Hijack This Log
-
Hijack This Log
Hi everyone,
Thanks again for doing this. My first two posts were cut off due to the posting limit, so I guess that means the Hijack This Log shows tons of bad stuff. I therefore had to cut off the last few lines of it, but I hope what remains is still useful for your analysis.
- Rob
Logfile of HijackThis v1.99.1
Scan saved at 11:14:09 AM, on 5/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ltmsg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ntsh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\Ruskin Passaro\Local Settings\Temporary Internet Files\Content.IE5\09CZCN8V\SpyFighterSetup[1].exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC1 0.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Ruskin Passaro\Desktop\Anti Spyware Programs\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jstyg.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jstyg.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jstyg.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jstyg.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jstyg.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {1F0D6B1F-FEEB-261C-BE3C-F6F797F1D166} - C:\WINDOWS\crct32.dll
O2 - BHO: Class - {55E7D5FC-94F9-2EDA-0E40-9440AF227929} - C:\WINDOWS\appnk.dll
O2 - BHO: Class - {A012ED6C-3ADD-6CAA-B9D6-A652CB9CDECF} - C:\WINDOWS\system32\msuo32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {DA3DECF3-6CA2-2B53-35B6-CDFA3AF1A425} - C:\WINDOWS\system32\ipnt.dll
O2 - BHO: Class - {FF56B561-EE03-788D-F628-1F9CD8262ABA} - C:\WINDOWS\ipuf32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ntsh.exe] C:\WINDOWS\ntsh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunOnce: [mfcii.exe] C:\WINDOWS\mfcii.exe
O4 - HKLM\..\RunOnce: [crgw.exe] C:\WINDOWS\crgw.exe
O4 - HKLM\..\RunOnce: [crdj32.exe] C:\WINDOWS\crdj32.exe
O4 - HKLM\..\RunOnce: [apiil.exe] C:\WINDOWS\apiil.exe
O4 - HKLM\..\RunOnce: [winzv32.exe] C:\WINDOWS\winzv32.exe
O4 - HKLM\..\RunOnce: [addhh.exe] C:\WINDOWS\addhh.exe
O4 - HKLM\..\RunOnce: [d3nb32.exe] C:\WINDOWS\d3nb32.exe
O4 - HKLM\..\RunOnce: [sysdi32.exe] C:\WINDOWS\sysdi32.exe
O4 - HKLM\..\RunOnce: [msvn.exe] C:\WINDOWS\msvn.exe
O4 - HKLM\..\RunOnce: [netzk32.exe] C:\WINDOWS\netzk32.exe
O4 - HKLM\..\RunOnce: [sysnc.exe] C:\WINDOWS\sysnc.exe
O4 - HKLM\..\RunOnce: [javams32.exe] C:\WINDOWS\javams32.exe
O4 - HKLM\..\RunOnce: [sysxo.exe] C:\WINDOWS\sysxo.exe
O4 - HKLM\..\RunOnce: [appks32.exe] C:\WINDOWS\appks32.exe
O4 - HKLM\..\RunOnce: [winil.exe] C:\WINDOWS\winil.exe
O4 - HKLM\..\RunOnce: [iegm32.exe] C:\WINDOWS\iegm32.exe
O4 - HKLM\..\RunOnce: [adddy.exe] C:\WINDOWS\adddy.exe
O4 - HKLM\..\RunOnce: [crcy32.exe] C:\WINDOWS\crcy32.exe
O4 - HKLM\..\RunOnce: [apiia.exe] C:\WINDOWS\apiia.exe
O4 - HKLM\..\RunOnce: [mfcry.exe] C:\WINDOWS\system32\mfcry.exe
O4 - HKLM\..\RunOnce: [sdkvi.exe] C:\WINDOWS\system32\sdkvi.exe
O4 - HKLM\..\RunOnce: [appjn32.exe] C:\WINDOWS\system32\appjn32.exe
O4 - HKLM\..\RunOnce: [msoh.exe] C:\WINDOWS\system32\msoh.exe
O4 - HKLM\..\RunOnce: [d3ph32.exe] C:\WINDOWS\d3ph32.exe
O4 - HKLM\..\RunOnce: [netck.exe] C:\WINDOWS\netck.exe
O4 - HKLM\..\RunOnce: [atlyo.exe] C:\WINDOWS\atlyo.exe
O4 - HKLM\..\RunOnce: [msmq32.exe] C:\WINDOWS\msmq32.exe
O4 - HKLM\..\RunOnce: [winqu.exe] C:\WINDOWS\system32\winqu.exe
O4 - HKLM\..\RunOnce: [crwo32.exe] C:\WINDOWS\crwo32.exe
O4 - HKLM\..\RunOnce: [ipue.exe] C:\WINDOWS\system32\ipue.exe
O4 - HKLM\..\RunOnce: [addzg32.exe] C:\WINDOWS\system32\addzg32.exe
O4 - HKLM\..\RunOnce: [apipn.exe] C:\WINDOWS\system32\apipn.exe
O4 - HKLM\..\RunOnce: [sysvh.exe] C:\WINDOWS\sysvh.exe
O4 - HKLM\..\RunOnce: [crna32.exe] C:\WINDOWS\crna32.exe
O4 - HKLM\..\RunOnce: [apitc.exe] C:\WINDOWS\system32\apitc.exe
O4 - HKLM\..\RunOnce: [mfctd32.exe] C:\WINDOWS\mfctd32.exe
O4 - HKLM\..\RunOnce: [iehx.exe] C:\WINDOWS\iehx.exe
O4 - HKLM\..\RunOnce: [netqd32.exe] C:\WINDOWS\netqd32.exe
O4 - HKLM\..\RunOnce: [ntvh.exe] C:\WINDOWS\system32\ntvh.exe
O4 - HKLM\..\RunOnce: [atlak32.exe] C:\WINDOWS\system32\atlak32.exe
O4 - HKLM\..\RunOnce: [sysyr.exe] C:\WINDOWS\sysyr.exe
O4 - HKLM\..\RunOnce: [ntzv.exe] C:\WINDOWS\system32\ntzv.exe
O4 - HKLM\..\RunOnce: [atlso32.exe] C:\WINDOWS\atlso32.exe
O4 - HKLM\..\RunOnce: [msxq.exe] C:\WINDOWS\msxq.exe
O4 - HKLM\..\RunOnce: [d3yq32.exe] C:\WINDOWS\system32\d3yq32.exe
O4 - HKLM\..\RunOnce: [iplk.exe] C:\WINDOWS\iplk.exe
O4 - HKLM\..\RunOnce: [atlpw.exe] C:\WINDOWS\system32\atlpw.exe
O4 - HKLM\..\RunOnce: [ieuq32.exe] C:\WINDOWS\system32\ieuq32.exe
O4 - HKLM\..\RunOnce: [addzv.exe] C:\WINDOWS\system32\addzv.exe
O4 - HKLM\..\RunOnce: [crex32.exe] C:\WINDOWS\system32\crex32.exe
O4 - HKLM\..\RunOnce: [ntmo.exe] C:\WINDOWS\ntmo.exe
O4 - HKLM\..\RunOnce: [atlrq32.exe] C:\WINDOWS\atlrq32.exe
O4 - HKLM\..\RunOnce: [adduu32.exe] C:\WINDOWS\system32\adduu32.exe
O4 - HKLM\..\RunOnce: [crzw.exe] C:\WINDOWS\system32\crzw.exe
O4 - HKLM\..\RunOnce: [sdkpd.exe] C:\WINDOWS\system32\sdkpd.exe
O4 - HKLM\..\RunOnce: [atluf32.exe] C:\WINDOWS\atluf32.exe
O4 - HKLM\..\RunOnce: [d3uf.exe] C:\WINDOWS\system32\d3uf.exe
O4 - HKLM\..\RunOnce: [nethi.exe] C:\WINDOWS\system32\nethi.exe
O4 - HKLM\..\RunOnce: [javasi.exe] C:\WINDOWS\system32\javasi.exe
O4 - HKLM\..\RunOnce: [mfcxd32.exe] C:\WINDOWS\system32\mfcxd32.exe
O4 - HKLM\..\RunOnce: [crmr.exe] C:\WINDOWS\system32\crmr.exe
O4 - HKLM\..\RunOnce: [netru32.exe] C:\WINDOWS\netru32.exe
O4 - HKLM\..\RunOnce: [apifq32.exe] C:\WINDOWS\system32\apifq32.exe
O4 - HKLM\..\RunOnce: [winll.exe] C:\WINDOWS\system32\winll.exe
O4 - HKLM\..\RunOnce: [ntfw.exe] C:\WINDOWS\ntfw.exe
O4 - HKLM\..\RunOnce: [appkq32.exe] C:\WINDOWS\appkq32.exe
O4 - HKLM\..\RunOnce: [mspv32.exe] C:\WINDOWS\system32\mspv32.exe
O4 - HKLM\..\RunOnce: [ipcp32.exe] C:\WINDOWS\system32\ipcp32.exe
O4 - HKLM\..\RunOnce: [apimp.exe] C:\WINDOWS\system32\apimp.exe
O4 - HKLM\..\RunOnce: [sysrr32.exe] C:\WINDOWS\system32\sysrr32.exe
O4 - HKLM\..\RunOnce: [msmv.exe] C:\WINDOWS\msmv.exe
O4 - HKLM\..\RunOnce: [ntsx32.exe] C:\WINDOWS\ntsx32.exe
O4 - HKLM\..\RunOnce: [crqf32.exe] C:\WINDOWS\crqf32.exe
O4 - HKLM\..\RunOnce: [netvz.exe] C:\WINDOWS\system32\netvz.exe
O4 - HKLM\..\RunOnce: [addgs32.exe] C:\WINDOWS\system32\addgs32.exe
O4 - HKLM\..\RunOnce: [d3lu.exe] C:\WINDOWS\d3lu.exe
O4 - HKLM\..\RunOnce: [javauu32.exe] C:\WINDOWS\system32\javauu32.exe
O4 - HKLM\..\RunOnce: [apizo.exe] C:\WINDOWS\system32\apizo.exe
O4 - HKLM\..\RunOnce: [addda.exe] C:\WINDOWS\addda.exe
O4 - HKLM\..\RunOnce: [iptq32.exe] C:\WINDOWS\system32\iptq32.exe
O4 - HKLM\..\RunOnce: [d3lm.exe] C:\WINDOWS\d3lm.exe
O4 - HKLM\..\RunOnce: [appmg.exe] C:\WINDOWS\appmg.exe
O4 - HKLM\..\RunOnce: [msri32.exe] C:\WINDOWS\system32\msri32.exe
O4 - HKLM\..\RunOnce: [atlmu32.exe] C:\WINDOWS\atlmu32.exe
O4 - HKLM\..\RunOnce: [ntkq.exe] C:\WINDOWS\ntkq.exe
O4 - HKLM\..\RunOnce: [appyk.exe] C:\WINDOWS\appyk.exe
O4 - HKLM\..\RunOnce: [d3pr.exe] C:\WINDOWS\d3pr.exe
O4 - HKLM\..\RunOnce: [ipcm.exe] C:\WINDOWS\system32\ipcm.exe
O4 - HKLM\..\RunOnce: [cryq.exe] C:\WINDOWS\system32\cryq.exe
O4 - HKLM\..\RunOnce: [netla.exe] C:\WINDOWS\system32\netla.exe
O4 - HKLM\..\RunOnce: [addru32.exe] C:\WINDOWS\addru32.exe
O4 - HKLM\..\RunOnce: [mspj.exe] C:\WINDOWS\system32\mspj.exe
O4 - HKLM\..\RunOnce: [ipue32.exe] C:\WINDOWS\system32\ipue32.exe
O4 - HKLM\..\RunOnce: [crkl.exe] C:\WINDOWS\system32\crkl.exe
O4 - HKLM\..\RunOnce: [ipjy.exe] C:\WINDOWS\ipjy.exe
O4 - HKLM\..\RunOnce: [addoa32.exe] C:\WINDOWS\system32\addoa32.exe
O4 - HKLM\..\RunOnce: [atlim.exe] C:\WINDOWS\atlim.exe
O4 - HKLM\..\RunOnce: [msno32.exe] C:\WINDOWS\msno32.exe
O4 - HKLM\..\RunOnce: [sysgz.exe] C:\WINDOWS\system32\sysgz.exe
O4 - HKLM\..\RunOnce: [sdkmb32.exe] C:\WINDOWS\system32\sdkmb32.exe
O4 - HKLM\..\RunOnce: [crfm32.exe] C:\WINDOWS\crfm32.exe
O4 - HKLM\..\RunOnce: [ipwa32.exe] C:\WINDOWS\system32\ipwa32.exe
O4 - HKLM\..\RunOnce: [addjc32.exe] C:\WINDOWS\system32\addjc32.exe
O4 - HKLM\..\RunOnce: [atlvn32.exe] C:\WINDOWS\atlvn32.exe
O4 - HKLM\..\RunOnce: [apius.exe] C:\WINDOWS\system32\apius.exe
O4 - HKLM\..\RunOnce: [winhv.exe] C:\WINDOWS\system32\winhv.exe
O4 - HKLM\..\RunOnce: [mfcdz.exe] C:\WINDOWS\mfcdz.exe
O4 - HKLM\..\RunOnce: [iert32.exe] C:\WINDOWS\iert32.exe
O4 - HKLM\..\RunOnce: [sysrj.exe] C:\WINDOWS\sysrj.exe
O4 - HKLM\..\RunOnce: [javawd32.exe] C:\WINDOWS\javawd32.exe
O4 - HKLM\..\RunOnce: [netus.exe] C:\WINDOWS\system32\netus.exe
O4 - HKLM\..\RunOnce: [winzn32.exe] C:\WINDOWS\winzn32.exe
O4 - HKLM\..\RunOnce: [mfcqu.exe] C:\WINDOWS\mfcqu.exe
O4 - HKLM\..\RunOnce: [iedw32.exe] C:\WINDOWS\iedw32.exe
O4 - HKLM\..\RunOnce: [winoh.exe] C:\WINDOWS\system32\winoh.exe
O4 - HKLM\..\RunOnce: [javauk32.exe] C:\WINDOWS\system32\javauk32.exe
O4 - HKLM\..\RunOnce: [d3nv.exe] C:\WINDOWS\d3nv.exe
O4 - HKLM\..\RunOnce: [javare.exe] C:\WINDOWS\javare.exe
O4 - HKLM\..\RunOnce: [addak32.exe] C:\WINDOWS\addak32.exe
O4 - HKLM\..\RunOnce: [d3ff32.exe] C:\WINDOWS\d3ff32.exe
O4 - HKLM\..\RunOnce: [msqy32.exe] C:\WINDOWS\system32\msqy32.exe
O4 - HKLM\..\RunOnce: [sysyd.exe] C:\WINDOWS\sysyd.exe
O4 - HKLM\..\RunOnce: [javadg.exe] C:\WINDOWS\system32\javadg.exe
O4 - HKLM\..\RunOnce: [sdkne32.exe] C:\WINDOWS\system32\sdkne32.exe
O4 - HKLM\..\RunOnce: [javamm.exe] C:\WINDOWS\system32\javamm.exe
O4 - HKLM\..\RunOnce: [mfcso32.exe] C:\WINDOWS\mfcso32.exe
O4 - HKLM\..\RunOnce: [winqv.exe] C:\WINDOWS\system32\winqv.exe
O4 - HKLM\..\RunOnce: [apipl32.exe] C:\WINDOWS\apipl32.exe
O4 - HKLM\..\RunOnce: [iemf.exe] C:\WINDOWS\system32\iemf.exe
O4 - HKLM\..\RunOnce: [sdkzz32.exe] C:\WINDOWS\sdkzz32.exe
O4 - HKLM\..\RunOnce: [javaks.exe] C:\WINDOWS\javaks.exe
O4 - HKLM\..\RunOnce: [sdkuq.exe] C:\WINDOWS\system32\sdkuq.exe
O4 - HKLM\..\RunOnce: [mfczt32.exe] C:\WINDOWS\system32\mfczt32.exe
O4 - HKLM\..\RunOnce: [ipxa.exe] C:\WINDOWS\ipxa.exe
O4 - HKLM\..\RunOnce: [appcu.exe] C:\WINDOWS\appcu.exe
O4 - HKLM\..\RunOnce: [msnn32.exe] C:\WINDOWS\system32\msnn32.exe
O4 - HKLM\..\RunOnce: [ipsp.exe] C:\WINDOWS\system32\ipsp.exe
O4 - HKLM\..\RunOnce: [iegg32.exe] C:\WINDOWS\system32\iegg32.exe
O4 - HKLM\..\RunOnce: [sdkma32.exe] C:\WINDOWS\sdkma32.exe
O4 - HKLM\..\RunOnce: [ntub32.exe] C:\WINDOWS\system32\ntub32.exe
O4 - HKLM\..\RunOnce: [appad32.exe] C:\WINDOWS\system32\appad32.exe
O4 - HKLM\..\RunOnce: [addoa.exe] C:\WINDOWS\addoa.exe
O4 - HKLM\..\RunOnce: [mfcof.exe] C:\WINDOWS\system32\mfcof.exe
O4 - HKLM\..\RunOnce: [ietz32.exe] C:\WINDOWS\system32\ietz32.exe
O4 - HKLM\..\RunOnce: [sdkye32.exe] C:\WINDOWS\sdkye32.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\atldy.exe
O4 - HKLM\..\RunOnce: [ipwz.exe] C:\WINDOWS\ipwz.exe
O4 - HKLM\..\RunOnce: [appbt.exe] C:\WINDOWS\appbt.exe
O4 - HKLM\..\RunOnce: [apphq32.exe] C:\WINDOWS\system32\apphq32.exe
O4 - HKLM\..\RunOnce: [msus.exe] C:\WINDOWS\system32\msus.exe
O4 - HKLM\..\RunOnce: [sdkqw.exe] C:\WINDOWS\sdkqw.exe
O4 - HKLM\..\RunOnce: [sysis.exe] C:\WINDOWS\system32\sysis.exe
O4 - HKLM\..\RunOnce: [sysdm.exe] C:\WINDOWS\system32\sysdm.exe
O4 - HKLM\..\RunOnce: [sdkig32.exe] C:\WINDOWS\system32\sdkig32.exe
O4 - HKLM\..\RunOnce: [javaqo32.exe] C:\WINDOWS\system32\javaqo32.exe
O4 - HKLM\..\RunOnce: [apivq.exe] C:\WINDOWS\system32\apivq.exe
O4 - HKLM\..\RunOnce: [ipuy.exe] C:\WINDOWS\ipuy.exe
O4 - HKLM\..\RunOnce: [addza.exe] C:\WINDOWS\system32\addza.exe
O4 - HKLM\..\RunOnce: [d3yh32.exe] C:\WINDOWS\d3yh32.exe
O4 - HKLM\..\RunOnce: [ipek.exe] C:\WINDOWS\system32\ipek.exe
O4 - HKLM\..\RunOnce: [winrg.exe] C:\WINDOWS\winrg.exe
O4 - HKLM\..\RunOnce: [sdkfj.exe] C:\WINDOWS\system32\sdkfj.exe
O4 - HKLM\..\RunOnce: [mfcld32.exe] C:\WINDOWS\mfcld32.exe
O4 - HKLM\..\RunOnce: [netqh.exe] C:\WINDOWS\system32\netqh.exe
O4 - HKLM\..\RunOnce: [ipky32.exe] C:\WINDOWS\ipky32.exe
O4 - HKLM\..\RunOnce: [addyb.exe] C:\WINDOWS\system32\addyb.exe
O4 - HKLM\..\RunOnce: [appdp32.exe] C:\WINDOWS\system32\appdp32.exe
O4 - HKLM\..\RunOnce: [msrx.exe] C:\WINDOWS\system32\msrx.exe
O4 - HKLM\..\RunOnce: [ielr32.exe] C:\WINDOWS\system32\ielr32.exe
O4 - HKLM\..\RunOnce: [ntql32.exe] C:\WINDOWS\system32\ntql32.exe
O4 - HKLM\..\RunOnce: [sdkyb32.exe] C:\WINDOWS\system32\sdkyb32.exe
O4 - HKLM\..\RunOnce: [mfcdv.exe] C:\WINDOWS\system32\mfcdv.exe
O4 - HKLM\..\RunOnce: [netdd.exe] C:\WINDOWS\netdd.exe
O4 - HKLM\..\RunOnce: [addin.exe] C:\WINDOWS\system32\addin.exe
O4 - HKLM\..\RunOnce: [d3vp32.exe] C:\WINDOWS\system32\d3vp32.exe
O4 - HKLM\..\RunOnce: [ntlx.exe] C:\WINDOWS\ntlx.exe
O4 - HKLM\..\RunOnce: [netpg.exe] C:\WINDOWS\system32\netpg.exe
O4 - HKLM\..\RunOnce: [winua32.exe] C:\WINDOWS\system32\winua32.exe
O4 - HKLM\..\RunOnce: [appnu.exe] C:\WINDOWS\appnu.exe
O4 - HKLM\..\RunOnce: [d3to32.exe] C:\WINDOWS\d3to32.exe
O4 - HKLM\..\RunOnce: [ieeh.exe] C:\WINDOWS\system32\ieeh.exe
O4 - HKLM\..\RunOnce: [msnf.exe] C:\WINDOWS\msnf.exe
O4 - HKLM\..\RunOnce: [ipbh32.exe] C:\WINDOWS\ipbh32.exe
O4 - HKLM\..\RunOnce: [appap.exe] C:\WINDOWS\appap.exe
O4 - HKLM\..\RunOnce: [crft.exe] C:\WINDOWS\system32\crft.exe
O4 - HKLM\..\RunOnce: [mfcto.exe] C:\WINDOWS\mfcto.exe
O4 - HKLM\..\RunOnce: [syszq32.exe] C:\WINDOWS\system32\syszq32.exe
O4 - HKLM\..\RunOnce: [appeu32.exe] C:\WINDOWS\appeu32.exe
O4 - HKLM\..\RunOnce: [javadc.exe] C:\WINDOWS\system32\javadc.exe
O4 - HKLM\..\RunOnce: [syswr.exe] C:\WINDOWS\syswr.exe
O4 - HKLM\..\RunOnce: [iecq32.exe] C:\WINDOWS\system32\iecq32.exe
O4 - HKLM\..\RunOnce: [sdkps.exe] C:\WINDOWS\system32\sdkps.exe
O4 - HKLM\..\RunOnce: [atlhs32.exe] C:\WINDOWS\system32\atlhs32.exe
O4 - HKLM\..\RunOnce: [msuu.exe] C:\WINDOWS\msuu.exe
O4 - HKLM\..\RunOnce: [addqq32.exe] C:\WINDOWS\addqq32.exe
O4 - HKLM\..\RunOnce: [syszy.exe] C:\WINDOWS\syszy.exe
O4 - HKLM\..\RunOnce: [ipie.exe] C:\WINDOWS\system32\ipie.exe
O4 - HKLM\..\RunOnce: [appny32.exe] C:\WINDOWS\system32\appny32.exe
O4 - HKLM\..\RunOnce: [apidg32.exe] C:\WINDOWS\system32\apidg32.exe
O4 - HKLM\..\RunOnce: [winri.exe] C:\WINDOWS\winri.exe
O4 - HKLM\..\RunOnce: [crbb32.exe] C:\WINDOWS\crbb32.exe
O4 - HKLM\..\RunOnce: [javaas32.exe] C:\WINDOWS\javaas32.exe
O4 - HKLM\..\RunOnce: [d3yc.exe] C:\WINDOWS\system32\d3yc.exe
O4 - HKLM\..\RunOnce: [addjy32.exe] C:\WINDOWS\addjy32.exe
O4 - HKLM\..\RunOnce: [winxx32.exe] C:\WINDOWS\system32\winxx32.exe
O4 - HKLM\..\RunOnce: [crcr.exe] C:\WINDOWS\crcr.exe
O4 - HKLM\..\RunOnce: [applz.exe] C:\WINDOWS\system32\applz.exe
O4 - HKLM\..\RunOnce: [addau32.exe] C:\WINDOWS\system32\addau32.exe
O4 - HKLM\..\RunOnce: [addvl.exe] C:\WINDOWS\addvl.exe
O4 - HKLM\..\RunOnce: [d3ig32.exe] C:\WINDOWS\d3ig32.exe
O4 - HKLM\..\RunOnce: [ipfk32.exe] C:\WINDOWS\system32\ipfk32.exe
O4 - HKLM\..\RunOnce: [addse.exe] C:\WINDOWS\system32\addse.exe
O4 - HKLM\..\RunOnce: [msiw32.exe] C:\WINDOWS\msiw32.exe
O4 - HKLM\..\RunOnce: [nthj.exe] C:\WINDOWS\nthj.exe
O4 - HKLM\..\RunOnce: [appvd32.exe] C:\WINDOWS\system32\appvd32.exe
O4 - HKLM\..\RunOnce: [atlvl32.exe] C:\WINDOWS\atlvl32.exe
O4 - HKLM\..\RunOnce: [ieao.exe] C:\WINDOWS\system32\ieao.exe
O4 - HKLM\..\RunOnce: [ntem32.exe] C:\WINDOWS\system32\ntem32.exe
O4 - HKLM\..\RunOnce: [ntzd32.exe] C:\WINDOWS\system32\ntzd32.exe
O4 - HKLM\..\RunOnce: [apiml.exe] C:\WINDOWS\apiml.exe
O4 - HKLM\..\RunOnce: [winrf32.exe] C:\WINDOWS\winrf32.exe
O4 - HKLM\..\RunOnce: [javawb32.exe] C:\WINDOWS\system32\javawb32.exe
O4 - HKLM\..\RunOnce: [apibe.exe] C:\WINDOWS\system32\apibe.exe
O4 - HKLM\..\RunOnce: [winrn32.exe] C:\WINDOWS\winrn32.exe
O4 - HKLM\..\RunOnce: [crep32.exe] C:\WINDOWS\system32\crep32.exe
O4 - HKLM\..\RunOnce: [ipuf32.exe] C:\WINDOWS\ipuf32.exe
O4 - HKLM\..\RunOnce: [addaz.exe] C:\WINDOWS\addaz.exe
O4 - HKLM\..\RunOnce: [crzh32.exe] C:\WINDOWS\crzh32.exe
O4 - HKLM\..\RunOnce: [neteb.exe] C:\WINDOWS\neteb.exe
O4 - HKLM\..\RunOnce: [javaif32.exe] C:\WINDOWS\system32\javaif32.exe
[....more but had to edit list...]
Last edited by rpassaro; 20-05-2005 at 04:36 PM.
Reason: original post was cut short
-
Hello,rpassaro & Welcome
Sorry but i need to see all of the logfile so please.
post it in 2 part's just start from where you stoped
& also
Create a new folder in your C: Drive
Name it C:\HJT or HijackThis and move the HijackThis.exe file in it.
It's best for this tool NOT TO be located in your Desktop or in a TEMP folder.
This way you can undo any changes if something goes wrong
HGD 
-
Greetings HGD,
Thanks for the tips (duh on splitting the log...guess it was a long day for me). I placed hijackthis.exe at C:/HJT/ and re-ran the scan and log. Strange thing is, the new log is shorter. The entire thing is below:
Logfile of HijackThis v1.99.1
Scan saved at 10:24:17 PM, on 5/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ltmsg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ntsh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\explorer.exe
C:\hjt\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zvfnp.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zvfnp.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zvfnp.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zvfnp.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zvfnp.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zvfnp.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {F22B79FB-1D55-C94F-4938-EAA13A2FB4ED} - C:\WINDOWS\d3yl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ntsh.exe] C:\WINDOWS\ntsh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunOnce: [msvq.exe] C:\WINDOWS\system32\msvq.exe
O4 - HKLM\..\RunOnce: [appkq.exe] C:\WINDOWS\system32\appkq.exe
O4 - HKLM\..\RunOnce: [windg32.exe] C:\WINDOWS\windg32.exe
O4 - HKLM\..\RunOnce: [d3ro.exe] C:\WINDOWS\system32\d3ro.exe
O4 - HKLM\..\RunOnce: [winkl32.exe] C:\WINDOWS\winkl32.exe
O4 - HKLM\..\RunOnce: [cryv.exe] C:\WINDOWS\cryv.exe
O4 - HKLM\..\RunOnce: [javaht.exe] C:\WINDOWS\system32\javaht.exe
O4 - HKLM\..\RunOnce: [sysld32.exe] C:\WINDOWS\sysld32.exe
O4 - HKLM\..\RunOnce: [javasj32.exe] C:\WINDOWS\system32\javasj32.exe
O4 - HKLM\..\RunOnce: [winzi.exe] C:\WINDOWS\winzi.exe
O4 - HKLM\..\RunOnce: [crek32.exe] C:\WINDOWS\crek32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [dw75RWN4V] pinbvm60.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11Fßä�#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\sdkwr.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Thanks again for your input.
- R
-
Hi,rpassaro
Ok we have some work here 
now do each step
we are gonig to try and clean as much of this PC as
can be done with these software.
Step 1 Do this here first thing
Go for free online Virus scans here:
http://housecall.trendmicro.com/hou.../start_corp.asp
http://www.pandasoftware.com/activescan/
Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.
Step 2 Download and Install Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan
2.Close ALL windows except Ad-Aware SE
3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.
4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window
1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)
Under Definitions:
*Prompt to udate outdated definitions - set the number of days
2) Click on the ‘Scanning’ button on the left and select in green :
Under Driver, Folders & Files:
*Scan Within Archives
Under Select drives & folders to scan -
*choose all hard drives
Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file
3) Click on the ‘Advanced’ button on the left and select in green:
Under Shell Integration:
*Move deleted files to recycle bin
Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information
Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT
4) Click the ‘Tweak’ button and select in green:
Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only
Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot
Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check or make green: Include Module list in logfile
5. Click on ‘Proceed’ to save the settings.
6. Click ‘Start’
*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.
8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window
9. Save the log file when it asks and then click ‘finish’
10. REBOOT to complete the removal of what Ad-Aware SE found
Step 3 Downloaded and Install Spybot Search & Destroy, accepting the Default Settings
2. In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.
3. Close ALL windows except Spybot S&D
4. Click the button to ‘Search for Updates’ then download and install the Updates.
5. Next click the button ‘Check for Problems’
6. When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window
7. Make certain there is a check mark beside all of the RED entries ONLY.
8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.
9.REBOOT to complete the scan and clear memory.
Step 4 Download ewido security suite from here… http://www.ewido.net/en/download/
Update it’s database from here.. http://www.ewido.net/en/download/updates/
Run a scan and let it clean the PC. Post a new hijackthis log when complete.
NOTE there maybe an option to update from within the scanner not sure check but download the update just incase
Step 5
Use this only after doing all of the above
popular programs for doing this, is a freeware program Called Crap Cleaner. Crap Cleaner is a single utility that lets you clear your Cookies, Internet Explorer History, Empty the Recycle Bin, Uninstall Programs, Clear Usage Tracks and much more. As well as this, it has an Advanced Registry Scanner. Using a program like this is one of the easiest methods.
Step 6
once done with all of this show us new logfile & any info you think
we need to know
HGD
-
Whoa! Thanks for the instructions. I willy reply with the results once I get all that done. Wish me luck!
- Rob
-
Hi,rpassaro
Just take it one step at a time you should be ok.
HGD
Newbie
