Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with Hijack This log


  • Please log in to reply
6 replies to this topic

#1 Noborderlines

Noborderlines

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 12 January 2005 - 07:07 AM

I know that my computer has been hijacked by Home Search Assistent (that is the way it is spelled in my ad/remove program box!) and probably a few others...I have a Dell laptop Inspiron. It is running incredibly slow due in most part to the resources sucked out by the hijackers...I have run adaware and fixed the spyware that appeared, but I can't seem to get rid of whatever is hijacking me now, and I don't know how to read the list that hijack this is generating. Please help?!
Noborderlines
Logfile of HijackThis v1.98.2
Scan saved at 11:44:27 PM, on 1/11/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\IPSX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\D3CM32.EXE
C:\WINDOWS\NTHJ.EXE
C:\WINDOWS\IPVC.EXE
C:\WINDOWS\SYSTEM\ADDWX32.EXE
C:\WINDOWS\SYSTEM\MSXZ.EXE
C:\WINDOWS\IEAG.EXE
C:\WINDOWS\NTMT32.EXE
C:\WINDOWS\NTDG32.EXE
C:\WINDOWS\SYSTEM\SYSNF32.EXE
C:\WINDOWS\SYSTEM\NETOU.EXE
C:\WINDOWS\IEFQ.EXE
C:\WINDOWS\SYSTEM\MFCGO.EXE
C:\WINDOWS\IPKH.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\APPEQ32.EXE
C:\WINDOWS\APPUH.EXE
C:\WINDOWS\SYSTEM\IPGG32.EXE
C:\WINDOWS\IEVA32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\PROMON.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\DELL\ACCESSDIRECT\DADAPP.EXE
C:\WINDOWS\DOCKAPP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WINGLDC.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\WINDOWS\ATLQW32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\SYSTEM\NETOU.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\AOLTRAY.EXE
C:\WINDOWS\IPSX.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\MSOFFICE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {A230D058-A0E6-4037-5AD0-597C10DBA3B0} - C:\WINDOWS\MSWY32.DLL
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [BayMgr] DockApp.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [WinDSNX] C:\WINDOWS\SYSTEM\WINGLDC.EXE
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [smirfvky] C:\WINDOWS\SYSTEM\xwxnwhcw.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [EMREGO] C:\WINDOWS\SYSTEM\EMREGO.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ATLQW32.EXE] C:\WINDOWS\ATLQW32.EXE
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\KDX\KHOST.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [NTHJ.EXE] C:\WINDOWS\NTHJ.EXE
O4 - HKLM\..\RunServices: [IPSX.EXE] C:\WINDOWS\IPSX.EXE
O4 - HKLM\..\RunServices: [MSXZ.EXE] C:\WINDOWS\SYSTEM\MSXZ.EXE
O4 - HKLM\..\RunServices: [D3CM32.EXE] C:\WINDOWS\D3CM32.EXE
O4 - HKLM\..\RunServices: [NTMT32.EXE] C:\WINDOWS\NTMT32.EXE
O4 - HKLM\..\RunServices: [IPVC.EXE] C:\WINDOWS\IPVC.EXE
O4 - HKLM\..\RunServices: [ADDWX32.EXE] C:\WINDOWS\SYSTEM\ADDWX32.EXE
O4 - HKLM\..\RunServices: [SYSNF32.EXE] C:\WINDOWS\SYSTEM\SYSNF32.EXE
O4 - HKLM\..\RunServices: [IEAG.EXE] C:\WINDOWS\IEAG.EXE
O4 - HKLM\..\RunServices: [NTDG32.EXE] C:\WINDOWS\NTDG32.EXE
O4 - HKLM\..\RunServices: [NETOU.EXE] C:\WINDOWS\SYSTEM\NETOU.EXE
O4 - HKLM\..\RunServices: [IEFQ.EXE] C:\WINDOWS\IEFQ.EXE
O4 - HKLM\..\RunServices: [IPKH.EXE] C:\WINDOWS\IPKH.EXE
O4 - HKLM\..\RunServices: [MFCGO.EXE] C:\WINDOWS\SYSTEM\MFCGO.EXE
O4 - HKLM\..\RunServices: [APPEQ32.EXE] C:\WINDOWS\SYSTEM\APPEQ32.EXE
O4 - HKLM\..\RunServices: [IPGG32.EXE] C:\WINDOWS\SYSTEM\IPGG32.EXE
O4 - HKLM\..\RunServices: [APPUH.EXE] C:\WINDOWS\APPUH.EXE
O4 - HKLM\..\RunServices: [IEVA32.EXE] C:\WINDOWS\IEVA32.EXE
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRAM FILES\THE WEATHER CHANNEL\THE WEATHER CHANNEL.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://smbusiness.dellnet.com/ (file missing) (HKCU)
O15 - Trusted Zone: http://*.0.0.0.0
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.82.221.103/291fcf37bfa6f16feb21/netzip/RdxIE.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://moviefone.kontiki.com/securedelivery/main/kdx.cab

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:17 AM

Posted 13 January 2005 - 02:10 AM

You are using an outdated version of hijackthis. Please download the newer version.

Download HijackThis from:

HijackThis Download Site

Then post a new log

#3 Noborderlines

Noborderlines
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 13 January 2005 - 02:28 AM

Thanks! Will do so tonight and post back.......

#4 Noborderlines

Noborderlines
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 14 January 2005 - 02:47 PM

As requested I downloaded the new hijack this version and here is the new log. I wanted to make sure it was seen so I posted as a new message..hope that's ok!! :thumbsup:

Logfile of HijackThis v1.99.0
Scan saved at 8:43:00 PM, on 1/14/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\SYSTEM\SYSNF32.EXE
C:\WINDOWS\NTHJ.EXE
C:\WINDOWS\SYSTEM\MSXZ.EXE
C:\WINDOWS\IEAG.EXE
C:\WINDOWS\D3CM32.EXE
C:\WINDOWS\NTDG32.EXE
C:\WINDOWS\SYSTEM\ADDWX32.EXE
C:\WINDOWS\IEFQ.EXE
C:\WINDOWS\NTMT32.EXE
C:\WINDOWS\SYSTEM\NETOU.EXE
C:\WINDOWS\SYSTEM\MFCGO.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\IPVC.EXE
C:\WINDOWS\SYSTEM\APPEQ32.EXE
C:\WINDOWS\IPSX.EXE
C:\WINDOWS\IPKH.EXE
C:\WINDOWS\SYSTEM\IPGG32.EXE
C:\WINDOWS\APPUH.EXE
C:\WINDOWS\IEVA32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\PROMON.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\PROGRAM FILES\DELL\ACCESSDIRECT\DADAPP.EXE
C:\WINDOWS\DOCKAPP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WINGLDC.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\DIGSTREAM\DIGSTREAM.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\ATLQW32.EXE
C:\WINDOWS\KDX\KHOST.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\QUICKENW\QWDLLS.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\IPGG32.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\SYSNF32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\MSOFFICE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {5E7FBA77-9B06-7CB6-EC73-6004CABB8A41} - C:\WINDOWS\SYSTEM\MFCPO32.DLL
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [BayMgr] DockApp.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [WinDSNX] C:\WINDOWS\SYSTEM\WINGLDC.EXE
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [smirfvky] C:\WINDOWS\SYSTEM\xwxnwhcw.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [EMREGO] C:\WINDOWS\SYSTEM\EMREGO.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ATLQW32.EXE] C:\WINDOWS\ATLQW32.EXE
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\KDX\KHOST.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [NTHJ.EXE] C:\WINDOWS\NTHJ.EXE
O4 - HKLM\..\RunServices: [IPSX.EXE] C:\WINDOWS\IPSX.EXE
O4 - HKLM\..\RunServices: [MSXZ.EXE] C:\WINDOWS\SYSTEM\MSXZ.EXE
O4 - HKLM\..\RunServices: [D3CM32.EXE] C:\WINDOWS\D3CM32.EXE
O4 - HKLM\..\RunServices: [NTMT32.EXE] C:\WINDOWS\NTMT32.EXE
O4 - HKLM\..\RunServices: [IPVC.EXE] C:\WINDOWS\IPVC.EXE
O4 - HKLM\..\RunServices: [ADDWX32.EXE] C:\WINDOWS\SYSTEM\ADDWX32.EXE
O4 - HKLM\..\RunServices: [SYSNF32.EXE] C:\WINDOWS\SYSTEM\SYSNF32.EXE
O4 - HKLM\..\RunServices: [IEAG.EXE] C:\WINDOWS\IEAG.EXE
O4 - HKLM\..\RunServices: [NTDG32.EXE] C:\WINDOWS\NTDG32.EXE
O4 - HKLM\..\RunServices: [NETOU.EXE] C:\WINDOWS\SYSTEM\NETOU.EXE
O4 - HKLM\..\RunServices: [IEFQ.EXE] C:\WINDOWS\IEFQ.EXE
O4 - HKLM\..\RunServices: [IPKH.EXE] C:\WINDOWS\IPKH.EXE
O4 - HKLM\..\RunServices: [MFCGO.EXE] C:\WINDOWS\SYSTEM\MFCGO.EXE
O4 - HKLM\..\RunServices: [APPEQ32.EXE] C:\WINDOWS\SYSTEM\APPEQ32.EXE
O4 - HKLM\..\RunServices: [IPGG32.EXE] C:\WINDOWS\SYSTEM\IPGG32.EXE
O4 - HKLM\..\RunServices: [APPUH.EXE] C:\WINDOWS\APPUH.EXE
O4 - HKLM\..\RunServices: [IEVA32.EXE] C:\WINDOWS\IEVA32.EXE
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRAM FILES\THE WEATHER CHANNEL\THE WEATHER CHANNEL.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://smbusiness.dellnet.com/ (file missing) (HKCU)
O15 - Trusted Zone: http://*.0.0.0.0
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.82.221.103/291fcf37bfa6f16feb21/netzip/RdxIE.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://moviefone.kontiki.com/securedelivery/main/kdx.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

#5 LineOFire

LineOFire

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Location:San Antonio, Texas, United States
  • Local time:04:17 AM

Posted 14 January 2005 - 11:02 PM

Noborderlines, if you don't mind I have merged your other topic with your original one.

Grinler can take over from here. :thumbsup:

#6 Noborderlines

Noborderlines
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 15 January 2005 - 10:12 AM

Thanks! Don't mind at all....looking forward to the reply....

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:17 AM

Posted 19 January 2005 - 06:01 PM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {5E7FBA77-9B06-7CB6-EC73-6004CABB8A41} - C:\WINDOWS\SYSTEM\MFCPO32.DLL
O4 - HKLM\..\Run: [WinDSNX] C:\WINDOWS\SYSTEM\WINGLDC.EXE
O4 - HKLM\..\Run: [smirfvky] C:\WINDOWS\SYSTEM\xwxnwhcw.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [EMREGO] C:\WINDOWS\SYSTEM\EMREGO.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ATLQW32.EXE] C:\WINDOWS\ATLQW32.EXE
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\KDX\KHOST.EXE
O4 - HKLM\..\RunServices: [NTHJ.EXE] C:\WINDOWS\NTHJ.EXE
O4 - HKLM\..\RunServices: [IPSX.EXE] C:\WINDOWS\IPSX.EXE
O4 - HKLM\..\RunServices: [MSXZ.EXE] C:\WINDOWS\SYSTEM\MSXZ.EXE
O4 - HKLM\..\RunServices: [D3CM32.EXE] C:\WINDOWS\D3CM32.EXE
O4 - HKLM\..\RunServices: [NTMT32.EXE] C:\WINDOWS\NTMT32.EXE
O4 - HKLM\..\RunServices: [IPVC.EXE] C:\WINDOWS\IPVC.EXE
O4 - HKLM\..\RunServices: [ADDWX32.EXE] C:\WINDOWS\SYSTEM\ADDWX32.EXE
O4 - HKLM\..\RunServices: [SYSNF32.EXE] C:\WINDOWS\SYSTEM\SYSNF32.EXE
O4 - HKLM\..\RunServices: [IEAG.EXE] C:\WINDOWS\IEAG.EXE
O4 - HKLM\..\RunServices: [NTDG32.EXE] C:\WINDOWS\NTDG32.EXE
O4 - HKLM\..\RunServices: [NETOU.EXE] C:\WINDOWS\SYSTEM\NETOU.EXE
O4 - HKLM\..\RunServices: [IEFQ.EXE] C:\WINDOWS\IEFQ.EXE
O4 - HKLM\..\RunServices: [IPKH.EXE] C:\WINDOWS\IPKH.EXE
O4 - HKLM\..\RunServices: [MFCGO.EXE] C:\WINDOWS\SYSTEM\MFCGO.EXE
O4 - HKLM\..\RunServices: [APPEQ32.EXE] C:\WINDOWS\SYSTEM\APPEQ32.EXE
O4 - HKLM\..\RunServices: [IPGG32.EXE] C:\WINDOWS\SYSTEM\IPGG32.EXE
O4 - HKLM\..\RunServices: [APPUH.EXE] C:\WINDOWS\APPUH.EXE
O4 - HKLM\..\RunServices: [IEVA32.EXE] C:\WINDOWS\IEVA32.EXE
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.82.221.103/291fcf37bfa6f16feb21/netzip/RdxIE.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)


C:\WINDOWS\SYSTEM\MFCPO32.DLL
C:\WINDOWS\SYSTEM\WINGLDC.EXE
C:\WINDOWS\SYSTEM\xwxnwhcw.exe
c:\installer\
C:\WINDOWS\SYSTEM\EMREGO.exe
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\ATLQW32.EXE
C:\WINDOWS\KDX\
C:\WINDOWS\NTHJ.EXE
C:\WINDOWS\IPSX.EXE
C:\WINDOWS\SYSTEM\MSXZ.EXE
C:\WINDOWS\D3CM32.EXE
C:\WINDOWS\NTMT32.EXE
C:\WINDOWS\IPVC.EXE
C:\WINDOWS\SYSTEM\ADDWX32.EXE
C:\WINDOWS\SYSTEM\SYSNF32.EXE
C:\WINDOWS\IEAG.EXE
C:\WINDOWS\NTDG32.EXE
C:\WINDOWS\SYSTEM\NETOU.EXE
C:\WINDOWS\IEFQ.EXE
C:\WINDOWS\IPKH.EXE
C:\WINDOWS\SYSTEM\MFCGO.EXE
C:\WINDOWS\SYSTEM\APPEQ32.EXE
C:\WINDOWS\SYSTEM\IPGG32.EXE
C:\WINDOWS\APPUH.EXE
C:\WINDOWS\IEVA32.EXE

Reboot your computer to go back to normal mode and post a new log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users