View Full Version : Suspected infection, but...
I can't seem to run SBSD. It locks up somewhere around "7277/33807: CoolWWWSearch.Feat2DLL", after running for approximately 22 hours. At the suggestion of Sandra from Team Spybot , I am posting a log here in hopes that someone can tell me what's up.
It's my girlfriend's computer, running Windows 98 SE. She apparently had an infection with about:Blank and a variety of CWS variants, which she managed by running AdAware twice a day. At any given time a number of unidentified processes were running, slowing things down. She disabled these by unchecking them in the startup menu. Several weeks ago, AdAware stopped turning up evidence of CWS.
I just ran NAV, which came up clean; CWS, which indicated no infection; AdAware, which turned up a single tracking cookie; and a Trend Micro online scan, which turned up (and fixed) two pieces of grayware/spyware (ADW_SE.73126 and BHJK.SE_SE.58373).
I then ran HJT which produced the following. As far as I can tell the registry entries with "(file missing)" are among those that weere disabled in the startup menu:
Logfile of HijackThis v1.99.1
Scan saved at 9:33:38 PM, on 1/17/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
C:\WINDOWS\NETDDE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\MSWORKS.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\NMAIN.EXE
C:\HJT\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {A45618F3-F6BE-0909-6EB6-763DD408A2FD} - C:\WINDOWS\SYSTEM\D3NV32.DLL (file missing)
O2 - BHO: Class - {25970B7C-21D2-1681-2E37-57F955C122CC} - C:\WINDOWS\SYSAL.DLL (file missing)
O2 - BHO: Class - {64830A97-02DE-7E21-600B-1232F97CB535} - C:\WINDOWS\SYSTEM\NTJP.DLL (file missing)
O2 - BHO: Class - {E283B77A-41C6-AF3E-7B7D-2649119A96F7} - C:\WINDOWS\SYSTEM\CRXV32.DLL
O2 - BHO: Class - {55ADBD91-CDE2-EACB-AB9C-740E22B33F39} - C:\WINDOWS\APPTY.DLL (file missing)
O2 - BHO: Class - {94BE0630-302D-D47B-F234-E1E9592B1AE6} - C:\WINDOWS\IPLY.DLL (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {6B08BD69-F8DE-4ABE-6961-3BCD02A5F0FF} - C:\WINDOWS\SYSTEM\ADDZH32.DLL (file missing)
O2 - BHO: Class - {F29ECC18-7D8F-25BA-338C-3D062010B63D} - C:\WINDOWS\SYSTEM\IPNL32.DLL (file missing)
O2 - BHO: Class - {14604D6E-DE07-853B-F23F-7DD24D7B5394} - C:\WINDOWS\SYSTEM\NETJD32.DLL (file missing)
O2 - BHO: Class - {1955F601-A77E-3BCC-43F2-4A72ABCF011B} - C:\WINDOWS\SYSTEM\JAVACW32.DLL (file missing)
O2 - BHO: Class - {D4883C39-CD00-5F3E-BA68-6A99FED6A43F} - C:\WINDOWS\SYSTEM\ADDZH.DLL (file missing)
O2 - BHO: Class - {AD2B6ED1-8E08-7594-0D20-675C6D6E07E7} - C:\WINDOWS\SYSTEM\CRGS32.DLL (file missing)
O2 - BHO: Class - {5E64B197-3A3D-EC13-21C5-8F48855C0CAD} - C:\WINDOWS\SYSTEM\JAVAZG.DLL (file missing)
O2 - BHO: Class - {47A26272-7206-89FE-DA48-D1E7E5F2563D} - C:\WINDOWS\APPRJ32.DLL
O2 - BHO: Class - {8D61D565-594D-1C95-CFF7-EAEB4D30FF42} - C:\WINDOWS\NTYI32.DLL (file missing)
O2 - BHO: Class - {AF541E89-0348-E944-E5A1-B4A93FF77CF0} - C:\WINDOWS\MSHC.DLL (file missing)
O2 - BHO: Class - {6A8DEDF9-6C5F-2DB2-9B01-E519A8C35C16} - C:\WINDOWS\SYSTEM\CRKZ.DLL
O2 - BHO: Class - {765595AD-8992-8538-05B7-D47957EEEE08} - C:\WINDOWS\SYSTEM\SYSNB.DLL (file missing)
O2 - BHO: Class - {C0F1C398-7405-5674-9029-55DE0FF52B0F} - C:\WINDOWS\SYSTEM\D3VZ32.DLL (file missing)
O2 - BHO: Class - {435205DB-B5AC-48E9-55DC-543E649DA7D5} - C:\WINDOWS\SYSTEM\IPVZ32.DLL (file missing)
O2 - BHO: Class - {2E66CD10-C2B2-C120-5C34-DF508BED849B} - C:\WINDOWS\SYSTEM\IEJS.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SourcePath] c:\cabs\gwreg.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
Any help or advice will be greatly appreciated.
Zing
steamwiz
2006-01-18, 19:12
Hi
Anything unticked in msconfig will NOT show in the hijackthis log ..I'll get you to re-tick everything later, but first...
Let's clean up your log
Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {A45618F3-F6BE-0909-6EB6-763DD408A2FD} - C:\WINDOWS\SYSTEM\D3NV32.DLL (file missing)
O2 - BHO: Class - {25970B7C-21D2-1681-2E37-57F955C122CC} - C:\WINDOWS\SYSAL.DLL (file missing)
O2 - BHO: Class - {64830A97-02DE-7E21-600B-1232F97CB535} - C:\WINDOWS\SYSTEM\NTJP.DLL (file missing)
O2 - BHO: Class - {E283B77A-41C6-AF3E-7B7D-2649119A96F7} - C:\WINDOWS\SYSTEM\CRXV32.DLL
O2 - BHO: Class - {55ADBD91-CDE2-EACB-AB9C-740E22B33F39} - C:\WINDOWS\APPTY.DLL (file missing)
O2 - BHO: Class - {94BE0630-302D-D47B-F234-E1E9592B1AE6} - C:\WINDOWS\IPLY.DLL (file missing)
O2 - BHO: Class - {6B08BD69-F8DE-4ABE-6961-3BCD02A5F0FF} - C:\WINDOWS\SYSTEM\ADDZH32.DLL (file missing)
O2 - BHO: Class - {F29ECC18-7D8F-25BA-338C-3D062010B63D} - C:\WINDOWS\SYSTEM\IPNL32.DLL (file missing)
O2 - BHO: Class - {14604D6E-DE07-853B-F23F-7DD24D7B5394} - C:\WINDOWS\SYSTEM\NETJD32.DLL (file missing)
O2 - BHO: Class - {1955F601-A77E-3BCC-43F2-4A72ABCF011B} - C:\WINDOWS\SYSTEM\JAVACW32.DLL (file missing)
O2 - BHO: Class - {D4883C39-CD00-5F3E-BA68-6A99FED6A43F} - C:\WINDOWS\SYSTEM\ADDZH.DLL (file missing)
O2 - BHO: Class - {AD2B6ED1-8E08-7594-0D20-675C6D6E07E7} - C:\WINDOWS\SYSTEM\CRGS32.DLL (file missing)
O2 - BHO: Class - {5E64B197-3A3D-EC13-21C5-8F48855C0CAD} - C:\WINDOWS\SYSTEM\JAVAZG.DLL (file missing)
O2 - BHO: Class - {47A26272-7206-89FE-DA48-D1E7E5F2563D} - C:\WINDOWS\APPRJ32.DLL
O2 - BHO: Class - {8D61D565-594D-1C95-CFF7-EAEB4D30FF42} - C:\WINDOWS\NTYI32.DLL (file missing)
O2 - BHO: Class - {AF541E89-0348-E944-E5A1-B4A93FF77CF0} - C:\WINDOWS\MSHC.DLL (file missing)
O2 - BHO: Class - {6A8DEDF9-6C5F-2DB2-9B01-E519A8C35C16} - C:\WINDOWS\SYSTEM\CRKZ.DLL
O2 - BHO: Class - {765595AD-8992-8538-05B7-D47957EEEE08} - C:\WINDOWS\SYSTEM\SYSNB.DLL (file missing)
O2 - BHO: Class - {C0F1C398-7405-5674-9029-55DE0FF52B0F} - C:\WINDOWS\SYSTEM\D3VZ32.DLL (file missing)
O2 - BHO: Class - {435205DB-B5AC-48E9-55DC-543E649DA7D5} - C:\WINDOWS\SYSTEM\IPVZ32.DLL (file missing)
O2 - BHO: Class - {2E66CD10-C2B2-C120-5C34-DF508BED849B} - C:\WINDOWS\SYSTEM\IEJS.DLL (file missing)
You will notice that 3 of those BHO's do NOT have (file missing) which means you still have the infection...
Please Download the Aboutbuster zip, by RubbeR DuckY, from one of these locations :-
http://www.besttechie.net/tools/AboutBuster.zip
http://www.malwarebytes.org/AboutBuster.zip
1. Unzip the zip file to a new folder.
2. Reboot into >>>safe mode (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)<<< Click Here for instructions
3. Open the folder & double click the AboutBuster.exe file
4. Click the begin removal button, to run the program.
5. You will get a popup "AboutBuster will now shutdown all Internet Explorer windows...." > click Yes
6. Click OK on the "scan completed" popup
7. click the Exit button
8. Click OK to the "Logfile Created" popup
9. Now open the folder which has the AboutBuster.exe file in it & you will see another file AB Logfile.txt
10. doubleclick the text file and you should see something like this (if your computer is clean) :-
AboutBuster 6.0
Scan started on [27/12/2005] at [20:32:31]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 20:35:00
11. If the log shows Anything was found ... run AboutBuster again ... exactly the same proceedure, then post the AB Logfile.txt in the forum thread you are being advised in.
steam
Thanks, steam!
Anything unticked in msconfig will NOT show in the hijackthis log ..I'll get you to re-tick everything later
OK, but I counted about 180 unticked items...
I have done the following:
1) ran hjt, and had it fix the appropriate items. A current log is posted below.
2) ran AboutBuster in safe mode, twice, as instructed. It removed 48 files. That log is posted below, as well.
Now what?
Thanks again
Zing
Current HJT log
Logfile of HijackThis v1.99.1
Scan saved at 1:07:29 PM, on 1/19/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SourcePath] c:\cabs\gwreg.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
AboutBuster log:
AboutBuster 6.0
Scan started on [1/19/06] at [10:22:47 AM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Streams(ADS) not scanned: System not NTFS
-------------------------------------------------------------
Removed File! : C:\WINDOWS\mpgusk.log
Removed File! : C:\WINDOWS\vidxsj.log
Removed File! : C:\WINDOWS\zoeque.txt
Removed File! : C:\WINDOWS\tlyri.txt
Removed File! : C:\WINDOWS\tadqmc.txt
Removed File! : C:\WINDOWS\vlqbc.dat
Removed File! : C:\WINDOWS\uhszpi.dat
Removed File! : C:\WINDOWS\jpeomx.log
Removed File! : C:\WINDOWS\sugno.txt
Removed File! : C:\WINDOWS\ypeffh.log
Removed File! : C:\WINDOWS\mhsada.dat
Removed File! : C:\WINDOWS\svgos.log
Removed File! : C:\WINDOWS\ytahyh.txt
Removed File! : C:\WINDOWS\lfflqb.log
Removed File! : C:\WINDOWS\zmqbm.log
Removed File! : C:\WINDOWS\whien.dat
Removed File! : C:\WINDOWS\xmnety.dat
Removed File! : C:\WINDOWS\olxsol.dat
Removed File! : C:\WINDOWS\fttlhm.txt
Removed File! : C:\WINDOWS\vimls.log
Removed File! : C:\WINDOWS\ectta.log
Removed File! : C:\WINDOWS\unqflw.dat
Removed File! : C:\WINDOWS\jptlyy.txt
Removed File! : C:\WINDOWS\uxjutu.txt
Removed File! : C:\WINDOWS\sceaiq.log
Removed File! : C:\WINDOWS\abjiw.log
Removed File! : C:\WINDOWS\uaaim.txt
Removed File! : C:\WINDOWS\jcyol.log
Removed File! : C:\WINDOWS\ggwojb.log
Removed File! : C:\WINDOWS\orqdc.log
Removed File! : C:\WINDOWS\zuebp.txt
Removed File! : C:\WINDOWS\vizud.dat
Removed File! : C:\WINDOWS\tpfrht.dat
Removed File! : C:\WINDOWS\yyhhx.dat
Removed File! : C:\WINDOWS\liepma.log
Removed File! : C:\WINDOWS\srdcwh.txt
Removed File! : C:\WINDOWS\SYSTEM\hjqar.log
Removed File! : C:\WINDOWS\SYSTEM\mhjma.dat
Removed File! : C:\WINDOWS\SYSTEM\gsumq.txt
Removed File! : C:\WINDOWS\SYSTEM\wtisd.txt
Removed File! : C:\WINDOWS\SYSTEM\bwcdj.txt
Removed File! : C:\WINDOWS\SYSTEM\wmwbm.log
Removed File! : C:\WINDOWS\SYSTEM\ftwjk.txt
Removed File! : C:\WINDOWS\SYSTEM\gphnf.txt
Removed File! : C:\WINDOWS\SYSTEM\sasmc.log
Removed File! : C:\WINDOWS\SYSTEM\mdjgf.log
Removed File! : C:\WINDOWS\SYSTEM\rosgs.txt
Removed File! : C:\WINDOWS\SYSTEM\ahmtn.txt
-------------------------------------------------------------
Removed Temp Files
Internet Explorer Settings Reset!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 11:49:20 AM
AboutBuster 6.0
Scan started on [1/19/06] at [11:52:30 AM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Streams(ADS) not scanned: System not NTFS
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 1:00:40 PM
steamwiz
2006-01-19, 23:48
HI
Your log is clean now...
what's next ? ....retick everything in msconfig > reboot and post a new hijackthis log
steam
Done. New HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 5:56:35 PM, on 1/19/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\UFDISK\UFDISK FORMAT TOOL\IFORMAT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\HJT\HIJACKTHIS.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SourcePath] c:\cabs\gwreg.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [ATLSD32.EXE] C:\WINDOWS\SYSTEM\ATLSD32.EXE
O4 - HKLM\..\Run: [ATLRH.EXE] C:\WINDOWS\SYSTEM\ATLRH.EXE
O4 - HKLM\..\Run: [JAVAVF.EXE] C:\WINDOWS\SYSTEM\JAVAVF.EXE
O4 - HKLM\..\Run: [IPBN.EXE] C:\WINDOWS\SYSTEM\IPBN.EXE
O4 - HKLM\..\Run: [NETXE.EXE] C:\WINDOWS\SYSTEM\NETXE.EXE
O4 - HKLM\..\Run: [NTML.EXE] C:\WINDOWS\SYSTEM\NTML.EXE
O4 - HKLM\..\Run: [SYSKE32.EXE] C:\WINDOWS\SYSKE32.EXE
O4 - HKLM\..\Run: [SDKWF.EXE] C:\WINDOWS\SYSTEM\SDKWF.EXE
O4 - HKLM\..\Run: [MFCER.EXE] C:\WINDOWS\SYSTEM\MFCER.EXE
O4 - HKLM\..\Run: [SDKGH.EXE] C:\WINDOWS\SYSTEM\SDKGH.EXE
O4 - HKLM\..\Run: [CRPW.EXE] C:\WINDOWS\SYSTEM\CRPW.EXE
O4 - HKLM\..\Run: [SDKZK.EXE] C:\WINDOWS\SDKZK.EXE
O4 - HKLM\..\Run: [SYSCQ32.EXE] C:\WINDOWS\SYSCQ32.EXE
O4 - HKLM\..\Run: [ATLXA32.EXE] C:\WINDOWS\ATLXA32.EXE
O4 - HKLM\..\Run: [ATLAE32.EXE] C:\WINDOWS\ATLAE32.EXE
O4 - HKLM\..\Run: [MFCIY.EXE] C:\WINDOWS\SYSTEM\MFCIY.EXE
O4 - HKLM\..\Run: [MSLW32.EXE] C:\WINDOWS\SYSTEM\MSLW32.EXE
O4 - HKLM\..\Run: [APPNZ.EXE] C:\WINDOWS\APPNZ.EXE
O4 - HKLM\..\Run: [ADDCV32.EXE] C:\WINDOWS\SYSTEM\ADDCV32.EXE
O4 - HKLM\..\Run: [WINXD.EXE] C:\WINDOWS\WINXD.EXE
O4 - HKLM\..\Run: [NTYY.EXE] C:\WINDOWS\SYSTEM\NTYY.EXE
O4 - HKLM\..\Run: [D3XF32.EXE] C:\WINDOWS\D3XF32.EXE
O4 - HKLM\..\Run: [ADDAZ32.EXE] C:\WINDOWS\ADDAZ32.EXE
O4 - HKLM\..\Run: [SDKIM.EXE] C:\WINDOWS\SYSTEM\SDKIM.EXE
O4 - HKLM\..\Run: [SDKTI32.EXE] C:\WINDOWS\SDKTI32.EXE
O4 - HKLM\..\Run: [CRBB.EXE] C:\WINDOWS\SYSTEM\CRBB.EXE
O4 - HKLM\..\Run: [IENC.EXE] C:\WINDOWS\SYSTEM\IENC.EXE
O4 - HKLM\..\Run: [IPIL.EXE] C:\WINDOWS\SYSTEM\IPIL.EXE
O4 - HKLM\..\Run: [ATLSH.EXE] C:\WINDOWS\ATLSH.EXE
O4 - HKLM\..\Run: [JAVAHD32.EXE] C:\WINDOWS\SYSTEM\JAVAHD32.EXE
O4 - HKLM\..\Run: [JAVARC.EXE] C:\WINDOWS\JAVARC.EXE
O4 - HKLM\..\Run: [JAVANB.EXE] C:\WINDOWS\JAVANB.EXE
O4 - HKLM\..\Run: [JAVARI32.EXE] C:\WINDOWS\JAVARI32.EXE
O4 - HKLM\..\Run: [MSCU.EXE] C:\WINDOWS\SYSTEM\MSCU.EXE
O4 - HKLM\..\Run: [CRLI32.EXE] C:\WINDOWS\SYSTEM\CRLI32.EXE
O4 - HKLM\..\Run: [NTXK.EXE] C:\WINDOWS\SYSTEM\NTXK.EXE
O4 - HKLM\..\Run: [NTOP32.EXE] C:\WINDOWS\SYSTEM\NTOP32.EXE
O4 - HKLM\..\Run: [SYSUC32.EXE] C:\WINDOWS\SYSTEM\SYSUC32.EXE
O4 - HKLM\..\Run: [CRUO32.EXE] C:\WINDOWS\SYSTEM\CRUO32.EXE
O4 - HKLM\..\Run: [NETWD.EXE] C:\WINDOWS\SYSTEM\NETWD.EXE
O4 - HKLM\..\Run: [IEAB32.EXE] C:\WINDOWS\SYSTEM\IEAB32.EXE
O4 - HKLM\..\Run: [MFCXT32.EXE] C:\WINDOWS\SYSTEM\MFCXT32.EXE
O4 - HKLM\..\Run: [IEHN.EXE] C:\WINDOWS\SYSTEM\IEHN.EXE
O4 - HKLM\..\Run: [WINEH32.EXE] C:\WINDOWS\SYSTEM\WINEH32.EXE
O4 - HKLM\..\Run: [MSPJ32.EXE] C:\WINDOWS\SYSTEM\MSPJ32.EXE
O4 - HKLM\..\Run: [D3AL32.EXE] C:\WINDOWS\SYSTEM\D3AL32.EXE
O4 - HKLM\..\Run: [ATLQQ.EXE] C:\WINDOWS\SYSTEM\ATLQQ.EXE
O4 - HKLM\..\Run: [ADDPM.EXE] C:\WINDOWS\SYSTEM\ADDPM.EXE
O4 - HKLM\..\Run: [MFCEY.EXE] C:\WINDOWS\SYSTEM\MFCEY.EXE
O4 - HKLM\..\Run: [APIVM.EXE] C:\WINDOWS\SYSTEM\APIVM.EXE
O4 - HKLM\..\Run: [CRXJ32.EXE] C:\WINDOWS\CRXJ32.EXE
O4 - HKLM\..\Run: [CRUQ.EXE] C:\WINDOWS\SYSTEM\CRUQ.EXE
O4 - HKLM\..\Run: [NTPE.EXE] C:\WINDOWS\SYSTEM\NTPE.EXE
O4 - HKLM\..\Run: [CRFD32.EXE] C:\WINDOWS\SYSTEM\CRFD32.EXE
O4 - HKLM\..\Run: [SYSCW32.EXE] C:\WINDOWS\SYSTEM\SYSCW32.EXE
O4 - HKLM\..\Run: [SDKWZ.EXE] C:\WINDOWS\SDKWZ.EXE
O4 - HKLM\..\Run: [APINB32.EXE] C:\WINDOWS\SYSTEM\APINB32.EXE
O4 - HKLM\..\Run: [D3TB.EXE] C:\WINDOWS\SYSTEM\D3TB.EXE
O4 - HKLM\..\Run: [SDKZP32.EXE] C:\WINDOWS\SDKZP32.EXE
O4 - HKLM\..\Run: [MFCPE.EXE] C:\WINDOWS\MFCPE.EXE
O4 - HKLM\..\Run: [SYSXC32.EXE] C:\WINDOWS\SYSTEM\SYSXC32.EXE
O4 - HKLM\..\Run: [SDKTX32.EXE] C:\WINDOWS\SYSTEM\SDKTX32.EXE
O4 - HKLM\..\Run: [ADDKH32.EXE] C:\WINDOWS\SYSTEM\ADDKH32.EXE
O4 - HKLM\..\Run: [ADDIP.EXE] C:\WINDOWS\SYSTEM\ADDIP.EXE
O4 - HKLM\..\Run: [APPBN.EXE] C:\WINDOWS\APPBN.EXE
O4 - HKLM\..\Run: [WINXU32.EXE] C:\WINDOWS\SYSTEM\WINXU32.EXE
O4 - HKLM\..\Run: [D3AD.EXE] C:\WINDOWS\D3AD.EXE
O4 - HKLM\..\Run: [IPRO32.EXE] C:\WINDOWS\IPRO32.EXE
O4 - HKLM\..\Run: [ADDLB.EXE] C:\WINDOWS\SYSTEM\ADDLB.EXE
O4 - HKLM\..\Run: [APPMQ.EXE] C:\WINDOWS\SYSTEM\APPMQ.EXE
O4 - HKLM\..\Run: [NTGB.EXE] C:\WINDOWS\NTGB.EXE
O4 - HKLM\..\Run: [MSXI.EXE] C:\WINDOWS\MSXI.EXE
O4 - HKLM\..\Run: [SYSKP32.EXE] C:\WINDOWS\SYSTEM\SYSKP32.EXE
O4 - HKLM\..\Run: [SYSNJ.EXE] C:\WINDOWS\SYSNJ.EXE
O4 - HKLM\..\Run: [D3OV32.EXE] C:\WINDOWS\D3OV32.EXE
O4 - HKLM\..\Run: [ATLYY.EXE] C:\WINDOWS\SYSTEM\ATLYY.EXE
O4 - HKLM\..\Run: [ADDNJ32.EXE] C:\WINDOWS\ADDNJ32.EXE
O4 - HKLM\..\Run: [D3QN32.EXE] C:\WINDOWS\SYSTEM\D3QN32.EXE
O4 - HKLM\..\Run: [D3UN.EXE] C:\WINDOWS\D3UN.EXE
O4 - HKLM\..\Run: [ATLNW.EXE] C:\WINDOWS\SYSTEM\ATLNW.EXE
O4 - HKLM\..\Run: [MSXZ.EXE] C:\WINDOWS\MSXZ.EXE
O4 - HKLM\..\Run: [IPCN.EXE] C:\WINDOWS\IPCN.EXE
O4 - HKLM\..\Run: [IPTT32.EXE] C:\WINDOWS\IPTT32.EXE
O4 - HKLM\..\Run: [ATLEI.EXE] C:\WINDOWS\SYSTEM\ATLEI.EXE
O4 - HKLM\..\Run: [ATLDD.EXE] C:\WINDOWS\ATLDD.EXE
O4 - HKLM\..\Run: [ATLNA32.EXE] C:\WINDOWS\ATLNA32.EXE
O4 - HKLM\..\Run: [SYSFI.EXE] C:\WINDOWS\SYSFI.EXE
O4 - HKLM\..\Run: [IEUJ.EXE] C:\WINDOWS\SYSTEM\IEUJ.EXE
O4 - HKLM\..\Run: [MSNO32.EXE] C:\WINDOWS\SYSTEM\MSNO32.EXE
O4 - HKLM\..\Run: [IEMH.EXE] C:\WINDOWS\IEMH.EXE
O4 - HKLM\..\Run: [APIRL32.EXE] C:\WINDOWS\SYSTEM\APIRL32.EXE
O4 - HKLM\..\Run: [NTPU.EXE] C:\WINDOWS\NTPU.EXE
O4 - HKLM\..\Run: [APPWV.EXE] C:\WINDOWS\APPWV.EXE
O4 - HKLM\..\Run: [NTJN.EXE] C:\WINDOWS\NTJN.EXE
O4 - HKLM\..\Run: [ATLIV.EXE] C:\WINDOWS\ATLIV.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [ADDEB.EXE] C:\WINDOWS\ADDEB.EXE /s
O4 - HKLM\..\RunServices: [IPSF32.EXE] C:\WINDOWS\SYSTEM\IPSF32.EXE /s
O4 - HKLM\..\RunServices: [IETV32.EXE] C:\WINDOWS\SYSTEM\IETV32.EXE /s
O4 - HKLM\..\RunServices: [SDKKL.EXE] C:\WINDOWS\SYSTEM\SDKKL.EXE /s
O4 - HKLM\..\RunServices: [MSXF32.EXE] C:\WINDOWS\MSXF32.EXE /s
O4 - HKLM\..\RunServices: [MSAU32.EXE] C:\WINDOWS\MSAU32.EXE /s
O4 - HKLM\..\RunServices: [ATLPD.EXE] C:\WINDOWS\ATLPD.EXE /s
O4 - HKLM\..\RunServices: [MFCUS32.EXE] C:\WINDOWS\SYSTEM\MFCUS32.EXE /s
O4 - HKLM\..\RunServices: [ADDEA.EXE] C:\WINDOWS\SYSTEM\ADDEA.EXE /s
O4 - HKLM\..\RunServices: [D3BM.EXE] C:\WINDOWS\SYSTEM\D3BM.EXE /s
O4 - HKLM\..\RunServices: [IEQK32.EXE] C:\WINDOWS\IEQK32.EXE /s
O4 - HKLM\..\RunServices: [MSJO.EXE] C:\WINDOWS\SYSTEM\MSJO.EXE /s
O4 - HKLM\..\RunServices: [IPZS.EXE] C:\WINDOWS\SYSTEM\IPZS.EXE /s
O4 - HKLM\..\RunServices: [MSIC32.EXE] C:\WINDOWS\SYSTEM\MSIC32.EXE /s
O4 - HKLM\..\RunServices: [MSZJ32.EXE] C:\WINDOWS\SYSTEM\MSZJ32.EXE /s
O4 - HKLM\..\RunServices: [MSBH.EXE] C:\WINDOWS\SYSTEM\MSBH.EXE /s
O4 - HKLM\..\RunServices: [IPSJ.EXE] C:\WINDOWS\SYSTEM\IPSJ.EXE /s
O4 - HKLM\..\RunServices: [MSGB.EXE] C:\WINDOWS\SYSTEM\MSGB.EXE /s
O4 - HKLM\..\RunServices: [NTGG32.EXE] C:\WINDOWS\SYSTEM\NTGG32.EXE /s
O4 - HKLM\..\RunServices: [SDKQN32.EXE] C:\WINDOWS\SYSTEM\SDKQN32.EXE /s
O4 - HKLM\..\RunServices: [APILO.EXE] C:\WINDOWS\APILO.EXE /s
O4 - HKLM\..\RunServices: [SYSAE.EXE] C:\WINDOWS\SYSAE.EXE /s
O4 - HKLM\..\RunServices: [APPHT32.EXE] C:\WINDOWS\APPHT32.EXE /s
O4 - HKLM\..\RunServices: [CRGF.EXE] C:\WINDOWS\CRGF.EXE /s
O4 - HKLM\..\RunServices: [ATLBW32.EXE] C:\WINDOWS\SYSTEM\ATLBW32.EXE /s
O4 - HKLM\..\RunServices: [APIPP32.EXE] C:\WINDOWS\APIPP32.EXE /s
O4 - HKLM\..\RunServices: [MFCDG32.EXE] C:\WINDOWS\MFCDG32.EXE /s
O4 - HKLM\..\RunServices: [SDKAM32.EXE] C:\WINDOWS\SDKAM32.EXE /s
O4 - HKLM\..\RunServices: [IEEE32.EXE] C:\WINDOWS\SYSTEM\IEEE32.EXE /s
O4 - HKLM\..\RunServices: [IPMN32.EXE] C:\WINDOWS\IPMN32.EXE /s
O4 - HKLM\..\RunServices: [D3CZ32.EXE] C:\WINDOWS\D3CZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKKN.EXE] C:\WINDOWS\SYSTEM\SDKKN.EXE /s
O4 - HKLM\..\RunServices: [D3EP32.EXE] C:\WINDOWS\D3EP32.EXE /s
O4 - HKLM\..\RunServices: [SYSYG32.EXE] C:\WINDOWS\SYSTEM\SYSYG32.EXE /s
O4 - HKLM\..\RunServices: [APPOG.EXE] C:\WINDOWS\SYSTEM\APPOG.EXE /s
O4 - HKLM\..\RunServices: [MSLW32.EXE] C:\WINDOWS\MSLW32.EXE /s
O4 - HKLM\..\RunServices: [ADDUG32.EXE] C:\WINDOWS\SYSTEM\ADDUG32.EXE /s
O4 - HKLM\..\RunServices: [JAVAMT32.EXE] C:\WINDOWS\JAVAMT32.EXE /s
O4 - HKLM\..\RunServices: [SYSBM32.EXE] C:\WINDOWS\SYSTEM\SYSBM32.EXE /s
O4 - HKLM\..\RunServices: [CRON.EXE] C:\WINDOWS\CRON.EXE /s
O4 - HKLM\..\RunServices: [SDKCI.EXE] C:\WINDOWS\SDKCI.EXE /s
O4 - HKLM\..\RunServices: [NTCS32.EXE] C:\WINDOWS\NTCS32.EXE /s
O4 - HKLM\..\RunServices: [IEFE.EXE] C:\WINDOWS\IEFE.EXE /s
O4 - HKLM\..\RunServices: [IPKA.EXE] C:\WINDOWS\SYSTEM\IPKA.EXE /s
O4 - HKLM\..\RunServices: [NTSS.EXE] C:\WINDOWS\SYSTEM\NTSS.EXE /s
O4 - HKLM\..\RunServices: [WINBY32.EXE] C:\WINDOWS\SYSTEM\WINBY32.EXE /s
O4 - HKLM\..\RunServices: [APIYS.EXE] C:\WINDOWS\APIYS.EXE /s
O4 - HKLM\..\RunServices: [CRLE.EXE] C:\WINDOWS\CRLE.EXE /s
O4 - HKLM\..\RunServices: [MFCUI32.EXE] C:\WINDOWS\SYSTEM\MFCUI32.EXE /s
O4 - HKLM\..\RunServices: [JAVAIS32.EXE] C:\WINDOWS\SYSTEM\JAVAIS32.EXE /s
O4 - HKLM\..\RunServices: [JAVAIR32.EXE] C:\WINDOWS\SYSTEM\JAVAIR32.EXE /s
O4 - HKLM\..\RunServices: [JAVAEG.EXE] C:\WINDOWS\SYSTEM\JAVAEG.EXE /s
O4 - HKLM\..\RunServices: [JAVAPL.EXE] C:\WINDOWS\SYSTEM\JAVAPL.EXE /s
O4 - HKLM\..\RunServices: [IEOI32.EXE] C:\WINDOWS\SYSTEM\IEOI32.EXE /s
O4 - HKLM\..\RunServices: [IEWY.EXE] C:\WINDOWS\SYSTEM\IEWY.EXE /s
O4 - HKLM\..\RunServices: [NTRN.EXE] C:\WINDOWS\SYSTEM\NTRN.EXE /s
O4 - HKLM\..\RunServices: [WINBQ32.EXE] C:\WINDOWS\SYSTEM\WINBQ32.EXE /s
O4 - HKLM\..\RunServices: [SYSHH.EXE] C:\WINDOWS\SYSHH.EXE /s
O4 - HKLM\..\RunServices: [NTOT.EXE] C:\WINDOWS\NTOT.EXE /s
O4 - HKLM\..\RunServices: [APPTW.EXE] C:\WINDOWS\SYSTEM\APPTW.EXE /s
O4 - HKLM\..\RunServices: [NETWF32.EXE] C:\WINDOWS\NETWF32.EXE /s
O4 - HKLM\..\RunServices: [IESN32.EXE] C:\WINDOWS\SYSTEM\IESN32.EXE /s
O4 - HKLM\..\RunServices: [WINXP32.EXE] C:\WINDOWS\SYSTEM\WINXP32.EXE /s
O4 - HKLM\..\RunServices: [APINT.EXE] C:\WINDOWS\SYSTEM\APINT.EXE /s
O4 - HKLM\..\RunServices: [JAVAIZ.EXE] C:\WINDOWS\SYSTEM\JAVAIZ.EXE /s
O4 - HKLM\..\RunServices: [NETVG.EXE] C:\WINDOWS\NETVG.EXE /s
O4 - HKLM\..\RunServices: [ADDPL32.EXE] C:\WINDOWS\SYSTEM\ADDPL32.EXE /s
O4 - HKLM\..\RunServices: [MSRL.EXE] C:\WINDOWS\MSRL.EXE /s
O4 - HKLM\..\RunServices: [NTME32.EXE] C:\WINDOWS\NTME32.EXE /s
O4 - HKLM\..\RunServices: [IPXG32.EXE] C:\WINDOWS\SYSTEM\IPXG32.EXE /s
O4 - HKLM\..\RunServices: [SYSDF.EXE] C:\WINDOWS\SYSDF.EXE /s
O4 - HKLM\..\RunServices: [ATLUQ32.EXE] C:\WINDOWS\SYSTEM\ATLUQ32.EXE /s
O4 - HKLM\..\RunServices: [D3HJ.EXE] C:\WINDOWS\D3HJ.EXE /s
O4 - HKLM\..\RunServices: [NETXF.EXE] C:\WINDOWS\NETXF.EXE /s
O4 - HKLM\..\RunServices: [ADDJT.EXE] C:\WINDOWS\ADDJT.EXE /s
O4 - HKLM\..\RunServices: [APPRA.EXE] C:\WINDOWS\APPRA.EXE /s
O4 - HKLM\..\RunServices: [MFCYE.EXE] C:\WINDOWS\SYSTEM\MFCYE.EXE /s
O4 - HKLM\..\RunServices: [NTQF32.EXE] C:\WINDOWS\SYSTEM\NTQF32.EXE /s
O4 - HKLM\..\RunServices: [IPVH.EXE] C:\WINDOWS\SYSTEM\IPVH.EXE /s
O4 - HKLM\..\RunServices: [D3DQ.EXE] C:\WINDOWS\SYSTEM\D3DQ.EXE /s
O4 - HKLM\..\RunServices: [JAVAXH.EXE] C:\WINDOWS\SYSTEM\JAVAXH.EXE /s
O4 - HKLM\..\RunServices: [JAVANF.EXE] C:\WINDOWS\SYSTEM\JAVANF.EXE /s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: iFormat.lnk = C:\Program Files\UFDisk\UFDisk Format Tool\iFormat.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
steamwiz
2006-01-20, 19:41
HI
Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-
O4 - HKLM\..\Run: [ATLSD32.EXE] C:\WINDOWS\SYSTEM\ATLSD32.EXE
O4 - HKLM\..\Run: [ATLRH.EXE] C:\WINDOWS\SYSTEM\ATLRH.EXE
O4 - HKLM\..\Run: [JAVAVF.EXE] C:\WINDOWS\SYSTEM\JAVAVF.EXE
O4 - HKLM\..\Run: [IPBN.EXE] C:\WINDOWS\SYSTEM\IPBN.EXE
O4 - HKLM\..\Run: [NETXE.EXE] C:\WINDOWS\SYSTEM\NETXE.EXE
O4 - HKLM\..\Run: [NTML.EXE] C:\WINDOWS\SYSTEM\NTML.EXE
O4 - HKLM\..\Run: [SYSKE32.EXE] C:\WINDOWS\SYSKE32.EXE
O4 - HKLM\..\Run: [SDKWF.EXE] C:\WINDOWS\SYSTEM\SDKWF.EXE
O4 - HKLM\..\Run: [MFCER.EXE] C:\WINDOWS\SYSTEM\MFCER.EXE
O4 - HKLM\..\Run: [SDKGH.EXE] C:\WINDOWS\SYSTEM\SDKGH.EXE
O4 - HKLM\..\Run: [CRPW.EXE] C:\WINDOWS\SYSTEM\CRPW.EXE
O4 - HKLM\..\Run: [SDKZK.EXE] C:\WINDOWS\SDKZK.EXE
O4 - HKLM\..\Run: [SYSCQ32.EXE] C:\WINDOWS\SYSCQ32.EXE
O4 - HKLM\..\Run: [ATLXA32.EXE] C:\WINDOWS\ATLXA32.EXE
O4 - HKLM\..\Run: [ATLAE32.EXE] C:\WINDOWS\ATLAE32.EXE
O4 - HKLM\..\Run: [MFCIY.EXE] C:\WINDOWS\SYSTEM\MFCIY.EXE
O4 - HKLM\..\Run: [MSLW32.EXE] C:\WINDOWS\SYSTEM\MSLW32.EXE
O4 - HKLM\..\Run: [APPNZ.EXE] C:\WINDOWS\APPNZ.EXE
O4 - HKLM\..\Run: [ADDCV32.EXE] C:\WINDOWS\SYSTEM\ADDCV32.EXE
O4 - HKLM\..\Run: [WINXD.EXE] C:\WINDOWS\WINXD.EXE
O4 - HKLM\..\Run: [NTYY.EXE] C:\WINDOWS\SYSTEM\NTYY.EXE
O4 - HKLM\..\Run: [D3XF32.EXE] C:\WINDOWS\D3XF32.EXE
O4 - HKLM\..\Run: [ADDAZ32.EXE] C:\WINDOWS\ADDAZ32.EXE
O4 - HKLM\..\Run: [SDKIM.EXE] C:\WINDOWS\SYSTEM\SDKIM.EXE
O4 - HKLM\..\Run: [SDKTI32.EXE] C:\WINDOWS\SDKTI32.EXE
O4 - HKLM\..\Run: [CRBB.EXE] C:\WINDOWS\SYSTEM\CRBB.EXE
O4 - HKLM\..\Run: [IENC.EXE] C:\WINDOWS\SYSTEM\IENC.EXE
O4 - HKLM\..\Run: [IPIL.EXE] C:\WINDOWS\SYSTEM\IPIL.EXE
O4 - HKLM\..\Run: [ATLSH.EXE] C:\WINDOWS\ATLSH.EXE
O4 - HKLM\..\Run: [JAVAHD32.EXE] C:\WINDOWS\SYSTEM\JAVAHD32.EXE
O4 - HKLM\..\Run: [JAVARC.EXE] C:\WINDOWS\JAVARC.EXE
O4 - HKLM\..\Run: [JAVANB.EXE] C:\WINDOWS\JAVANB.EXE
O4 - HKLM\..\Run: [JAVARI32.EXE] C:\WINDOWS\JAVARI32.EXE
O4 - HKLM\..\Run: [MSCU.EXE] C:\WINDOWS\SYSTEM\MSCU.EXE
O4 - HKLM\..\Run: [CRLI32.EXE] C:\WINDOWS\SYSTEM\CRLI32.EXE
O4 - HKLM\..\Run: [NTXK.EXE] C:\WINDOWS\SYSTEM\NTXK.EXE
O4 - HKLM\..\Run: [NTOP32.EXE] C:\WINDOWS\SYSTEM\NTOP32.EXE
O4 - HKLM\..\Run: [SYSUC32.EXE] C:\WINDOWS\SYSTEM\SYSUC32.EXE
O4 - HKLM\..\Run: [CRUO32.EXE] C:\WINDOWS\SYSTEM\CRUO32.EXE
O4 - HKLM\..\Run: [NETWD.EXE] C:\WINDOWS\SYSTEM\NETWD.EXE
O4 - HKLM\..\Run: [IEAB32.EXE] C:\WINDOWS\SYSTEM\IEAB32.EXE
O4 - HKLM\..\Run: [MFCXT32.EXE] C:\WINDOWS\SYSTEM\MFCXT32.EXE
O4 - HKLM\..\Run: [IEHN.EXE] C:\WINDOWS\SYSTEM\IEHN.EXE
O4 - HKLM\..\Run: [WINEH32.EXE] C:\WINDOWS\SYSTEM\WINEH32.EXE
O4 - HKLM\..\Run: [MSPJ32.EXE] C:\WINDOWS\SYSTEM\MSPJ32.EXE
O4 - HKLM\..\Run: [D3AL32.EXE] C:\WINDOWS\SYSTEM\D3AL32.EXE
O4 - HKLM\..\Run: [ATLQQ.EXE] C:\WINDOWS\SYSTEM\ATLQQ.EXE
O4 - HKLM\..\Run: [ADDPM.EXE] C:\WINDOWS\SYSTEM\ADDPM.EXE
O4 - HKLM\..\Run: [MFCEY.EXE] C:\WINDOWS\SYSTEM\MFCEY.EXE
O4 - HKLM\..\Run: [APIVM.EXE] C:\WINDOWS\SYSTEM\APIVM.EXE
O4 - HKLM\..\Run: [CRXJ32.EXE] C:\WINDOWS\CRXJ32.EXE
O4 - HKLM\..\Run: [CRUQ.EXE] C:\WINDOWS\SYSTEM\CRUQ.EXE
O4 - HKLM\..\Run: [NTPE.EXE] C:\WINDOWS\SYSTEM\NTPE.EXE
O4 - HKLM\..\Run: [CRFD32.EXE] C:\WINDOWS\SYSTEM\CRFD32.EXE
O4 - HKLM\..\Run: [SYSCW32.EXE] C:\WINDOWS\SYSTEM\SYSCW32.EXE
O4 - HKLM\..\Run: [SDKWZ.EXE] C:\WINDOWS\SDKWZ.EXE
O4 - HKLM\..\Run: [APINB32.EXE] C:\WINDOWS\SYSTEM\APINB32.EXE
O4 - HKLM\..\Run: [D3TB.EXE] C:\WINDOWS\SYSTEM\D3TB.EXE
O4 - HKLM\..\Run: [SDKZP32.EXE] C:\WINDOWS\SDKZP32.EXE
O4 - HKLM\..\Run: [MFCPE.EXE] C:\WINDOWS\MFCPE.EXE
O4 - HKLM\..\Run: [SYSXC32.EXE] C:\WINDOWS\SYSTEM\SYSXC32.EXE
O4 - HKLM\..\Run: [SDKTX32.EXE] C:\WINDOWS\SYSTEM\SDKTX32.EXE
O4 - HKLM\..\Run: [ADDKH32.EXE] C:\WINDOWS\SYSTEM\ADDKH32.EXE
O4 - HKLM\..\Run: [ADDIP.EXE] C:\WINDOWS\SYSTEM\ADDIP.EXE
O4 - HKLM\..\Run: [APPBN.EXE] C:\WINDOWS\APPBN.EXE
O4 - HKLM\..\Run: [WINXU32.EXE] C:\WINDOWS\SYSTEM\WINXU32.EXE
O4 - HKLM\..\Run: [D3AD.EXE] C:\WINDOWS\D3AD.EXE
O4 - HKLM\..\Run: [IPRO32.EXE] C:\WINDOWS\IPRO32.EXE
O4 - HKLM\..\Run: [ADDLB.EXE] C:\WINDOWS\SYSTEM\ADDLB.EXE
O4 - HKLM\..\Run: [APPMQ.EXE] C:\WINDOWS\SYSTEM\APPMQ.EXE
O4 - HKLM\..\Run: [NTGB.EXE] C:\WINDOWS\NTGB.EXE
O4 - HKLM\..\Run: [MSXI.EXE] C:\WINDOWS\MSXI.EXE
O4 - HKLM\..\Run: [SYSKP32.EXE] C:\WINDOWS\SYSTEM\SYSKP32.EXE
O4 - HKLM\..\Run: [SYSNJ.EXE] C:\WINDOWS\SYSNJ.EXE
O4 - HKLM\..\Run: [D3OV32.EXE] C:\WINDOWS\D3OV32.EXE
O4 - HKLM\..\Run: [ATLYY.EXE] C:\WINDOWS\SYSTEM\ATLYY.EXE
O4 - HKLM\..\Run: [ADDNJ32.EXE] C:\WINDOWS\ADDNJ32.EXE
O4 - HKLM\..\Run: [D3QN32.EXE] C:\WINDOWS\SYSTEM\D3QN32.EXE
O4 - HKLM\..\Run: [D3UN.EXE] C:\WINDOWS\D3UN.EXE
O4 - HKLM\..\Run: [ATLNW.EXE] C:\WINDOWS\SYSTEM\ATLNW.EXE
O4 - HKLM\..\Run: [MSXZ.EXE] C:\WINDOWS\MSXZ.EXE
O4 - HKLM\..\Run: [IPCN.EXE] C:\WINDOWS\IPCN.EXE
O4 - HKLM\..\Run: [IPTT32.EXE] C:\WINDOWS\IPTT32.EXE
O4 - HKLM\..\Run: [ATLEI.EXE] C:\WINDOWS\SYSTEM\ATLEI.EXE
O4 - HKLM\..\Run: [ATLDD.EXE] C:\WINDOWS\ATLDD.EXE
O4 - HKLM\..\Run: [ATLNA32.EXE] C:\WINDOWS\ATLNA32.EXE
O4 - HKLM\..\Run: [SYSFI.EXE] C:\WINDOWS\SYSFI.EXE
O4 - HKLM\..\Run: [IEUJ.EXE] C:\WINDOWS\SYSTEM\IEUJ.EXE
O4 - HKLM\..\Run: [MSNO32.EXE] C:\WINDOWS\SYSTEM\MSNO32.EXE
O4 - HKLM\..\Run: [IEMH.EXE] C:\WINDOWS\IEMH.EXE
O4 - HKLM\..\Run: [APIRL32.EXE] C:\WINDOWS\SYSTEM\APIRL32.EXE
O4 - HKLM\..\Run: [NTPU.EXE] C:\WINDOWS\NTPU.EXE
O4 - HKLM\..\Run: [APPWV.EXE] C:\WINDOWS\APPWV.EXE
O4 - HKLM\..\Run: [NTJN.EXE] C:\WINDOWS\NTJN.EXE
O4 - HKLM\..\Run: [ATLIV.EXE] C:\WINDOWS\ATLIV.EXE
O4 - HKLM\..\RunServices: [ADDEB.EXE] C:\WINDOWS\ADDEB.EXE /s
O4 - HKLM\..\RunServices: [IPSF32.EXE] C:\WINDOWS\SYSTEM\IPSF32.EXE /s
O4 - HKLM\..\RunServices: [IETV32.EXE] C:\WINDOWS\SYSTEM\IETV32.EXE /s
O4 - HKLM\..\RunServices: [SDKKL.EXE] C:\WINDOWS\SYSTEM\SDKKL.EXE /s
O4 - HKLM\..\RunServices: [MSXF32.EXE] C:\WINDOWS\MSXF32.EXE /s
O4 - HKLM\..\RunServices: [MSAU32.EXE] C:\WINDOWS\MSAU32.EXE /s
O4 - HKLM\..\RunServices: [ATLPD.EXE] C:\WINDOWS\ATLPD.EXE /s
O4 - HKLM\..\RunServices: [MFCUS32.EXE] C:\WINDOWS\SYSTEM\MFCUS32.EXE /s
O4 - HKLM\..\RunServices: [ADDEA.EXE] C:\WINDOWS\SYSTEM\ADDEA.EXE /s
O4 - HKLM\..\RunServices: [D3BM.EXE] C:\WINDOWS\SYSTEM\D3BM.EXE /s
O4 - HKLM\..\RunServices: [IEQK32.EXE] C:\WINDOWS\IEQK32.EXE /s
O4 - HKLM\..\RunServices: [MSJO.EXE] C:\WINDOWS\SYSTEM\MSJO.EXE /s
O4 - HKLM\..\RunServices: [IPZS.EXE] C:\WINDOWS\SYSTEM\IPZS.EXE /s
O4 - HKLM\..\RunServices: [MSIC32.EXE] C:\WINDOWS\SYSTEM\MSIC32.EXE /s
O4 - HKLM\..\RunServices: [MSZJ32.EXE] C:\WINDOWS\SYSTEM\MSZJ32.EXE /s
O4 - HKLM\..\RunServices: [MSBH.EXE] C:\WINDOWS\SYSTEM\MSBH.EXE /s
O4 - HKLM\..\RunServices: [IPSJ.EXE] C:\WINDOWS\SYSTEM\IPSJ.EXE /s
O4 - HKLM\..\RunServices: [MSGB.EXE] C:\WINDOWS\SYSTEM\MSGB.EXE /s
O4 - HKLM\..\RunServices: [NTGG32.EXE] C:\WINDOWS\SYSTEM\NTGG32.EXE /s
O4 - HKLM\..\RunServices: [SDKQN32.EXE] C:\WINDOWS\SYSTEM\SDKQN32.EXE /s
O4 - HKLM\..\RunServices: [APILO.EXE] C:\WINDOWS\APILO.EXE /s
O4 - HKLM\..\RunServices: [SYSAE.EXE] C:\WINDOWS\SYSAE.EXE /s
O4 - HKLM\..\RunServices: [APPHT32.EXE] C:\WINDOWS\APPHT32.EXE /s
O4 - HKLM\..\RunServices: [CRGF.EXE] C:\WINDOWS\CRGF.EXE /s
O4 - HKLM\..\RunServices: [ATLBW32.EXE] C:\WINDOWS\SYSTEM\ATLBW32.EXE /s
O4 - HKLM\..\RunServices: [APIPP32.EXE] C:\WINDOWS\APIPP32.EXE /s
O4 - HKLM\..\RunServices: [MFCDG32.EXE] C:\WINDOWS\MFCDG32.EXE /s
O4 - HKLM\..\RunServices: [SDKAM32.EXE] C:\WINDOWS\SDKAM32.EXE /s
O4 - HKLM\..\RunServices: [IEEE32.EXE] C:\WINDOWS\SYSTEM\IEEE32.EXE /s
O4 - HKLM\..\RunServices: [IPMN32.EXE] C:\WINDOWS\IPMN32.EXE /s
O4 - HKLM\..\RunServices: [D3CZ32.EXE] C:\WINDOWS\D3CZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKKN.EXE] C:\WINDOWS\SYSTEM\SDKKN.EXE /s
O4 - HKLM\..\RunServices: [D3EP32.EXE] C:\WINDOWS\D3EP32.EXE /s
O4 - HKLM\..\RunServices: [SYSYG32.EXE] C:\WINDOWS\SYSTEM\SYSYG32.EXE /s
O4 - HKLM\..\RunServices: [APPOG.EXE] C:\WINDOWS\SYSTEM\APPOG.EXE /s
O4 - HKLM\..\RunServices: [MSLW32.EXE] C:\WINDOWS\MSLW32.EXE /s
O4 - HKLM\..\RunServices: [ADDUG32.EXE] C:\WINDOWS\SYSTEM\ADDUG32.EXE /s
O4 - HKLM\..\RunServices: [JAVAMT32.EXE] C:\WINDOWS\JAVAMT32.EXE /s
O4 - HKLM\..\RunServices: [SYSBM32.EXE] C:\WINDOWS\SYSTEM\SYSBM32.EXE /s
O4 - HKLM\..\RunServices: [CRON.EXE] C:\WINDOWS\CRON.EXE /s
O4 - HKLM\..\RunServices: [SDKCI.EXE] C:\WINDOWS\SDKCI.EXE /s
O4 - HKLM\..\RunServices: [NTCS32.EXE] C:\WINDOWS\NTCS32.EXE /s
O4 - HKLM\..\RunServices: [IEFE.EXE] C:\WINDOWS\IEFE.EXE /s
O4 - HKLM\..\RunServices: [IPKA.EXE] C:\WINDOWS\SYSTEM\IPKA.EXE /s
O4 - HKLM\..\RunServices: [NTSS.EXE] C:\WINDOWS\SYSTEM\NTSS.EXE /s
O4 - HKLM\..\RunServices: [WINBY32.EXE] C:\WINDOWS\SYSTEM\WINBY32.EXE /s
O4 - HKLM\..\RunServices: [APIYS.EXE] C:\WINDOWS\APIYS.EXE /s
O4 - HKLM\..\RunServices: [CRLE.EXE] C:\WINDOWS\CRLE.EXE /s
O4 - HKLM\..\RunServices: [MFCUI32.EXE] C:\WINDOWS\SYSTEM\MFCUI32.EXE /s
O4 - HKLM\..\RunServices: [JAVAIS32.EXE] C:\WINDOWS\SYSTEM\JAVAIS32.EXE /s
O4 - HKLM\..\RunServices: [JAVAIR32.EXE] C:\WINDOWS\SYSTEM\JAVAIR32.EXE /s
O4 - HKLM\..\RunServices: [JAVAEG.EXE] C:\WINDOWS\SYSTEM\JAVAEG.EXE /s
O4 - HKLM\..\RunServices: [JAVAPL.EXE] C:\WINDOWS\SYSTEM\JAVAPL.EXE /s
O4 - HKLM\..\RunServices: [IEOI32.EXE] C:\WINDOWS\SYSTEM\IEOI32.EXE /s
O4 - HKLM\..\RunServices: [IEWY.EXE] C:\WINDOWS\SYSTEM\IEWY.EXE /s
O4 - HKLM\..\RunServices: [NTRN.EXE] C:\WINDOWS\SYSTEM\NTRN.EXE /s
O4 - HKLM\..\RunServices: [WINBQ32.EXE] C:\WINDOWS\SYSTEM\WINBQ32.EXE /s
O4 - HKLM\..\RunServices: [SYSHH.EXE] C:\WINDOWS\SYSHH.EXE /s
O4 - HKLM\..\RunServices: [NTOT.EXE] C:\WINDOWS\NTOT.EXE /s
O4 - HKLM\..\RunServices: [APPTW.EXE] C:\WINDOWS\SYSTEM\APPTW.EXE /s
O4 - HKLM\..\RunServices: [NETWF32.EXE] C:\WINDOWS\NETWF32.EXE /s
O4 - HKLM\..\RunServices: [IESN32.EXE] C:\WINDOWS\SYSTEM\IESN32.EXE /s
O4 - HKLM\..\RunServices: [WINXP32.EXE] C:\WINDOWS\SYSTEM\WINXP32.EXE /s
O4 - HKLM\..\RunServices: [APINT.EXE] C:\WINDOWS\SYSTEM\APINT.EXE /s
O4 - HKLM\..\RunServices: [JAVAIZ.EXE] C:\WINDOWS\SYSTEM\JAVAIZ.EXE /s
O4 - HKLM\..\RunServices: [NETVG.EXE] C:\WINDOWS\NETVG.EXE /s
O4 - HKLM\..\RunServices: [ADDPL32.EXE] C:\WINDOWS\SYSTEM\ADDPL32.EXE /s
O4 - HKLM\..\RunServices: [MSRL.EXE] C:\WINDOWS\MSRL.EXE /s
O4 - HKLM\..\RunServices: [NTME32.EXE] C:\WINDOWS\NTME32.EXE /s
O4 - HKLM\..\RunServices: [IPXG32.EXE] C:\WINDOWS\SYSTEM\IPXG32.EXE /s
O4 - HKLM\..\RunServices: [SYSDF.EXE] C:\WINDOWS\SYSDF.EXE /s
O4 - HKLM\..\RunServices: [ATLUQ32.EXE] C:\WINDOWS\SYSTEM\ATLUQ32.EXE /s
O4 - HKLM\..\RunServices: [D3HJ.EXE] C:\WINDOWS\D3HJ.EXE /s
O4 - HKLM\..\RunServices: [NETXF.EXE] C:\WINDOWS\NETXF.EXE /s
O4 - HKLM\..\RunServices: [ADDJT.EXE] C:\WINDOWS\ADDJT.EXE /s
O4 - HKLM\..\RunServices: [APPRA.EXE] C:\WINDOWS\APPRA.EXE /s
O4 - HKLM\..\RunServices: [MFCYE.EXE] C:\WINDOWS\SYSTEM\MFCYE.EXE /s
O4 - HKLM\..\RunServices: [NTQF32.EXE] C:\WINDOWS\SYSTEM\NTQF32.EXE /s
O4 - HKLM\..\RunServices: [IPVH.EXE] C:\WINDOWS\SYSTEM\IPVH.EXE /s
O4 - HKLM\..\RunServices: [D3DQ.EXE] C:\WINDOWS\SYSTEM\D3DQ.EXE /s
O4 - HKLM\..\RunServices: [JAVAXH.EXE] C:\WINDOWS\SYSTEM\JAVAXH.EXE /s
O4 - HKLM\..\RunServices: [JAVANF.EXE] C:\WINDOWS\SYSTEM\JAVANF.EXE /s
Reboot...
All those entries in msconfig should have gone...
Post a new hijackthis log...
Are your problems resolved ?
steam
About:blank is gone, as is the garbage from msconfig. I don't have a variety of unidentified processes running.
Thank you very much; to Steam personally, and to Safer Networking Forums as a group :bigthumb:
I'm off to put my money where my mouth is and make a donation.
Again, thank you!
Logfile of HijackThis v1.99.1
Scan saved at 5:25:10 PM, on 1/20/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\UFDISK\UFDISK FORMAT TOOL\IFORMAT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kccny.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SourcePath] c:\cabs\gwreg.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: iFormat.lnk = C:\Program Files\UFDisk\UFDisk Format Tool\iFormat.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
Thanks again, folks!
steamwiz
2006-01-21, 00:04
Hi
You're welcome
your log's clean :bigthumb:
happy surfing
steam
As the problem appears to be resolved this topic will be archived.
If you need it re-opened please pm me.
Glad we could help. Thank you steam. :)