..\RunOnce: [mfcbz32.exe] C:\WINDOWS\system32\mfcbz32.exe
O4 - HKLM\..\RunOnce: [d3gr.exe] C:\WINDOWS\d3gr.exe
O4 - HKLM\..\RunOnce: [netyf32.exe] C:\WINDOWS\system32\netyf32.exe
O4 - HKLM\..\RunOnce: [netpi.exe] C:\WINDOWS\system32\netpi.exe
O4 - HKLM\..\RunOnce: [crfc32.exe] C:\WINDOWS\system32\crfc32.exe
O4 - HKLM\..\RunOnce: [d3jv.exe] C:\WINDOWS\d3jv.exe
O4 - HKLM\..\RunOnce: [atlvd32.exe] C:\WINDOWS\atlvd32.exe
O4 - HKLM\..\RunOnce: [mfcri32.exe] C:\WINDOWS\system32\mfcri32.exe
O4 - HKLM\..\RunOnce: [winpa.exe] C:\WINDOWS\winpa.exe
O4 - HKLM\..\RunOnce: [crdo32.exe] C:\WINDOWS\system32\crdo32.exe
O4 - HKLM\..\RunOnce: [ntcf.exe] C:\WINDOWS\system32\ntcf.exe
O4 - HKLM\..\RunOnce: [ieat32.exe] C:\WINDOWS\system32\ieat32.exe
O4 - HKLM\..\RunOnce: [addlf.exe] C:\WINDOWS\system32\addlf.exe
O4 - HKLM\..\RunOnce: [atlhi32.exe] C:\WINDOWS\atlhi32.exe
O4 - HKLM\..\RunOnce: [d3ek32.exe] C:\WINDOWS\system32\d3ek32.exe
O4 - HKLM\..\RunOnce: [sdktl32.exe] C:\WINDOWS\sdktl32.exe
O4 - HKLM\..\RunOnce: [ntro.exe] C:\WINDOWS\ntro.exe
O4 - HKLM\..\RunOnce: [mfcyn.exe] C:\WINDOWS\system32\mfcyn.exe
O4 - HKLM\..\RunOnce: [sdkzt.exe] C:\WINDOWS\sdkzt.exe
O4 - HKLM\..\RunOnce: [addgw32.exe] C:\WINDOWS\system32\addgw32.exe
O4 - HKLM\..\RunOnce: [winhh.exe] C:\WINDOWS\system32\winhh.exe
O4 - HKLM\..\RunOnce: [netnr32.exe] C:\WINDOWS\system32\netnr32.exe
O4 - HKLM\..\RunOnce: [sdkqa.exe] C:\WINDOWS\sdkqa.exe
O4 - HKLM\..\RunOnce: [ipui.exe] C:\WINDOWS\system32\ipui.exe
O4 - HKLM\..\RunOnce: [crep32.exe] C:\WINDOWS\crep32.exe
O4 - HKLM\..\RunOnce: [msho.exe] C:\WINDOWS\system32\msho.exe
O4 - HKLM\..\RunOnce: [addvo.exe] C:\WINDOWS\system32\addvo.exe
O4 - HKLM\..\RunOnce: [mfcjd.exe] C:\WINDOWS\mfcjd.exe
O4 - HKLM\..\RunOnce: [mfcaw.exe] C:\WINDOWS\mfcaw.exe
O4 - HKLM\..\RunOnce: [winhl.exe] C:\WINDOWS\system32\winhl.exe
O4 - HKLM\..\RunOnce: [msna.exe] C:\WINDOWS\system32\msna.exe
O4 - HKLM\..\RunOnce: [mspd.exe] C:\WINDOWS\mspd.exe
O4 - HKLM\..\RunOnce: [sysoo32.exe] C:\WINDOWS\sysoo32.exe
O4 - HKLM\..\RunOnce: [addrb.exe] C:\WINDOWS\addrb.exe
Click Fix Checked
Then please download About:Buster and unzip it to your desktop. Then boot into safe mode (Instructions here). Start it, hit Ok, Start, And Ok again to start the scan. It will generate a log. Post that log along with a new Hijack this log here.
-
Hi Owen
I did as you asked. Check fix listed items etc. downloaded about buster, extracted to desktop and into safe mode but unfortunately i can't run the programme (buster). I downloaded and extracted twice but to no avail. Could you advise please?
Regards
Len
-
Do you get any error messages?
-
No, it's just that the programme itself doesn't start scanning. It says that is idle and waiting. No matter how many times you press start, nothing happens.
-
An update has been released so could you try downloading again. I'm not sure if you already have this version but it is worth a try...
