help here's my copy of hijacklog

  1. 14-06-2005  #1
    4evafresh
    4evafresh is offline Newbie

    help here's my copy of hijacklog

    I'm still very new at this so, bear with me.

    here's my copy

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    C:\WINDOWS\SYSTEM\SYSIK32.EXE
    C:\WINDOWS\JAVAOZ.EXE
    C:\WINDOWS\SYSTEM\MSVJ32.EXE
    C:\WINDOWS\SYSTEM\IPRN32.EXE
    C:\WINDOWS\SYSTEM\WINPS32.EXE
    C:\WINDOWS\SYSTEM\APPEB.EXE
    C:\WINDOWS\IPJI32.EXE
    C:\WINDOWS\IPUD.EXE
    C:\WINDOWS\IPJV.EXE
    C:\WINDOWS\SYSTEM\MSZI.EXE
    C:\WINDOWS\SYSUK.EXE
    C:\WINDOWS\SYSTEM\ADDGB.EXE
    C:\WINDOWS\SYSTEM\APPBX32.EXE
    C:\WINDOWS\APPOY.EXE
    C:\WINDOWS\SYSTEM\ADDVJ.EXE
    C:\WINDOWS\MSAL.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\APISL32.EXE
    C:\WINDOWS\CRPG.EXE
    C:\WINDOWS\SYSTEM\SDKBU.EXE
    C:\WINDOWS\CRUB.EXE
    C:\WINDOWS\SYSTEM\MFCIV.EXE
    C:\WINDOWS\D3ON32.EXE
    C:\WINDOWS\SYSTEM\JAVATA.EXE
    C:\WINDOWS\NTBV32.EXE
    C:\WINDOWS\SYSTEM\ADDWZ.EXE
    C:\WINDOWS\SYSTEM\NETPP32.EXE
    C:\WINDOWS\ATLNJ.EXE
    C:\WINDOWS\SYSTEM\D3WM.EXE
    C:\WINDOWS\MSLB.EXE
    C:\WINDOWS\SYSTEM\WINOE.EXE
    C:\WINDOWS\SYSTEM\D3KS32.EXE
    C:\WINDOWS\IEHB32.EXE
    C:\WINDOWS\SYSTEM\IPMH.EXE
    C:\WINDOWS\NETWO.EXE
    C:\WINDOWS\SYSTEM\ATLQR32.EXE
    C:\WINDOWS\SYSTEM\ADDOM32.EXE
    C:\WINDOWS\NETLG.EXE
    C:\WINDOWS\SYSDQ.EXE
    C:\WINDOWS\SYSTEM\SDKVD.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
    C:\WINDOWS\SYSTEM\SDKJC.EXE
    C:\WINDOWS\SYSTEM\USBN.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
    C:\WINDOWS\SYSDQ.EXE
    C:\WINDOWS\SYSTEM\IPRN32.EXE
    C:\PROGRAM FILES\ULTIMATEZIP 2.7\UZQKST.EXE
    C:\WINDOWS\NETLG.EXE
    C:\WINDOWS\JAVAOZ.EXE
    C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSDQ.EXE
    C:\WINDOWS\SYSTEM\WINQQ.EXE
    C:\WINDOWS\SYSDQ.EXE
    C:\WINDOWS\SYSTEM\NTIS.EXE
    C:\WINDOWS\SYSDQ.EXE
    C:\WINDOWS\CROS.EXE
    C:\WINDOWS\SYSDQ.EXE
    C:\WINDOWS\SYSDQ.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSDQ.EXE
    C:\WINDOWS\CRQL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\CRQL32.EXE
    C:\WINDOWS\SYSTEM\WINND32.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSDQ.EXE
    C:\WINDOWS\SYSTEM\D3LV32.EXE
    C:\WINDOWS\SYSDQ.EXE
    C:\MY DOCUMENTS\MY VIDEOS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\umcnp.dll/sp.html#55135
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\umcnp.dll/sp.html#55135
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\umcnp.dll/sp.html#55135
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\umcnp.dll/sp.html#55135
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\umcnp.dll/sp.html#55135
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\umcnp.dll/sp.html#55135
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\umcnp.dll/sp.html#55135
    R3 - Default URLSearchHook is missing
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: Class - {B6BFC731-C71B-14B2-09D4-088D2AECF4FC} - C:\WINDOWS\SYSTEM\ATLYW.DLL
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [internat.exe] internat.exe
    O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    O4 - HKLM\..\Run: [SDKJC.EXE] C:\WINDOWS\SYSTEM\SDKJC.EXE
    O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\PROGRAM FILES\SPYFIGHTER\SPYFIGHTER.EXE" monitor
    O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\PROGRAM FILES\SPYFIGHTER\AutoUpdate.exe" silent
    O4 - HKLM\..\Run: [usbn] C:\WINDOWS\SYSTEM\usbn.exe -go -c95 -w
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKLM\..\RunServices: [SYSIK32.EXE] C:\WINDOWS\SYSTEM\SYSIK32.EXE /s
    O4 - HKLM\..\RunServices: [JAVAOZ.EXE] C:\WINDOWS\JAVAOZ.EXE /s
    O4 - HKLM\..\RunServices: [MSVJ32.EXE] C:\WINDOWS\SYSTEM\MSVJ32.EXE /s
    O4 - HKLM\..\RunServices: [IPRN32.EXE] C:\WINDOWS\SYSTEM\IPRN32.EXE /s
    O4 - HKLM\..\RunServices: [WINPS32.EXE] C:\WINDOWS\SYSTEM\WINPS32.EXE /s
    O4 - HKLM\..\RunServices: [APPEB.EXE] C:\WINDOWS\SYSTEM\APPEB.EXE /s
    O4 - HKLM\..\RunServices: [IPJI32.EXE] C:\WINDOWS\IPJI32.EXE /s
    O4 - HKLM\..\RunServices: [IPUD.EXE] C:\WINDOWS\IPUD.EXE /s
    O4 - HKLM\..\RunServices: [IPJV.EXE] C:\WINDOWS\IPJV.EXE /s
    O4 - HKLM\..\RunServices: [MSZI.EXE] C:\WINDOWS\SYSTEM\MSZI.EXE /s
    O4 - HKLM\..\RunServices: [SYSUK.EXE] C:\WINDOWS\SYSUK.EXE /s
    O4 - HKLM\..\RunServices: [ADDGB.EXE] C:\WINDOWS\SYSTEM\ADDGB.EXE /s
    O4 - HKLM\..\RunServices: [APPBX32.EXE] C:\WINDOWS\SYSTEM\APPBX32.EXE /s
    O4 - HKLM\..\RunServices: [APPOY.EXE] C:\WINDOWS\APPOY.EXE /s
    O4 - HKLM\..\RunServices: [ADDVJ.EXE] C:\WINDOWS\SYSTEM\ADDVJ.EXE /s
    O4 - HKLM\..\RunServices: [MSAL.EXE] C:\WINDOWS\MSAL.EXE /s
    O4 - HKLM\..\RunServices: [APISL32.EXE] C:\WINDOWS\SYSTEM\APISL32.EXE /s
    O4 - HKLM\..\RunServices: [CRPG.EXE] C:\WINDOWS\CRPG.EXE /s
    O4 - HKLM\..\RunServices: [SDKBU.EXE] C:\WINDOWS\SYSTEM\SDKBU.EXE /s
    O4 - HKLM\..\RunServices: [CRUB.EXE] C:\WINDOWS\CRUB.EXE /s
    O4 - HKLM\..\RunServices: [MFCIV.EXE] C:\WINDOWS\SYSTEM\MFCIV.EXE /s
    O4 - HKLM\..\RunServices: [ADDEA32.EXE] C:\WINDOWS\SYSTEM\ADDEA32.EXE /s
    O4 - HKLM\..\RunServices: [D3ON32.EXE] C:\WINDOWS\D3ON32.EXE /s
    O4 - HKLM\..\RunServices: [JAVATA.EXE] C:\WINDOWS\SYSTEM\JAVATA.EXE /s
    O4 - HKLM\..\RunServices: [NTBV32.EXE] C:\WINDOWS\NTBV32.EXE /s
    O4 - HKLM\..\RunServices: [ADDWZ.EXE] C:\WINDOWS\SYSTEM\ADDWZ.EXE /s
    O4 - HKLM\..\RunServices: [D3VO32.EXE] C:\WINDOWS\D3VO32.EXE /s
    O4 - HKLM\..\RunServices: [NETPP32.EXE] C:\WINDOWS\SYSTEM\NETPP32.EXE /s
    O4 - HKLM\..\RunServices: [ATLNJ.EXE] C:\WINDOWS\ATLNJ.EXE /s
    O4 - HKLM\..\RunServices: [D3WM.EXE] C:\WINDOWS\SYSTEM\D3WM.EXE /s
    O4 - HKLM\..\RunServices: [MSLB.EXE] C:\WINDOWS\MSLB.EXE /s
    O4 - HKLM\..\RunServices: [WINOE.EXE] C:\WINDOWS\SYSTEM\WINOE.EXE /s
    O4 - HKLM\..\RunServices: [D3KS32.EXE] C:\WINDOWS\SYSTEM\D3KS32.EXE /s
    O4 - HKLM\..\RunServices: [IEGS32.EXE] C:\WINDOWS\SYSTEM\IEGS32.EXE /s
    O4 - HKLM\..\RunServices: [IEHB32.EXE] C:\WINDOWS\IEHB32.EXE /s
    O4 - HKLM\..\RunServices: [IPMH.EXE] C:\WINDOWS\SYSTEM\IPMH.EXE /s
    O4 - HKLM\..\RunServices: [NETWO.EXE] C:\WINDOWS\NETWO.EXE /s
    O4 - HKLM\..\RunServices: [ATLQR32.EXE] C:\WINDOWS\SYSTEM\ATLQR32.EXE /s
    O4 - HKLM\..\RunServices: [ADDOM32.EXE] C:\WINDOWS\SYSTEM\ADDOM32.EXE /s
    O4 - HKLM\..\RunServices: [D3XB32.EXE] C:\WINDOWS\SYSTEM\D3XB32.EXE /s
    O4 - HKLM\..\RunServices: [NETLG.EXE] C:\WINDOWS\NETLG.EXE /s
    O4 - HKLM\..\RunServices: [SYSDQ.EXE] C:\WINDOWS\SYSDQ.EXE /s
    O4 - HKLM\..\RunServices: [SDKVD.EXE] C:\WINDOWS\SYSTEM\SDKVD.EXE /s
    O4 - HKLM\..\RunServices: [WINQQ.EXE] C:\WINDOWS\SYSTEM\WINQQ.EXE /s
    O4 - HKLM\..\RunServices: [NTIS.EXE] C:\WINDOWS\SYSTEM\NTIS.EXE /s
    O4 - HKLM\..\RunServices: [CROS.EXE] C:\WINDOWS\CROS.EXE /s
    O4 - HKLM\..\RunServices: [CRQL32.EXE] C:\WINDOWS\CRQL32.EXE /s
    O4 - HKLM\..\RunServices: [WINND32.EXE] C:\WINDOWS\SYSTEM\WINND32.EXE /s
    O4 - HKLM\..\RunServices: [D3LV32.EXE] C:\WINDOWS\SYSTEM\D3LV32.EXE /s
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
    O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2.7\uzqkst.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O12 - Plugin for .VOB: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O15 - Trusted Zone: *.skoobidoo.com (HKLM)
    O15 - Trusted Zone: *.slotchbar.com (HKLM)
    O15 - Trusted Zone: *.iframedollars.biz (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O15 - Trusted IP range: 213.159.117.202 (HKLM)
    O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
    O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
    O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
    O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
    O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://vparivalka.com/G7/chm10.chm::/ieloader.exe
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {11111111-1111-1111-1111-111111111111} - file://C:\Recycled\Q166352.exe


    any help at all will be appreciated

  3. 14-06-2005  #2
    HJThis
    HJThis is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Hello,4evafresh & Welcome

    Sorry to say you did not post all of the logfile i need to see
    the headers talking about the part of the logfile that tell us
    what Ver of HijackThis you are running & also the OS you have.

    & it would also be a great help if you run these 2 progs
    here before posting us a new logfile.


    1. Download and Install Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

    2.Close ALL windows except Ad-Aware SE

    3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

    4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

    1) In the ‘General’ window make sure the following are selected in green:
    *Automatically save log-file
    *Automatically quarantine objects prior to removal
    *Safe Mode (always request confirmation)

    Under Definitions:
    *Prompt to udate outdated definitions - set the number of days


    2) Click on the ‘Scanning’ button on the left and select in green :

    Under Driver, Folders & Files:
    *Scan Within Archives

    Under Select drives & folders to scan -
    *choose all hard drives

    Under Memory & Registry: all green
    *Scan Active Processes
    *Scan Registry
    *Deep Scan Registry
    *Scan my IE favorites for banned URL’s
    *Scan my Hosts file


    3) Click on the ‘Advanced’ button on the left and select in green:

    Under Shell Integration:
    *Move deleted files to recycle bin

    Under Logfile Detail Level: (all green)
    *include addtional object information
    *DESELECT - include negligible objects information
    *include environment information

    Under Alternate Data Streams:
    *Don't log streams smaller than 0 bytes
    *Don't log ADS with the following names: CA_INOCULATEIT


    4) Click the ‘Tweak’ button and select in green:

    Under the ‘Scanning Engine’:
    *Unload recognized processes during scanning
    *Scan registry for all users instead of current user only


    Under the ‘Cleaning Engine’:
    *Let Windows remove files in use at next reboot


    Under the Log Files:
    *Include basic Ad-aware SE settings in logfile
    *Include additional Ad-aware SE settings in logfile
    *Please do not check or make green: Include Module list in logfile


    5. Click on ‘Proceed’ to save the settings.

    6. Click ‘Start’

    *Choose:'Perform Full System Scan'
    *DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

    7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.

    8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window

    9. Save the log file when it asks and then click ‘finish’

    10. REBOOT to complete the removal of what Ad-Aware SE found



    1.Downloaded and Install Spybot Search & Destroy, accepting the Default Settings

    2. In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.

    3. Close ALL windows except Spybot S&D

    4. Click the button to ‘Search for Updates’ then download and install the Updates.

    5. Next click the button ‘Check for Problems’

    6. When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window

    7. Make certain there is a check mark beside all of the RED entries ONLY.

    8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.

    9.REBOOT to complete the scan and clear memory.


    Finally after running both Spybot SD and Ad-Aware SE, RESCAN with HijackThis and POST your logfile in the same thread using ‘Add Reply’.


    HGD
+ Reply to Thread
« Really slow boot up | How can I get more than one trial period of Spy Sweeper »