jvaw.exe

[LonnyRJones]

Start Hijackthis and place a check next to these items If there.
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKCU\..\Run: [Arcqkx] D:\DOKUME~1\EIKE~1.ICE\ANWEND~1\MCROSO~1.NET\JVAW~1.EXE
O4 - HKCU\..\Run: [Aawn] "D:\PROGRA~1\COMMON~1\PPPATC~1\cmd.exe" -vt tzt
O20 - AppInit_DLLs: svchost.dll D:\WINNT\system32\svchost.dll
====================================
Hit fix checked and close Hijackthis.(not to worry about the error)

Copy the contents of the quote box below into a new notepad document (not wordpad).
Click file> save as...> call it moveit.bat > file types *all files*> and save it to desktop.

@echo off
attrib -h -s "D:\DOKUME~1\EIKE~1.ICE\ANWEND~1\MCROSO~1.NET\*.*"
attrib -h -s "D:\PROGRA~1\COMMON~1\PPPATC~1\*.*"
move "D:\DOKUME~1\EIKE~1.ICE\ANWEND~1\MCROSO~1.NET" %temp%\
move "D:\PROGRA~1\COMMON~1\PPPATC~1" %temp%\

Run moveit.bat
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Hijackthis and place a check next to those same items if there and click fix checked.

Post back with another Hiajckthis log please

[Xprisoner]

I think the problem is solved. Good help. I am very grateful. I post a last log. I hope the system is clean now.

Logfile of HijackThis v1.99.1
Scan saved at 12:37:15, on 02.07.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Programme\AntiVir PersonalEdition Classic\sched.exe
D:\Programme\AntiVir PersonalEdition Classic\avguard.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\hidserv.exe
D:\WINNT\System32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\RUNDLL32.EXE
D:\WINNT\system32\RunDll32.exe
D:\WINNT\system32\TCAUDIAG.exe
D:\Programme\Java\jre1.5.0_06\bin\jusched.exe
D:\Programme\iTunes\iTunesHelper.exe
D:\Programme\Logitech\MouseWare\system\em_exec.exe
D:\Programme\QuickTime\qttask.exe
D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programme\iPod\bin\iPodService.exe
D:\Programme\MSN Messenger\msnmsgr.exe
D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\WINNT\system32\wuauclt.exe
D:\Programme\RegCleaner\RegCleanr.exe
D:\Dokumente und Einstellungen\eike.ICET\Desktop\HijackThis.exe

O1 - Hosts: 83.151.24.130 L2authd.lineage2.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "D:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aawn] "D:\PROGRA~1\COMMON~1\PPPATC~1\cmd.exe" -vt tzt
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1146681836781
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O20 - AppInit_DLLs: svchost.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - D:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\System32\nvsvc32.exe

[LonnyRJones]

Good

Start Hijackthis and place a check next to these items If there.
O4 - HKCU\..\Run: [Aawn] "D:\PROGRA~1\COMMON~1\PPPATC~1\cmd.exe" -vt tzt
O20 - AppInit_DLLs: svchost.dll

Optional fix's
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyGaming\PartyPoker\RunApp.exe
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post back with another log after about a full day please

[tashi]

How is the computer running Xprisoner

[tashi]

This topic is closed.

If you need it re-opened please send me a pm and provide a link to the thread.
Applies only to the original topic starter.