Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

what to delete?


  • Please log in to reply
4 replies to this topic

#1 poshxxx

poshxxx

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 17 June 2005 - 11:46 PM

Scan saved at 4:28:33 PM, on 6/17/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\ADDLE.EXE
C:\WINDOWS\SYSYA.EXE
C:\WINDOWS\MFCTD.EXE
C:\WINDOWS\NTFH.EXE
C:\WINDOWS\CRES.EXE
C:\WINDOWS\SYSTEM\APIJO.EXE
C:\WINDOWS\SYSTEM\APIMQ.EXE
C:\WINDOWS\SYSJO.EXE
C:\WINDOWS\SYSTEM\MFCEY32.EXE
C:\WINDOWS\SYSTEM\D3ZI.EXE
C:\WINDOWS\SYSTEM\CRHC32.EXE
C:\WINDOWS\ATLHA32.EXE
C:\WINDOWS\MFCPQ.EXE
C:\WINDOWS\SYSTEM\MFCEJ.EXE
C:\WINDOWS\APPYL.EXE
C:\WINDOWS\NTFX.EXE
C:\WINDOWS\SYSTEM\ADDGG32.EXE
C:\WINDOWS\ATLNM.EXE
C:\WINDOWS\JAVALF.EXE
C:\WINDOWS\SYSTEM\NTHU.EXE
C:\WINDOWS\IEBZ32.EXE
C:\WINDOWS\SYSTEM\APPXD32.EXE
C:\WINDOWS\MFCJZ.EXE
C:\WINDOWS\SYSTEM\IPQJ.EXE
C:\WINDOWS\APIDS.EXE
C:\WINDOWS\APICV.EXE
C:\WINDOWS\SYSGX.EXE
C:\WINDOWS\MFCPP.EXE
C:\WINDOWS\SYSTEM\ATLGC32.EXE
C:\WINDOWS\SYSTEM\JAVAQQ32.EXE
C:\WINDOWS\SYSTEM\APIGD32.EXE
C:\WINDOWS\SYSTEM\MFCGF32.EXE
C:\WINDOWS\MFCIX.EXE
C:\WINDOWS\JAVAAD32.EXE
C:\WINDOWS\SYSTEM\NTXK32.EXE
C:\WINDOWS\SYSTEM\NETXO.EXE
C:\WINDOWS\SDKCL.EXE
C:\WINDOWS\SYSTEM\NETXO.EXE
C:\WINDOWS\SYSTEM\MSEU.EXE
C:\WINDOWS\SYSTEM\APIKE.EXE
C:\WINDOWS\SYSTEM\XNEFDT.EXE
C:\WINDOWS\SYSTEM\SDKFA.EXE
C:\WINDOWS\IPHE.EXE
C:\WINDOWS\IPHE.EXE
C:\WINDOWS\SYSYA.EXE
C:\WINDOWS\SYSTEM\MFCEY32.EXE
C:\WINDOWS\SYSTEM\MFCEY32.EXE
C:\WINDOWS\APICV.EXE
C:\WINDOWS\IPHE.EXE
C:\WINDOWS\SYSTEM\WINZV32.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WINZV32.EXE
C:\WINDOWS\SYSTEM\SDKFA.EXE
C:\WINDOWS\SYSYA.EXE
C:\WINDOWS\APICV.EXE
C:\WINDOWS\IPHE.EXE
C:\WINDOWS\MFCFK.EXE
C:\WINDOWS\MFCFK.EXE
C:\WINDOWS\SYSTEM\SDKFA.EXE
C:\WINDOWS\SYSYA.EXE
C:\WINDOWS\IPHE.EXE
C:\WINDOWS\IPHE.EXE
C:\WINDOWS\MSDH.EXE
C:\WINDOWS\SYSTEM\SDKFA.EXE
C:\WINDOWS\SYSYA.EXE
C:\WINDOWS\IPHE.EXE
C:\WINDOWS\SYSTEM\SDKFA.EXE
C:\WINDOWS\SYSYA.EXE
C:\WINDOWS\IPHE.EXE
C:\WINDOWS\IPHE.EXE
C:\WINDOWS\MSDH.EXE
C:\WINDOWS\SYSTEM\SDKFA.EXE
C:\WINDOWS\SYSTEM\SDKFA.EXE
C:\WINDOWS\SYSTEM\SDKFA.EXE
C:\WINDOWS\SYSTEM\SDKFA.EXE
C:\WINDOWS\SYSYA.EXE
C:\WINDOWS\SYSTEM\SDKFA.EXE
C:\WINDOWS\IPHE.EXE
C:\WINDOWS\IPHE.EXE
C:\WINDOWS\SYSYA.EXE
C:\WINDOWS\MSDH.EXE
C:\WINDOWS\MFCFK.EXE
C:\WINDOWS\SYSYA.EXE
C:\WINDOWS\IPHE.EXE
C:\WINDOWS\IPHE.EXE
C:\WINDOWS\IPHE.EXE
C:\WINDOWS\IPHE.EXE
C:\WINDOWS\SYSTEM\SDKFA.EXE
C:\WINDOWS\SYSYA.EXE
C:\WINDOWS\SYSTEM\APIKE.EXE
C:\WINDOWS\SYSTEM\APIKE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\D3UO32.EXE
C:\WINDOWS\SYSTEM\SDKFA.EXE
C:\WINDOWS\IPHE.EXE
C:\WINDOWS\IPHE.EXE
C:\WINDOWS\SYSTEM\MFCEJ.EXE
C:\WINDOWS\SYSYA.EXE
C:\WINDOWS\SYSTEM\SDKFA.EXE
C:\WINDOWS\SYSTEM\APIKE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lmrtk.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lmrtk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lmrtk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lmrtk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lmrtk.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lmrtk.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lmrtk.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {E83AE63A-AC80-13DC-DEB9-8A3C400405AA} - C:\WINDOWS\SYSTEM\MFCJD.DLL
O2 - BHO: Class - {E4316913-4A15-13C7-EF04-CC16C6551769} - C:\WINDOWS\SYSTEM\IEDC.DLL
O2 - BHO: Class - {48F3AF0B-D21E-99F0-BFCA-85E9902D9855} - C:\WINDOWS\SYSTEM\SDKWL32.DLL
O2 - BHO: Class - {B6013F81-3114-CDD3-F1BE-E1672AB80E5C} - C:\WINDOWS\SYSTEM\MFCRY.DLL
O2 - BHO: Class - {FBB1288E-F9DA-63B6-535A-91E59402B4CE} - C:\WINDOWS\SYSXI32.DLL
O2 - BHO: Class - {4DA8CAE4-8676-C0B7-802D-3BAD02EFF99E} - C:\WINDOWS\SYSTEM\ATLPZ32.DLL
O2 - BHO: Class - {C2E2D6AE-6948-2FD3-6A8F-2314B7F1C88F} - C:\WINDOWS\SYSTEM\JAVARV.DLL
O2 - BHO: Class - {809E2C70-A0DF-6D0F-11AF-D992FC8D499D} - C:\WINDOWS\SYSTEM\CRLE.DLL
O2 - BHO: Class - {F2630AEE-E243-8EB6-48F3-32C89B85DBD5} - C:\WINDOWS\SYSTEM\IENT32.DLL
O2 - BHO: Class - {A8EF15EB-C199-52DA-C71D-992B49FD321E} - C:\WINDOWS\SDKZX.DLL
O2 - BHO: Class - {03517127-00C0-4EA8-8A0D-A0DA652FE0AB} - C:\WINDOWS\IEKL32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_6_2_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [D3UO32.EXE] C:\WINDOWS\SYSTEM\D3UO32.EXE
O4 - HKLM\..\Run: [NTYZ32.EXE] C:\WINDOWS\SYSTEM\NTYZ32.EXE
O4 - HKLM\..\Run: [IPZJ.EXE] C:\WINDOWS\SYSTEM\IPZJ.EXE
O4 - HKLM\..\Run: [D3LI.EXE] C:\WINDOWS\SYSTEM\D3LI.EXE
O4 - HKLM\..\Run: [xnefdt] C:\WINDOWS\SYSTEM\xnefdt.exe
O4 - HKLM\..\Run: [WINIW.EXE] C:\WINDOWS\SYSTEM\WINIW.EXE
O4 - HKLM\..\Run: [NETXA.EXE] C:\WINDOWS\SYSTEM\NETXA.EXE
O4 - HKLM\..\Run: [SYSDO32.EXE] C:\WINDOWS\SYSDO32.EXE
O4 - HKLM\..\Run: [CRRW.EXE] C:\WINDOWS\SYSTEM\CRRW.EXE
O4 - HKLM\..\Run: [MSGJ.EXE] C:\WINDOWS\MSGJ.EXE
O4 - HKLM\..\Run: [NTPU32.EXE] C:\WINDOWS\SYSTEM\NTPU32.EXE
O4 - HKLM\..\Run: [nldesqm] C:\WINDOWS\SYSTEM\nldesqm.exe
O4 - HKLM\..\Run: [rtthifj] C:\WINDOWS\SYSTEM\rtthifj.exe
O4 - HKLM\..\Run: [D3VX.EXE] C:\WINDOWS\D3VX.EXE
O4 - HKLM\..\Run: [NTBO.EXE] C:\WINDOWS\SYSTEM\NTBO.EXE
O4 - HKLM\..\Run: [WINXY.EXE] C:\WINDOWS\SYSTEM\WINXY.EXE
O4 - HKLM\..\Run: [ATLJL32.EXE] C:\WINDOWS\SYSTEM\ATLJL32.EXE
O4 - HKLM\..\Run: [NETUP.EXE] C:\WINDOWS\SYSTEM\NETUP.EXE
O4 - HKLM\..\Run: [JAVAQS32.EXE] C:\WINDOWS\JAVAQS32.EXE
O4 - HKLM\..\Run: [CRCV.EXE] C:\WINDOWS\CRCV.EXE
O4 - HKLM\..\Run: [MSMC32.EXE] C:\WINDOWS\MSMC32.EXE
O4 - HKLM\..\Run: [eas] C:\WINDOWS\SYSTEM\eas.exe
O4 - HKLM\..\Run: [byr] C:\WINDOWS\SYSTEM\byr.exe
O4 - HKLM\..\Run: [SYSXX32.EXE] C:\WINDOWS\SYSTEM\SYSXX32.EXE
O4 - HKLM\..\Run: [APIIT.EXE] C:\WINDOWS\APIIT.EXE
O4 - HKLM\..\Run: [JAVAXN.EXE] C:\WINDOWS\SYSTEM\JAVAXN.EXE
O4 - HKLM\..\Run: [lourdkj] C:\WINDOWS\SYSTEM\lourdkj.exe
O4 - HKLM\..\Run: [D3NS.EXE] C:\WINDOWS\D3NS.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NETJD32.EXE] C:\WINDOWS\NETJD32.EXE /s
O4 - HKLM\..\RunServices: [MFCKI32.EXE] C:\WINDOWS\MFCKI32.EXE /s
O4 - HKLM\..\RunServices: [APIKE.EXE] C:\WINDOWS\SYSTEM\APIKE.EXE /s
O4 - HKLM\..\RunServices: [JAVAZV.EXE] C:\WINDOWS\SYSTEM\JAVAZV.EXE /s
O4 - HKLM\..\RunServices: [NETLX.EXE] C:\WINDOWS\SYSTEM\NETLX.EXE /s
O4 - HKLM\..\RunServices: [CRYF32.EXE] C:\WINDOWS\SYSTEM\CRYF32.EXE /s
O4 - HKLM\..\RunServices: [ATLMG32.EXE] C:\WINDOWS\SYSTEM\ATLMG32.EXE /s
O4 - HKLM\..\RunServices: [SDKAS32.EXE] C:\WINDOWS\SYSTEM\SDKAS32.EXE /s
O4 - HKLM\..\RunServices: [CRAV.EXE] C:\WINDOWS\CRAV.EXE /s
O4 - HKLM\..\RunServices: [IPND.EXE] C:\WINDOWS\SYSTEM\IPND.EXE /s
O4 - HKLM\..\RunServices: [CRDN.EXE] C:\WINDOWS\SYSTEM\CRDN.EXE /s
O4 - HKLM\..\RunServices: [ATLFZ.EXE] C:\WINDOWS\SYSTEM\ATLFZ.EXE /s
O4 - HKLM\..\RunServices: [IEDU32.EXE] C:\WINDOWS\IEDU32.EXE /s
O4 - HKLM\..\RunServices: [ATLFB32.EXE] C:\WINDOWS\SYSTEM\ATLFB32.EXE /s
O4 - HKLM\..\RunServices: [NETXO.EXE] C:\WINDOWS\SYSTEM\NETXO.EXE /s
O4 - HKLM\..\RunServices: [MSAB32.EXE] C:\WINDOWS\SYSTEM\MSAB32.EXE /s
O4 - HKLM\..\RunServices: [SDKXA32.EXE] C:\WINDOWS\SYSTEM\SDKXA32.EXE /s
O4 - HKLM\..\RunServices: [IPHE.EXE] C:\WINDOWS\IPHE.EXE /s
O4 - HKLM\..\RunServices: [JAVAEK32.EXE] C:\WINDOWS\SYSTEM\JAVAEK32.EXE /s
O4 - HKLM\..\RunServices: [NTQN32.EXE] C:\WINDOWS\NTQN32.EXE /s
O4 - HKLM\..\RunServices: [APPPM32.EXE] C:\WINDOWS\APPPM32.EXE /s
O4 - HKLM\..\RunServices: [CRVT32.EXE] C:\WINDOWS\CRVT32.EXE /s
O4 - HKLM\..\RunServices: [ADDLE.EXE] C:\WINDOWS\ADDLE.EXE /s
O4 - HKLM\..\RunServices: [NETXG.EXE] C:\WINDOWS\NETXG.EXE /s
O4 - HKLM\..\RunServices: [NTJP32.EXE] C:\WINDOWS\NTJP32.EXE /s
O4 - HKLM\..\RunServices: [MSFK32.EXE] C:\WINDOWS\SYSTEM\MSFK32.EXE /s
O4 - HKLM\..\RunServices: [SDKAD32.EXE] C:\WINDOWS\SYSTEM\SDKAD32.EXE /s
O4 - HKLM\..\RunServices: [APPTI32.EXE] C:\WINDOWS\SYSTEM\APPTI32.EXE /s
O4 - HKLM\..\RunServices: [D3WN32.EXE] C:\WINDOWS\SYSTEM\D3WN32.EXE /s
O4 - HKLM\..\RunServices: [IEKW32.EXE] C:\WINDOWS\SYSTEM\IEKW32.EXE /s
O4 - HKLM\..\RunServices: [APPGM32.EXE] C:\WINDOWS\APPGM32.EXE /s
O4 - HKLM\..\RunServices: [SYSYA.EXE] C:\WINDOWS\SYSYA.EXE /s
O4 - HKLM\..\RunServices: [ADDKW32.EXE] C:\WINDOWS\SYSTEM\ADDKW32.EXE /s
O4 - HKLM\..\RunServices: [MFCTD.EXE] C:\WINDOWS\MFCTD.EXE /s
O4 - HKLM\..\RunServices: [NTFH.EXE] C:\WINDOWS\NTFH.EXE /s
O4 - HKLM\..\RunServices: [ATLQQ32.EXE] C:\WINDOWS\ATLQQ32.EXE /s
O4 - HKLM\..\RunServices: [CRES.EXE] C:\WINDOWS\CRES.EXE /s
O4 - HKLM\..\RunServices: [APIJO.EXE] C:\WINDOWS\SYSTEM\APIJO.EXE /s
O4 - HKLM\..\RunServices: [APIMQ.EXE] C:\WINDOWS\SYSTEM\APIMQ.EXE /s
O4 - HKLM\..\RunServices: [SYSJO.EXE] C:\WINDOWS\SYSJO.EXE /s
O4 - HKLM\..\RunServices: [APILQ32.EXE] C:\WINDOWS\APILQ32.EXE /s
O4 - HKLM\..\RunServices: [MFCEY32.EXE] C:\WINDOWS\SYSTEM\MFCEY32.EXE /s
O4 - HKLM\..\RunServices: [D3ZI.EXE] C:\WINDOWS\SYSTEM\D3ZI.EXE /s
O4 - HKLM\..\RunServices: [CRHC32.EXE] C:\WINDOWS\SYSTEM\CRHC32.EXE /s
O4 - HKLM\..\RunServices: [ATLHA32.EXE] C:\WINDOWS\ATLHA32.EXE /s
O4 - HKLM\..\RunServices: [MFCPQ.EXE] C:\WINDOWS\MFCPQ.EXE /s
O4 - HKLM\..\RunServices: [MFCEJ.EXE] C:\WINDOWS\SYSTEM\MFCEJ.EXE /s
O4 - HKLM\..\RunServices: [APPYL.EXE] C:\WINDOWS\APPYL.EXE /s
O4 - HKLM\..\RunServices: [NTFX.EXE] C:\WINDOWS\NTFX.EXE /s
O4 - HKLM\..\RunServices: [ADDGG32.EXE] C:\WINDOWS\SYSTEM\ADDGG32.EXE /s
O4 - HKLM\..\RunServices: [ATLNM.EXE] C:\WINDOWS\ATLNM.EXE /s
O4 - HKLM\..\RunServices: [JAVALF.EXE] C:\WINDOWS\JAVALF.EXE /s
O4 - HKLM\..\RunServices: [NTHU.EXE] C:\WINDOWS\SYSTEM\NTHU.EXE /s
O4 - HKLM\..\RunServices: [IEBZ32.EXE] C:\WINDOWS\IEBZ32.EXE /s
O4 - HKLM\..\RunServices: [APPXD32.EXE] C:\WINDOWS\SYSTEM\APPXD32.EXE /s
O4 - HKLM\..\RunServices: [MFCJZ.EXE] C:\WINDOWS\MFCJZ.EXE /s
O4 - HKLM\..\RunServices: [IPQJ.EXE] C:\WINDOWS\SYSTEM\IPQJ.EXE /s
O4 - HKLM\..\RunServices: [APIDS.EXE] C:\WINDOWS\APIDS.EXE /s
O4 - HKLM\..\RunServices: [APICV.EXE] C:\WINDOWS\APICV.EXE /s
O4 - HKLM\..\RunServices: [SYSGX.EXE] C:\WINDOWS\SYSGX.EXE /s
O4 - HKLM\..\RunServices: [MFCPP.EXE] C:\WINDOWS\MFCPP.EXE /s
O4 - HKLM\..\RunServices: [ATLGC32.EXE] C:\WINDOWS\SYSTEM\ATLGC32.EXE /s
O4 - HKLM\..\RunServices: [JAVAQQ32.EXE] C:\WINDOWS\SYSTEM\JAVAQQ32.EXE /s
O4 - HKLM\..\RunServices: [SDKHF32.EXE] C:\WINDOWS\SYSTEM\SDKHF32.EXE /s
O4 - HKLM\..\RunServices: [APIGD32.EXE] C:\WINDOWS\SYSTEM\APIGD32.EXE /s
O4 - HKLM\..\RunServices: [MFCGF32.EXE] C:\WINDOWS\SYSTEM\MFCGF32.EXE /s
O4 - HKLM\..\RunServices: [MFCIX.EXE] C:\WINDOWS\MFCIX.EXE /s
O4 - HKLM\..\RunServices: [JAVAAD32.EXE] C:\WINDOWS\JAVAAD32.EXE /s
O4 - HKLM\..\RunServices: [NTXK32.EXE] C:\WINDOWS\SYSTEM\NTXK32.EXE /s
O4 - HKLM\..\RunServices: [SDKCL.EXE] C:\WINDOWS\SDKCL.EXE /s
O4 - HKLM\..\RunServices: [SDKFA.EXE] C:\WINDOWS\SYSTEM\SDKFA.EXE /s
O4 - HKLM\..\RunServices: [MSEU.EXE] C:\WINDOWS\SYSTEM\MSEU.EXE /s
O4 - HKLM\..\RunServices: [WINZV32.EXE] C:\WINDOWS\SYSTEM\WINZV32.EXE /s
O4 - HKLM\..\RunServices: [MFCFK.EXE] C:\WINDOWS\MFCFK.EXE /s
O4 - HKLM\..\RunServices: [MSDH.EXE] C:\WINDOWS\MSDH.EXE /s
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
O4 - Startup: Acrobat Assistant.lnk = ?
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/lo...1/bin/imvid.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} (IMViewerControl Class) - http://companion.logitech.com/companion/lo...1/bin/imvid.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/ACNePlayer.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab
O16 - DPF: {6D3CED33-9C0A-44BA-AAB9-252EE67A436C} (IEObj Class) - http://fs.adelphia.freedom.net/software/dmx.cab

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:42 AM

Posted 18 June 2005 - 01:30 PM

Download cwshredder 2.12 from here:

http://cwshredder.net/bin/CWShredder.exe

Run the file after it is downloaded and click on the fix button. Let it do its thing and when its done, even if it crashes.

When its done run hijackthis again post a new log

#3 poshxxx

poshxxx
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 18 June 2005 - 02:56 PM

AFTER SHREDDER.....
Logfile of HijackThis v1.99.1
Scan saved at 3:56:08 PM, on 6/18/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSAB32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SDKXA32.EXE
C:\WINDOWS\IPHE.EXE
C:\WINDOWS\SYSTEM\JAVAEK32.EXE
C:\WINDOWS\NTQN32.EXE
C:\WINDOWS\APPPM32.EXE
C:\WINDOWS\CRVT32.EXE
C:\WINDOWS\ADDLE.EXE
C:\WINDOWS\NETXG.EXE
C:\WINDOWS\NTJP32.EXE
C:\WINDOWS\SYSTEM\MSFK32.EXE
C:\WINDOWS\SYSTEM\SDKAD32.EXE
C:\WINDOWS\SYSTEM\APPTI32.EXE
C:\WINDOWS\SYSTEM\D3WN32.EXE
C:\WINDOWS\SYSTEM\IEKW32.EXE
C:\WINDOWS\APPGM32.EXE
C:\WINDOWS\SYSYA.EXE
C:\WINDOWS\SYSTEM\ADDKW32.EXE
C:\WINDOWS\MFCTD.EXE
C:\WINDOWS\NTFH.EXE
C:\WINDOWS\ATLQQ32.EXE
C:\WINDOWS\CRES.EXE
C:\WINDOWS\SYSTEM\APIJO.EXE
C:\WINDOWS\SYSTEM\APIMQ.EXE
C:\WINDOWS\SYSJO.EXE
C:\WINDOWS\APILQ32.EXE
C:\WINDOWS\SYSTEM\MFCEY32.EXE
C:\WINDOWS\SYSTEM\D3ZI.EXE
C:\WINDOWS\SYSTEM\CRHC32.EXE
C:\WINDOWS\ATLHA32.EXE
C:\WINDOWS\MFCPQ.EXE
C:\WINDOWS\SYSTEM\MFCEJ.EXE
C:\WINDOWS\APPYL.EXE
C:\WINDOWS\NTFX.EXE
C:\WINDOWS\SYSTEM\ADDGG32.EXE
C:\WINDOWS\ATLNM.EXE
C:\WINDOWS\JAVALF.EXE
C:\WINDOWS\SYSTEM\NTHU.EXE
C:\WINDOWS\IEBZ32.EXE
C:\WINDOWS\SYSTEM\APPXD32.EXE
C:\WINDOWS\MFCJZ.EXE
C:\WINDOWS\SYSTEM\IPQJ.EXE
C:\WINDOWS\APIDS.EXE
C:\WINDOWS\APICV.EXE
C:\WINDOWS\SYSGX.EXE
C:\WINDOWS\MFCPP.EXE
C:\WINDOWS\SYSTEM\ATLGC32.EXE
C:\WINDOWS\SYSTEM\JAVAQQ32.EXE
C:\WINDOWS\SYSTEM\SDKHF32.EXE
C:\WINDOWS\SYSTEM\APIGD32.EXE
C:\WINDOWS\SYSTEM\MFCGF32.EXE
C:\WINDOWS\MFCIX.EXE
C:\WINDOWS\JAVAAD32.EXE
C:\WINDOWS\SYSTEM\NTXK32.EXE
C:\WINDOWS\SDKCL.EXE
C:\WINDOWS\SYSTEM\SDKFA.EXE
C:\WINDOWS\SYSTEM\MSEU.EXE
C:\WINDOWS\SYSTEM\WINZV32.EXE
C:\WINDOWS\MFCFK.EXE
C:\WINDOWS\MSDH.EXE
C:\WINDOWS\SYSTEM\APIKE.EXE
C:\WINDOWS\SYSTEM\D3UO32.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\WINDOWS\SYSTEM\APIKE.EXE
C:\WINDOWS\SYSTEM\SDKFA.EXE
C:\WINDOWS\SYSTEM\APIKE.EXE
C:\WINDOWS\SYSTEM\SDKFA.EXE
C:\WINDOWS\SYSTEM\MSAB32.EXE
C:\WINDOWS\MFCPQ.EXE
C:\WINDOWS\SYSTEM\APIKE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\MFCPQ.EXE
C:\WINDOWS\SYSVY.EXE
C:\WINDOWS\MFCPQ.EXE
C:\WINDOWS\ATLEN32.EXE
C:\WINDOWS\MFCPQ.EXE
C:\WINDOWS\JAVAMV32.EXE
C:\WINDOWS\MFCPQ.EXE
C:\WINDOWS\IEUM32.EXE
C:\WINDOWS\JAVAMV32.EXE
C:\WINDOWS\SYSTEM\IEJF32.EXE
C:\WINDOWS\DESKTOP\MY BRIEFCASE\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\imbqj.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\imbqj.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\imbqj.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\imbqj.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\imbqj.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\imbqj.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\imbqj.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {E83AE63A-AC80-13DC-DEB9-8A3C400405AA} - C:\WINDOWS\SYSTEM\MFCJD.DLL
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [D3NS.EXE] C:\WINDOWS\D3NS.EXE
O4 - HKLM\..\Run: [D3UO32.EXE] C:\WINDOWS\SYSTEM\D3UO32.EXE
O4 - HKLM\..\RunServices: [MSAB32.EXE] C:\WINDOWS\SYSTEM\MSAB32.EXE /s
O4 - HKLM\..\RunServices: [SDKXA32.EXE] C:\WINDOWS\SYSTEM\SDKXA32.EXE /s
O4 - HKLM\..\RunServices: [IPHE.EXE] C:\WINDOWS\IPHE.EXE /s
O4 - HKLM\..\RunServices: [JAVAEK32.EXE] C:\WINDOWS\SYSTEM\JAVAEK32.EXE /s
O4 - HKLM\..\RunServices: [NTQN32.EXE] C:\WINDOWS\NTQN32.EXE /s
O4 - HKLM\..\RunServices: [APPPM32.EXE] C:\WINDOWS\APPPM32.EXE /s
O4 - HKLM\..\RunServices: [CRVT32.EXE] C:\WINDOWS\CRVT32.EXE /s
O4 - HKLM\..\RunServices: [ADDLE.EXE] C:\WINDOWS\ADDLE.EXE /s
O4 - HKLM\..\RunServices: [NETXG.EXE] C:\WINDOWS\NETXG.EXE /s
O4 - HKLM\..\RunServices: [NTJP32.EXE] C:\WINDOWS\NTJP32.EXE /s
O4 - HKLM\..\RunServices: [MSFK32.EXE] C:\WINDOWS\SYSTEM\MSFK32.EXE /s
O4 - HKLM\..\RunServices: [SDKAD32.EXE] C:\WINDOWS\SYSTEM\SDKAD32.EXE /s
O4 - HKLM\..\RunServices: [APPTI32.EXE] C:\WINDOWS\SYSTEM\APPTI32.EXE /s
O4 - HKLM\..\RunServices: [D3WN32.EXE] C:\WINDOWS\SYSTEM\D3WN32.EXE /s
O4 - HKLM\..\RunServices: [IEKW32.EXE] C:\WINDOWS\SYSTEM\IEKW32.EXE /s
O4 - HKLM\..\RunServices: [APPGM32.EXE] C:\WINDOWS\APPGM32.EXE /s
O4 - HKLM\..\RunServices: [SYSYA.EXE] C:\WINDOWS\SYSYA.EXE /s
O4 - HKLM\..\RunServices: [ADDKW32.EXE] C:\WINDOWS\SYSTEM\ADDKW32.EXE /s
O4 - HKLM\..\RunServices: [MFCTD.EXE] C:\WINDOWS\MFCTD.EXE /s
O4 - HKLM\..\RunServices: [NTFH.EXE] C:\WINDOWS\NTFH.EXE /s
O4 - HKLM\..\RunServices: [ATLQQ32.EXE] C:\WINDOWS\ATLQQ32.EXE /s
O4 - HKLM\..\RunServices: [CRES.EXE] C:\WINDOWS\CRES.EXE /s
O4 - HKLM\..\RunServices: [APIJO.EXE] C:\WINDOWS\SYSTEM\APIJO.EXE /s
O4 - HKLM\..\RunServices: [APIMQ.EXE] C:\WINDOWS\SYSTEM\APIMQ.EXE /s
O4 - HKLM\..\RunServices: [SYSJO.EXE] C:\WINDOWS\SYSJO.EXE /s
O4 - HKLM\..\RunServices: [APILQ32.EXE] C:\WINDOWS\APILQ32.EXE /s
O4 - HKLM\..\RunServices: [MFCEY32.EXE] C:\WINDOWS\SYSTEM\MFCEY32.EXE /s
O4 - HKLM\..\RunServices: [D3ZI.EXE] C:\WINDOWS\SYSTEM\D3ZI.EXE /s
O4 - HKLM\..\RunServices: [CRHC32.EXE] C:\WINDOWS\SYSTEM\CRHC32.EXE /s
O4 - HKLM\..\RunServices: [ATLHA32.EXE] C:\WINDOWS\ATLHA32.EXE /s
O4 - HKLM\..\RunServices: [MFCPQ.EXE] C:\WINDOWS\MFCPQ.EXE /s
O4 - HKLM\..\RunServices: [MFCEJ.EXE] C:\WINDOWS\SYSTEM\MFCEJ.EXE /s
O4 - HKLM\..\RunServices: [APPYL.EXE] C:\WINDOWS\APPYL.EXE /s
O4 - HKLM\..\RunServices: [NTFX.EXE] C:\WINDOWS\NTFX.EXE /s
O4 - HKLM\..\RunServices: [ADDGG32.EXE] C:\WINDOWS\SYSTEM\ADDGG32.EXE /s
O4 - HKLM\..\RunServices: [ATLNM.EXE] C:\WINDOWS\ATLNM.EXE /s
O4 - HKLM\..\RunServices: [JAVALF.EXE] C:\WINDOWS\JAVALF.EXE /s
O4 - HKLM\..\RunServices: [NTHU.EXE] C:\WINDOWS\SYSTEM\NTHU.EXE /s
O4 - HKLM\..\RunServices: [IEBZ32.EXE] C:\WINDOWS\IEBZ32.EXE /s
O4 - HKLM\..\RunServices: [APPXD32.EXE] C:\WINDOWS\SYSTEM\APPXD32.EXE /s
O4 - HKLM\..\RunServices: [MFCJZ.EXE] C:\WINDOWS\MFCJZ.EXE /s
O4 - HKLM\..\RunServices: [IPQJ.EXE] C:\WINDOWS\SYSTEM\IPQJ.EXE /s
O4 - HKLM\..\RunServices: [APIDS.EXE] C:\WINDOWS\APIDS.EXE /s
O4 - HKLM\..\RunServices: [APICV.EXE] C:\WINDOWS\APICV.EXE /s
O4 - HKLM\..\RunServices: [SYSGX.EXE] C:\WINDOWS\SYSGX.EXE /s
O4 - HKLM\..\RunServices: [MFCPP.EXE] C:\WINDOWS\MFCPP.EXE /s
O4 - HKLM\..\RunServices: [ATLGC32.EXE] C:\WINDOWS\SYSTEM\ATLGC32.EXE /s
O4 - HKLM\..\RunServices: [JAVAQQ32.EXE] C:\WINDOWS\SYSTEM\JAVAQQ32.EXE /s
O4 - HKLM\..\RunServices: [SDKHF32.EXE] C:\WINDOWS\SYSTEM\SDKHF32.EXE /s
O4 - HKLM\..\RunServices: [APIGD32.EXE] C:\WINDOWS\SYSTEM\APIGD32.EXE /s
O4 - HKLM\..\RunServices: [MFCGF32.EXE] C:\WINDOWS\SYSTEM\MFCGF32.EXE /s
O4 - HKLM\..\RunServices: [MFCIX.EXE] C:\WINDOWS\MFCIX.EXE /s
O4 - HKLM\..\RunServices: [JAVAAD32.EXE] C:\WINDOWS\JAVAAD32.EXE /s
O4 - HKLM\..\RunServices: [NTXK32.EXE] C:\WINDOWS\SYSTEM\NTXK32.EXE /s
O4 - HKLM\..\RunServices: [SDKCL.EXE] C:\WINDOWS\SDKCL.EXE /s
O4 - HKLM\..\RunServices: [SDKFA.EXE] C:\WINDOWS\SYSTEM\SDKFA.EXE /s
O4 - HKLM\..\RunServices: [MSEU.EXE] C:\WINDOWS\SYSTEM\MSEU.EXE /s
O4 - HKLM\..\RunServices: [WINZV32.EXE] C:\WINDOWS\SYSTEM\WINZV32.EXE /s
O4 - HKLM\..\RunServices: [MFCFK.EXE] C:\WINDOWS\MFCFK.EXE /s
O4 - HKLM\..\RunServices: [MSDH.EXE] C:\WINDOWS\MSDH.EXE /s
O4 - HKLM\..\RunServices: [APIKE.EXE] C:\WINDOWS\SYSTEM\APIKE.EXE /s
O4 - HKLM\..\RunServices: [SYSVY.EXE] C:\WINDOWS\SYSVY.EXE /s
O4 - HKLM\..\RunServices: [ATLEN32.EXE] C:\WINDOWS\ATLEN32.EXE /s
O4 - HKLM\..\RunServices: [JAVAMV32.EXE] C:\WINDOWS\JAVAMV32.EXE /s
O4 - HKLM\..\RunServices: [IEUM32.EXE] C:\WINDOWS\IEUM32.EXE /s
O4 - HKLM\..\RunServices: [IEJF32.EXE] C:\WINDOWS\SYSTEM\IEJF32.EXE /s
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
O4 - Startup: Acrobat Assistant.lnk = ?
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/lo...1/bin/imvid.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} (IMViewerControl Class) - http://companion.logitech.com/companion/lo...1/bin/imvid.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/ACNePlayer.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab
O16 - DPF: {6D3CED33-9C0A-44BA-AAB9-252EE67A436C} (IEObj Class) - http://fs.adelphia.freedom.net/software/dmx.cab

#4 poshxxx

poshxxx
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 19 June 2005 - 04:51 AM

bump

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:42 AM

Posted 19 June 2005 - 06:03 PM

Download AboutBuster.zip to your desktop.
- Unzip the contents of AboutBuster.zip to it's own folder.
- Navigate to the AboutBuster folder and double-click on AboutBuster.exe.
- Click Update to begin the update process.
- If any updates exist please install them.
- Close AboutBuster by clicking on Exit. AboutBuster will be used later.

--->note: AboutBuster should be run in Safe Mode <---

Browse to where you saved AboutBuster and double click AboutBuster.exe.
- Click Begin removal to allow AboutBuster to scan.
- When it has finished, AboutBuster will open a 'Scan Completed' window. Click OK.
- Another information window will open. Click on Exit.
- AboutBuster will inform you that a log has been created. Click OK.

Reboot normally and post the AboutBuster log along with a fresh HJT log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users