|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
|||
|
|||
![]()
I can get connected to the internet, but cannot view any webpages. "the page cannot be displayed" page comes up. It happens for all pages. Any ways I "pinged" my isp and it came back fine "4 came back". I tried to restore however it as disabled(my parents owned my computer before me). I have scanned for virus' none found (Avg). Could it be my browser? I tried to repair IE 6 but it said it couldn't be repaired and to run setup again, I did. It said that it couldn't "setup" and I needed to go online and get some componants I needed. I can't view the website, So................ Help?
|
#2
|
|||
|
|||
Could be a virus.Get HijackThis and do a scan and post the log here please.
|
#3
|
|||
|
|||
Not to be a moron, but how do I save Hijack (off another computer since I can't on mine) to a disk?
|
#4
|
|||
|
|||
Forget my last post. Duh! Ok I saved it on a floppy. When I get home Can i run it off the disk or do I save it on my computer? Thanks.
|
#5
|
|||
|
|||
HiJack log
Here is my HiJack log. Thanks!
Logfile of HijackThis v1.98.2 Scan saved at 9:46:00 PM, on 8/24/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\ADDHX32.EXE C:\WINDOWS\WINEF32.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\D3SP32.EXE C:\WINDOWS\SYSTEM\NETSH.EXE C:\WINDOWS\MFCKC.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\SYSTEM\CRQR32.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\MSNQ.EXE C:\WINDOWS\ADDAB.EXE C:\WINDOWS\NTOT32.EXE C:\WINDOWS\SYSTEM\JAVANB.EXE C:\WINDOWS\WINNC.EXE C:\WINDOWS\ATLER.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\WINDOWS\MFCSC.EXE C:\WINDOWS\MSZS.EXE C:\WINDOWS\SYSTEM\ATLBV32.EXE C:\WINDOWS\ATLMD32.EXE C:\WINDOWS\JAVAAX32.EXE C:\WINDOWS\SYSTEM\NETKH.EXE C:\WINDOWS\JAVABA.EXE C:\WINDOWS\SYSTEM\NTIL32.EXE C:\WINDOWS\D3YH32.EXE C:\WINDOWS\D3BL32.EXE C:\WINDOWS\SYSTEM\JAVALO32.EXE C:\WINDOWS\NETNY32.EXE C:\WINDOWS\SYSTEM\JAVATT32.EXE C:\WINDOWS\NETYQ32.EXE C:\WINDOWS\SYSTEM\CRBC.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE C:\WINDOWS\MSWI32.EXE C:\WINDOWS\MSDP.EXE C:\WINDOWS\SYSTEM\MSEH.EXE C:\WINDOWS\IEGA.EXE C:\WINDOWS\JAVAAD32.EXE C:\WINDOWS\IEZR.EXE C:\WINDOWS\SDKRP.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\JAVABJ32.EXE C:\WINDOWS\SYSTEM\IEQH32.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\WINDOWS\SYSTEM\D3PC.EXE C:\WINDOWS\NETEP.EXE C:\WINDOWS\SYSTEM\SYSGS.EXE C:\WINDOWS\SYSTEM\MFCCV.EXE C:\WINDOWS\SYSTEM\WINHX32.EXE C:\WINDOWS\NTII.EXE C:\WINDOWS\SYSTEM\SDKVQ32.EXE C:\WINDOWS\SYSTEM\ATLUM.EXE C:\WINDOWS\APPIF32.EXE C:\WINDOWS\SDKPV.EXE C:\WINDOWS\SYSTEM\CRDH32.EXE C:\WINDOWS\SYSTEM\IPBN32.EXE C:\WINDOWS\SYSTEM\MFCVW.EXE C:\WINDOWS\SYSTEM\MSLW.EXE C:\WINDOWS\ATLQL32.EXE C:\WINDOWS\SYSTEM\IPUL32.EXE C:\WINDOWS\MSBL.EXE C:\WINDOWS\ATLEF32.EXE C:\WINDOWS\SYSTEM\ATLDI.EXE C:\WINDOWS\APIBE.EXE C:\WINDOWS\IPHP.EXE C:\WINDOWS\SYSTEM\IPRK32.EXE C:\WINDOWS\SYSTEM\WINOG32.EXE C:\WINDOWS\SYSTEM\NETEU32.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\SYSTEM\D3DE32.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\WINDOWS\WT\WCMDMGR.EXE C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPSYSDRV.EXE C:\PROGRAM FILES\MOTIVE\MOTMON.EXE C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE E:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.EXE E:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE C:\PROGRAM FILES\TIMESINK\ADGATEWAY\TSADBOT.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\HPZTSB04.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\RunDLL.exe E:\TRANSP~4.EXE C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\BACKWEB-7288971.EXE C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE E:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXE C:\PROGRAM FILES\VENTURI182\VENTURI.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\VENTURI182\JRE\BIN\JREW.EXE C:\WINDOWS\ALL USERS\APPLICATION DATA\KODAK\EASYSHARESETUP\$SETUP_3D001C_44027\SETU P.EXE C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us2.hpwis.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.juno.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us2.hpwis.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ridgb.dll/index.html#37049 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost R3 - Default URLSearchHook is missing O2 - BHO: Class - {50F30C47-91B9-9915-BFCC-9D166CDCA206} - C:\WINDOWS\JAVABC.DLL O2 - BHO: Class - {7369E702-7B86-0B57-D101-8BCC1671DEFE} - C:\WINDOWS\MFCGE.DLL O2 - BHO: Class - {A9C49FE1-AF03-C711-032D-4C625DD01015} - C:\WINDOWS\SYSTEM\MFCTD32.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [D3DE32.EXE] C:\WINDOWS\SYSTEM\D3DE32.EXE O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch O4 - HKLM\..\Run: [SDKUG.EXE] C:\WINDOWS\SYSTEM\SDKUG.EXE O4 - HKLM\..\Run: [APPON32.EXE] C:\WINDOWS\SYSTEM\APPON32.EXE O4 - HKLM\..\Run: [D3DR32.EXE] C:\WINDOWS\SYSTEM\D3DR32.EXE O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE O4 - HKLM\..\Run: [QuickFinder Scheduler] E:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.EXE O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TSADBOT.EXE" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [MSJZ32.EXE] C:\WINDOWS\SYSTEM\MSJZ32.EXE O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE O4 - HKLM\..\RunServices: [NETSH.EXE] C:\WINDOWS\SYSTEM\NETSH.EXE O4 - HKLM\..\RunServices: [WINEF32.EXE] C:\WINDOWS\WINEF32.EXE O4 - HKLM\..\RunServices: [ADDHX32.EXE] C:\WINDOWS\ADDHX32.EXE O4 - HKLM\..\RunServices: [MFCKC.EXE] C:\WINDOWS\MFCKC.EXE O4 - HKLM\..\RunServices: [D3SP32.EXE] C:\WINDOWS\D3SP32.EXE O4 - HKLM\..\RunServices: [CRQR32.EXE] C:\WINDOWS\SYSTEM\CRQR32.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [MSNQ.EXE] C:\WINDOWS\SYSTEM\MSNQ.EXE O4 - HKLM\..\RunServices: [ADDAB.EXE] C:\WINDOWS\ADDAB.EXE O4 - HKLM\..\RunServices: [NTOT32.EXE] C:\WINDOWS\NTOT32.EXE O4 - HKLM\..\RunServices: [ATLER.EXE] C:\WINDOWS\ATLER.EXE O4 - HKLM\..\RunServices: [MFCSC.EXE] C:\WINDOWS\MFCSC.EXE O4 - HKLM\..\RunServices: [JAVANB.EXE] C:\WINDOWS\SYSTEM\JAVANB.EXE O4 - HKLM\..\RunServices: [WINNC.EXE] C:\WINDOWS\WINNC.EXE O4 - HKLM\..\RunServices: [MSZS.EXE] C:\WINDOWS\MSZS.EXE O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKLM\..\RunServices: [ATLBV32.EXE] C:\WINDOWS\SYSTEM\ATLBV32.EXE O4 - HKLM\..\RunServices: [D3YH32.EXE] C:\WINDOWS\D3YH32.EXE O4 - HKLM\..\RunServices: [JAVABA.EXE] C:\WINDOWS\JAVABA.EXE O4 - HKLM\..\RunServices: [ATLMD32.EXE] C:\WINDOWS\ATLMD32.EXE O4 - HKLM\..\RunServices: [NETKH.EXE] C:\WINDOWS\SYSTEM\NETKH.EXE O4 - HKLM\..\RunServices: [NTIL32.EXE] C:\WINDOWS\SYSTEM\NTIL32.EXE O4 - HKLM\..\RunServices: [JAVAAX32.EXE] C:\WINDOWS\JAVAAX32.EXE O4 - HKLM\..\RunServices: [D3BL32.EXE] C:\WINDOWS\D3BL32.EXE O4 - HKLM\..\RunServices: [JAVALO32.EXE] C:\WINDOWS\SYSTEM\JAVALO32.EXE O4 - HKLM\..\RunServices: [NETYQ32.EXE] C:\WINDOWS\NETYQ32.EXE O4 - HKLM\..\RunServices: [NETNY32.EXE] C:\WINDOWS\NETNY32.EXE O4 - HKLM\..\RunServices: [JAVATT32.EXE] C:\WINDOWS\SYSTEM\JAVATT32.EXE O4 - HKLM\..\RunServices: [CRBC.EXE] C:\WINDOWS\SYSTEM\CRBC.EXE O4 - HKLM\..\RunServices: [MSWI32.EXE] C:\WINDOWS\MSWI32.EXE O4 - HKLM\..\RunServices: [IEGA.EXE] C:\WINDOWS\IEGA.EXE O4 - HKLM\..\RunServices: [MSDP.EXE] C:\WINDOWS\MSDP.EXE O4 - HKLM\..\RunServices: [MSEH.EXE] C:\WINDOWS\SYSTEM\MSEH.EXE O4 - HKLM\..\RunServices: [JAVAAD32.EXE] C:\WINDOWS\JAVAAD32.EXE O4 - HKLM\..\RunServices: [JAVABJ32.EXE] C:\WINDOWS\JAVABJ32.EXE O4 - HKLM\..\RunServices: [SDKRP.EXE] C:\WINDOWS\SDKRP.EXE O4 - HKLM\..\RunServices: [IEZR.EXE] C:\WINDOWS\IEZR.EXE O4 - HKLM\..\RunServices: [IEQH32.EXE] C:\WINDOWS\SYSTEM\IEQH32.EXE O4 - HKLM\..\RunServices: [D3PC.EXE] C:\WINDOWS\SYSTEM\D3PC.EXE O4 - HKLM\..\RunServices: [NETEP.EXE] C:\WINDOWS\NETEP.EXE O4 - HKLM\..\RunServices: [SYSGS.EXE] C:\WINDOWS\SYSTEM\SYSGS.EXE O4 - HKLM\..\RunServices: [MFCCV.EXE] C:\WINDOWS\SYSTEM\MFCCV.EXE O4 - HKLM\..\RunServices: [WINHX32.EXE] C:\WINDOWS\SYSTEM\WINHX32.EXE O4 - HKLM\..\RunServices: [SDKVQ32.EXE] C:\WINDOWS\SYSTEM\SDKVQ32.EXE O4 - HKLM\..\RunServices: [NTII.EXE] C:\WINDOWS\NTII.EXE O4 - HKLM\..\RunServices: [SDKPV.EXE] C:\WINDOWS\SDKPV.EXE O4 - HKLM\..\RunServices: [ATLUM.EXE] C:\WINDOWS\SYSTEM\ATLUM.EXE O4 - HKLM\..\RunServices: [APPIF32.EXE] C:\WINDOWS\APPIF32.EXE O4 - HKLM\..\RunServices: [CRDH32.EXE] C:\WINDOWS\SYSTEM\CRDH32.EXE O4 - HKLM\..\RunServices: [IPBN32.EXE] C:\WINDOWS\SYSTEM\IPBN32.EXE O4 - HKLM\..\RunServices: [MFCVW.EXE] C:\WINDOWS\SYSTEM\MFCVW.EXE O4 - HKLM\..\RunServices: [MSLW.EXE] C:\WINDOWS\SYSTEM\MSLW.EXE O4 - HKLM\..\RunServices: [IPUL32.EXE] C:\WINDOWS\SYSTEM\IPUL32.EXE O4 - HKLM\..\RunServices: [ATLQL32.EXE] C:\WINDOWS\ATLQL32.EXE O4 - HKLM\..\RunServices: [APIBE.EXE] C:\WINDOWS\APIBE.EXE O4 - HKLM\..\RunServices: [ATLEF32.EXE] C:\WINDOWS\ATLEF32.EXE O4 - HKLM\..\RunServices: [ATLDI.EXE] C:\WINDOWS\SYSTEM\ATLDI.EXE O4 - HKLM\..\RunServices: [MSBL.EXE] C:\WINDOWS\MSBL.EXE O4 - HKLM\..\RunServices: [IPHP.EXE] C:\WINDOWS\IPHP.EXE O4 - HKLM\..\RunServices: [IPRK32.EXE] C:\WINDOWS\SYSTEM\IPRK32.EXE O4 - HKLM\..\RunServices: [NETEU32.EXE] C:\WINDOWS\SYSTEM\NETEU32.EXE O4 - HKLM\..\RunServices: [WINOG32.EXE] C:\WINDOWS\SYSTEM\WINOG32.EXE O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - Startup: TRANSP~4.lnk = E:\TRANSP~4.EXE O4 - Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Startup: PerfectPrint.LNK = E:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE O4 - Startup: Venturi.lnk = C:\Program Files\Venturi182\venturi.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-12.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/is...64/mcfscan.cab O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/...er/MotUtil.cab O16 - DPF: {435583D3-F647-4943-BB40-B0D64CB02718} (Snapfish File Upload ActiveX Control) - http://www.yorkphoto.com/YorkUpload.cab O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file) |
#6
|
|||
|
|||
Hi..
![]() There is a bit of cleaning to do so first run "SpyBot S&D" and fix what it finds.Do the same with "Adaware" (check for updated definition files).Boot into safe mode and then run "CWshreader". When this is all done please post a new hjt log. |
#7
|
|||
|
|||
updated hijack log
Logfile of HijackThis v1.98.2
Scan saved at 7:27:49 PM, on 8/31/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\D3SP32.EXE C:\WINDOWS\SYSTEM\NETSH.EXE C:\WINDOWS\WINEF32.EXE C:\WINDOWS\MFCKC.EXE C:\WINDOWS\SYSTEM\CRQR32.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\WINDOWS\ADDHX32.EXE C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\ADDAB.EXE C:\WINDOWS\SYSTEM\MSNQ.EXE C:\WINDOWS\ATLER.EXE C:\WINDOWS\SYSTEM\JAVANB.EXE C:\WINDOWS\MFCSC.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\WINDOWS\NTOT32.EXE C:\WINDOWS\SYSTEM\ATLBV32.EXE C:\WINDOWS\MSZS.EXE C:\WINDOWS\WINNC.EXE C:\WINDOWS\JAVABA.EXE C:\WINDOWS\SYSTEM\NETKH.EXE C:\WINDOWS\D3YH32.EXE C:\WINDOWS\D3BL32.EXE C:\WINDOWS\JAVAAX32.EXE C:\WINDOWS\ATLMD32.EXE C:\WINDOWS\SYSTEM\NTIL32.EXE C:\WINDOWS\SYSTEM\JAVALO32.EXE C:\WINDOWS\NETYQ32.EXE C:\WINDOWS\SYSTEM\JAVATT32.EXE C:\WINDOWS\NETNY32.EXE C:\WINDOWS\SYSTEM\CRBC.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE C:\WINDOWS\MSWI32.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\IEGA.EXE C:\WINDOWS\MSDP.EXE C:\WINDOWS\SYSTEM\MSEH.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\WINDOWS\JAVAAD32.EXE C:\WINDOWS\JAVABJ32.EXE C:\WINDOWS\SDKRP.EXE C:\WINDOWS\SYSTEM\IEQH32.EXE C:\WINDOWS\IEZR.EXE C:\WINDOWS\NETEP.EXE C:\WINDOWS\SYSTEM\SYSGS.EXE C:\WINDOWS\SYSTEM\D3PC.EXE C:\WINDOWS\SYSTEM\MFCCV.EXE C:\WINDOWS\SYSTEM\WINHX32.EXE C:\WINDOWS\NTII.EXE C:\WINDOWS\SDKPV.EXE C:\WINDOWS\SYSTEM\ATLUM.EXE C:\WINDOWS\SYSTEM\SDKVQ32.EXE C:\WINDOWS\APPIF32.EXE C:\WINDOWS\SYSTEM\IPBN32.EXE C:\WINDOWS\SYSTEM\CRDH32.EXE C:\WINDOWS\SYSTEM\MSLW.EXE C:\WINDOWS\SYSTEM\IPUL32.EXE C:\WINDOWS\SYSTEM\MFCVW.EXE C:\WINDOWS\ATLQL32.EXE C:\WINDOWS\APIBE.EXE C:\WINDOWS\ATLEF32.EXE C:\WINDOWS\SYSTEM\ATLDI.EXE C:\WINDOWS\MSBL.EXE C:\WINDOWS\SYSTEM\IPRK32.EXE C:\WINDOWS\IPHP.EXE C:\WINDOWS\SYSTEM\NETEU32.EXE C:\WINDOWS\SYSTEM\WINOG32.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPSYSDRV.EXE C:\PROGRAM FILES\MOTIVE\MOTMON.EXE C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE E:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\RunDLL.exe E:\TRANSP~4.EXE C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\BACKWEB-7288971.EXE C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE E:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXE C:\PROGRAM FILES\VENTURI182\VENTURI.EXE C:\PROGRAM FILES\VENTURI182\JRE\BIN\JREW.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE C:\WINDOWS\SYSTEM\NETSH.EXE C:\WINDOWS\SYSTEM\NETSH.EXE C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us2.hpwis.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost R3 - Default URLSearchHook is missing O2 - BHO: Class - {A9C49FE1-AF03-C711-032D-4C625DD01015} - C:\WINDOWS\SYSTEM\MFCTD32.DLL O2 - BHO: Class - {9AD557DC-60E2-6D19-8F5D-9B004A2149D9} - C:\WINDOWS\SDKTM.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE O4 - HKLM\..\Run: [QuickFinder Scheduler] E:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.EXE O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE O4 - HKLM\..\Run: [MFCNH32.EXE] C:\WINDOWS\SYSTEM\MFCNH32.EXE O4 - HKLM\..\RunServices: [NETSH.EXE] C:\WINDOWS\SYSTEM\NETSH.EXE O4 - HKLM\..\RunServices: [WINEF32.EXE] C:\WINDOWS\WINEF32.EXE O4 - HKLM\..\RunServices: [ADDHX32.EXE] C:\WINDOWS\ADDHX32.EXE O4 - HKLM\..\RunServices: [MFCKC.EXE] C:\WINDOWS\MFCKC.EXE O4 - HKLM\..\RunServices: [D3SP32.EXE] C:\WINDOWS\D3SP32.EXE O4 - HKLM\..\RunServices: [CRQR32.EXE] C:\WINDOWS\SYSTEM\CRQR32.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [MSNQ.EXE] C:\WINDOWS\SYSTEM\MSNQ.EXE O4 - HKLM\..\RunServices: [ADDAB.EXE] C:\WINDOWS\ADDAB.EXE O4 - HKLM\..\RunServices: [NTOT32.EXE] C:\WINDOWS\NTOT32.EXE O4 - HKLM\..\RunServices: [ATLER.EXE] C:\WINDOWS\ATLER.EXE O4 - HKLM\..\RunServices: [MFCSC.EXE] C:\WINDOWS\MFCSC.EXE O4 - HKLM\..\RunServices: [JAVANB.EXE] C:\WINDOWS\SYSTEM\JAVANB.EXE O4 - HKLM\..\RunServices: [WINNC.EXE] C:\WINDOWS\WINNC.EXE O4 - HKLM\..\RunServices: [MSZS.EXE] C:\WINDOWS\MSZS.EXE O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKLM\..\RunServices: [ATLBV32.EXE] C:\WINDOWS\SYSTEM\ATLBV32.EXE O4 - HKLM\..\RunServices: [D3YH32.EXE] C:\WINDOWS\D3YH32.EXE O4 - HKLM\..\RunServices: [JAVABA.EXE] C:\WINDOWS\JAVABA.EXE O4 - HKLM\..\RunServices: [ATLMD32.EXE] C:\WINDOWS\ATLMD32.EXE O4 - HKLM\..\RunServices: [NETKH.EXE] C:\WINDOWS\SYSTEM\NETKH.EXE O4 - HKLM\..\RunServices: [NTIL32.EXE] C:\WINDOWS\SYSTEM\NTIL32.EXE O4 - HKLM\..\RunServices: [JAVAAX32.EXE] C:\WINDOWS\JAVAAX32.EXE O4 - HKLM\..\RunServices: [D3BL32.EXE] C:\WINDOWS\D3BL32.EXE O4 - HKLM\..\RunServices: [JAVALO32.EXE] C:\WINDOWS\SYSTEM\JAVALO32.EXE O4 - HKLM\..\RunServices: [NETYQ32.EXE] C:\WINDOWS\NETYQ32.EXE O4 - HKLM\..\RunServices: [NETNY32.EXE] C:\WINDOWS\NETNY32.EXE O4 - HKLM\..\RunServices: [JAVATT32.EXE] C:\WINDOWS\SYSTEM\JAVATT32.EXE O4 - HKLM\..\RunServices: [CRBC.EXE] C:\WINDOWS\SYSTEM\CRBC.EXE O4 - HKLM\..\RunServices: [MSWI32.EXE] C:\WINDOWS\MSWI32.EXE O4 - HKLM\..\RunServices: [IEGA.EXE] C:\WINDOWS\IEGA.EXE O4 - HKLM\..\RunServices: [MSDP.EXE] C:\WINDOWS\MSDP.EXE O4 - HKLM\..\RunServices: [MSEH.EXE] C:\WINDOWS\SYSTEM\MSEH.EXE O4 - HKLM\..\RunServices: [JAVAAD32.EXE] C:\WINDOWS\JAVAAD32.EXE O4 - HKLM\..\RunServices: [JAVABJ32.EXE] C:\WINDOWS\JAVABJ32.EXE O4 - HKLM\..\RunServices: [SDKRP.EXE] C:\WINDOWS\SDKRP.EXE O4 - HKLM\..\RunServices: [IEZR.EXE] C:\WINDOWS\IEZR.EXE O4 - HKLM\..\RunServices: [IEQH32.EXE] C:\WINDOWS\SYSTEM\IEQH32.EXE O4 - HKLM\..\RunServices: [D3PC.EXE] C:\WINDOWS\SYSTEM\D3PC.EXE O4 - HKLM\..\RunServices: [NETEP.EXE] C:\WINDOWS\NETEP.EXE O4 - HKLM\..\RunServices: [SYSGS.EXE] C:\WINDOWS\SYSTEM\SYSGS.EXE O4 - HKLM\..\RunServices: [MFCCV.EXE] C:\WINDOWS\SYSTEM\MFCCV.EXE O4 - HKLM\..\RunServices: [WINHX32.EXE] C:\WINDOWS\SYSTEM\WINHX32.EXE O4 - HKLM\..\RunServices: [SDKVQ32.EXE] C:\WINDOWS\SYSTEM\SDKVQ32.EXE O4 - HKLM\..\RunServices: [NTII.EXE] C:\WINDOWS\NTII.EXE O4 - HKLM\..\RunServices: [SDKPV.EXE] C:\WINDOWS\SDKPV.EXE O4 - HKLM\..\RunServices: [ATLUM.EXE] C:\WINDOWS\SYSTEM\ATLUM.EXE O4 - HKLM\..\RunServices: [APPIF32.EXE] C:\WINDOWS\APPIF32.EXE O4 - HKLM\..\RunServices: [CRDH32.EXE] C:\WINDOWS\SYSTEM\CRDH32.EXE O4 - HKLM\..\RunServices: [IPBN32.EXE] C:\WINDOWS\SYSTEM\IPBN32.EXE O4 - HKLM\..\RunServices: [MFCVW.EXE] C:\WINDOWS\SYSTEM\MFCVW.EXE O4 - HKLM\..\RunServices: [MSLW.EXE] C:\WINDOWS\SYSTEM\MSLW.EXE O4 - HKLM\..\RunServices: [IPUL32.EXE] C:\WINDOWS\SYSTEM\IPUL32.EXE O4 - HKLM\..\RunServices: [ATLQL32.EXE] C:\WINDOWS\ATLQL32.EXE O4 - HKLM\..\RunServices: [APIBE.EXE] C:\WINDOWS\APIBE.EXE O4 - HKLM\..\RunServices: [ATLEF32.EXE] C:\WINDOWS\ATLEF32.EXE O4 - HKLM\..\RunServices: [ATLDI.EXE] C:\WINDOWS\SYSTEM\ATLDI.EXE O4 - HKLM\..\RunServices: [MSBL.EXE] C:\WINDOWS\MSBL.EXE O4 - HKLM\..\RunServices: [IPHP.EXE] C:\WINDOWS\IPHP.EXE O4 - HKLM\..\RunServices: [IPRK32.EXE] C:\WINDOWS\SYSTEM\IPRK32.EXE O4 - HKLM\..\RunServices: [NETEU32.EXE] C:\WINDOWS\SYSTEM\NETEU32.EXE O4 - HKLM\..\RunServices: [WINOG32.EXE] C:\WINDOWS\SYSTEM\WINOG32.EXE O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - Startup: TRANSP~4.lnk = E:\TRANSP~4.EXE O4 - Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Startup: PerfectPrint.LNK = E:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE O4 - Startup: Venturi.lnk = C:\Program Files\Venturi182\venturi.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-12.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/is...64/mcfscan.cab O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/...er/MotUtil.cab O16 - DPF: {435583D3-F647-4943-BB40-B0D64CB02718} (Snapfish File Upload ActiveX Control) - http://www.yorkphoto.com/YorkUpload.cab O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file) |
#8
|
|||
|
|||
Hi amygirl431
In safe mode remove all these highlighted files from your directory. Make sure to have your system set to show hidden files and folders.. www.xtra.co.nz/help/0,,4155-1916458,00.html C:\WINDOWS\D3SP32.EXE C:\WINDOWS\SYSTEM\NETSH.EXE C:\WINDOWS\WINEF32.EXE C:\WINDOWS\MFCKC.EXE C:\WINDOWS\SYSTEM\CRQR32.EXE C:\WINDOWS\ADDHX32.EXE C:\WINDOWS\ADDAB.EXE C:\WINDOWS\SYSTEM\MSNQ.EXE C:\WINDOWS\ATLER.EXE C:\WINDOWS\SYSTEM\JAVANB.EXE C:\WINDOWS\MFCSC.EXE C:\WINDOWS\NTOT32.EXE C:\WINDOWS\SYSTEM\ATLBV32.EXE C:\WINDOWS\MSZS.EXE C:\WINDOWS\WINNC.EXE C:\WINDOWS\JAVABA.EXE C:\WINDOWS\SYSTEM\NETKH.EXE C:\WINDOWS\D3YH32.EXE C:\WINDOWS\D3BL32.EXE C:\WINDOWS\JAVAAX32.EXE C:\WINDOWS\ATLMD32.EXE C:\WINDOWS\SYSTEM\NTIL32.EXE C:\WINDOWS\SYSTEM\JAVALO32.EXE C:\WINDOWS\NETYQ32.EXE C:\WINDOWS\SYSTEM\JAVATT32.EXE C:\WINDOWS\NETNY32.EXE C:\WINDOWS\SYSTEM\CRBC.EXE C:\WINDOWS\MSWI32.EXE C:\WINDOWS\IEGA.EXE C:\WINDOWS\MSDP.EXE C:\WINDOWS\SYSTEM\MSEH.EXE C:\WINDOWS\JAVAAD32.EXE C:\WINDOWS\JAVABJ32.EXE C:\WINDOWS\SDKRP.EXE C:\WINDOWS\SYSTEM\IEQH32.EXE C:\WINDOWS\IEZR.EXE C:\WINDOWS\NETEP.EXE C:\WINDOWS\SYSTEM\SYSGS.EXE C:\WINDOWS\SYSTEM\D3PC.EXE C:\WINDOWS\SYSTEM\MFCCV.EXE C:\WINDOWS\SYSTEM\WINHX32.EXE C:\WINDOWS\NTII.EXE C:\WINDOWS\SDKPV.EXE C:\WINDOWS\SYSTEM\ATLUM.EXE C:\WINDOWS\SYSTEM\SDKVQ32.EXE C:\WINDOWS\APPIF32.EXE C:\WINDOWS\SYSTEM\IPBN32.EXE C:\WINDOWS\SYSTEM\CRDH32.EXE C:\WINDOWS\SYSTEM\MSLW.EXE C:\WINDOWS\SYSTEM\IPUL32.EXE C:\WINDOWS\SYSTEM\MFCVW.EXE C:\WINDOWS\ATLQL32.EXE C:\WINDOWS\APIBE.EXE C:\WINDOWS\ATLEF32.EXE C:\WINDOWS\SYSTEM\ATLDI.EXE C:\WINDOWS\MSBL.EXE C:\WINDOWS\SYSTEM\IPRK32.EXE C:\WINDOWS\IPHP.EXE C:\WINDOWS\SYSTEM\NETEU32.EXE C:\WINDOWS\SYSTEM\WINOG32.EXE When that is done,run hjt and remove any of these entries below that are still present in the log. Repost a fresh log when finished. R3 - Default URLSearchHook is missing O2 - BHO: Class - {A9C49FE1-AF03-C711-032D-4C625DD01015} - C:\WINDOWS\SYSTEM\MFCTD32.DLL O2 - BHO: Class - {9AD557DC-60E2-6D19-8F5D-9B004A2149D9} - C:\WINDOWS\SDKTM.DLL O4 - HKLM\..\Run: [MFCNH32.EXE] C:\WINDOWS\SYSTEM\MFCNH32.EXE O4 - HKLM\..\RunServices: [NETSH.EXE] C:\WINDOWS\SYSTEM\NETSH.EXE O4 - HKLM\..\RunServices: [WINEF32.EXE] C:\WINDOWS\WINEF32.EXE O4 - HKLM\..\RunServices: [ADDHX32.EXE] C:\WINDOWS\ADDHX32.EXE O4 - HKLM\..\RunServices: [MFCKC.EXE] C:\WINDOWS\MFCKC.EXE O4 - HKLM\..\RunServices: [D3SP32.EXE] C:\WINDOWS\D3SP32.EXE O4 - HKLM\..\RunServices: [CRQR32.EXE] C:\WINDOWS\SYSTEM\CRQR32.EXE O4 - HKLM\..\RunServices: [MSNQ.EXE] C:\WINDOWS\SYSTEM\MSNQ.EXE O4 - HKLM\..\RunServices: [ADDAB.EXE] C:\WINDOWS\ADDAB.EXE O4 - HKLM\..\RunServices: [NTOT32.EXE] C:\WINDOWS\NTOT32.EXE O4 - HKLM\..\RunServices: [ATLER.EXE] C:\WINDOWS\ATLER.EXE O4 - HKLM\..\RunServices: [MFCSC.EXE] C:\WINDOWS\MFCSC.EXE O4 - HKLM\..\RunServices: [JAVANB.EXE] C:\WINDOWS\SYSTEM\JAVANB.EXE O4 - HKLM\..\RunServices: [WINNC.EXE] C:\WINDOWS\WINNC.EXE O4 - HKLM\..\RunServices: [MSZS.EXE] C:\WINDOWS\MSZS.EXE O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKLM\..\RunServices: [ATLBV32.EXE] C:\WINDOWS\SYSTEM\ATLBV32.EXE O4 - HKLM\..\RunServices: [D3YH32.EXE] C:\WINDOWS\D3YH32.EXE O4 - HKLM\..\RunServices: [JAVABA.EXE] C:\WINDOWS\JAVABA.EXE O4 - HKLM\..\RunServices: [ATLMD32.EXE] C:\WINDOWS\ATLMD32.EXE O4 - HKLM\..\RunServices: [NETKH.EXE] C:\WINDOWS\SYSTEM\NETKH.EXE O4 - HKLM\..\RunServices: [NTIL32.EXE] C:\WINDOWS\SYSTEM\NTIL32.EXE O4 - HKLM\..\RunServices: [JAVAAX32.EXE] C:\WINDOWS\JAVAAX32.EXE O4 - HKLM\..\RunServices: [D3BL32.EXE] C:\WINDOWS\D3BL32.EXE O4 - HKLM\..\RunServices: [JAVALO32.EXE] C:\WINDOWS\SYSTEM\JAVALO32.EXE O4 - HKLM\..\RunServices: [NETYQ32.EXE] C:\WINDOWS\NETYQ32.EXE O4 - HKLM\..\RunServices: [NETNY32.EXE] C:\WINDOWS\NETNY32.EXE O4 - HKLM\..\RunServices: [JAVATT32.EXE] C:\WINDOWS\SYSTEM\JAVATT32.EXE O4 - HKLM\..\RunServices: [CRBC.EXE] C:\WINDOWS\SYSTEM\CRBC.EXE O4 - HKLM\..\RunServices: [MSWI32.EXE] C:\WINDOWS\MSWI32.EXE O4 - HKLM\..\RunServices: [IEGA.EXE] C:\WINDOWS\IEGA.EXE O4 - HKLM\..\RunServices: [MSDP.EXE] C:\WINDOWS\MSDP.EXE O4 - HKLM\..\RunServices: [MSEH.EXE] C:\WINDOWS\SYSTEM\MSEH.EXE O4 - HKLM\..\RunServices: [JAVAAD32.EXE] C:\WINDOWS\JAVAAD32.EXE O4 - HKLM\..\RunServices: [JAVABJ32.EXE] C:\WINDOWS\JAVABJ32.EXE O4 - HKLM\..\RunServices: [SDKRP.EXE] C:\WINDOWS\SDKRP.EXE O4 - HKLM\..\RunServices: [IEZR.EXE] C:\WINDOWS\IEZR.EXE O4 - HKLM\..\RunServices: [IEQH32.EXE] C:\WINDOWS\SYSTEM\IEQH32.EXE O4 - HKLM\..\RunServices: [D3PC.EXE] C:\WINDOWS\SYSTEM\D3PC.EXE O4 - HKLM\..\RunServices: [NETEP.EXE] C:\WINDOWS\NETEP.EXE O4 - HKLM\..\RunServices: [SYSGS.EXE] C:\WINDOWS\SYSTEM\SYSGS.EXE O4 - HKLM\..\RunServices: [MFCCV.EXE] C:\WINDOWS\SYSTEM\MFCCV.EXE O4 - HKLM\..\RunServices: [WINHX32.EXE] C:\WINDOWS\SYSTEM\WINHX32.EXE O4 - HKLM\..\RunServices: [SDKVQ32.EXE] C:\WINDOWS\SYSTEM\SDKVQ32.EXE O4 - HKLM\..\RunServices: [NTII.EXE] C:\WINDOWS\NTII.EXE O4 - HKLM\..\RunServices: [SDKPV.EXE] C:\WINDOWS\SDKPV.EXE O4 - HKLM\..\RunServices: [ATLUM.EXE] C:\WINDOWS\SYSTEM\ATLUM.EXE O4 - HKLM\..\RunServices: [APPIF32.EXE] C:\WINDOWS\APPIF32.EXE O4 - HKLM\..\RunServices: [CRDH32.EXE] C:\WINDOWS\SYSTEM\CRDH32.EXE O4 - HKLM\..\RunServices: [IPBN32.EXE] C:\WINDOWS\SYSTEM\IPBN32.EXE O4 - HKLM\..\RunServices: [MFCVW.EXE] C:\WINDOWS\SYSTEM\MFCVW.EXE O4 - HKLM\..\RunServices: [MSLW.EXE] C:\WINDOWS\SYSTEM\MSLW.EXE O4 - HKLM\..\RunServices: [IPUL32.EXE] C:\WINDOWS\SYSTEM\IPUL32.EXE O4 - HKLM\..\RunServices: [ATLQL32.EXE] C:\WINDOWS\ATLQL32.EXE O4 - HKLM\..\RunServices: [APIBE.EXE] C:\WINDOWS\APIBE.EXE O4 - HKLM\..\RunServices: [ATLEF32.EXE] C:\WINDOWS\ATLEF32.EXE O4 - HKLM\..\RunServices: [ATLDI.EXE] C:\WINDOWS\SYSTEM\ATLDI.EXE O4 - HKLM\..\RunServices: [MSBL.EXE] C:\WINDOWS\MSBL.EXE O4 - HKLM\..\RunServices: [IPHP.EXE] C:\WINDOWS\IPHP.EXE O4 - HKLM\..\RunServices: [IPRK32.EXE] C:\WINDOWS\SYSTEM\IPRK32.EXE O4 - HKLM\..\RunServices: [NETEU32.EXE] C:\WINDOWS\SYSTEM\NETEU32.EXE O4 - HKLM\..\RunServices: [WINOG32.EXE] C:\WINDOWS\SYSTEM\WINOG32.EXE Last edited by Pancake; September 2nd, 2004 at 02:37 AM. |
#9
|
|||
|
|||
Updated Hijack log
Updated HiJack. Thanks so much.
Logfile of HijackThis v1.98.2 Scan saved at 9:32:31 AM, on 9/2/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\ADDHX32.EXE C:\WINDOWS\SYSTEM\NETSH.EXE C:\WINDOWS\MFCKC.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\D3SP32.EXE C:\WINDOWS\WINEF32.EXE C:\WINDOWS\SYSTEM\CRQR32.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\WINDOWS\JAVABA.EXE C:\WINDOWS\D3YH32.EXE C:\WINDOWS\ATLMD32.EXE C:\WINDOWS\SYSTEM\NETKH.EXE C:\WINDOWS\SYSTEM\JAVANB.EXE C:\WINDOWS\SYSTEM\ATLBV32.EXE C:\WINDOWS\SYSTEM\NTIL32.EXE C:\WINDOWS\NETYQ32.EXE C:\WINDOWS\JAVAAX32.EXE C:\WINDOWS\SYSTEM\JAVALO32.EXE C:\WINDOWS\D3BL32.EXE C:\WINDOWS\NETNY32.EXE C:\WINDOWS\SYSTEM\JAVATT32.EXE C:\WINDOWS\IEGA.EXE C:\WINDOWS\SYSTEM\CRBC.EXE C:\WINDOWS\MSWI32.EXE C:\WINDOWS\MSDP.EXE C:\WINDOWS\SYSTEM\MSEH.EXE C:\WINDOWS\JAVAAD32.EXE C:\WINDOWS\JAVABJ32.EXE C:\WINDOWS\SDKRP.EXE C:\WINDOWS\IEZR.EXE C:\WINDOWS\SYSTEM\D3PC.EXE C:\WINDOWS\SYSTEM\IEQH32.EXE C:\WINDOWS\NETEP.EXE C:\WINDOWS\SYSTEM\SYSGS.EXE C:\WINDOWS\SYSTEM\MFCCV.EXE C:\WINDOWS\SYSTEM\WINHX32.EXE C:\WINDOWS\SYSTEM\SDKVQ32.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\NTII.EXE C:\WINDOWS\SDKPV.EXE C:\WINDOWS\SYSTEM\ATLUM.EXE C:\WINDOWS\APPIF32.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE C:\WINDOWS\SYSTEM\IPBN32.EXE C:\WINDOWS\SYSTEM\MFCVW.EXE C:\WINDOWS\SYSTEM\CRDH32.EXE C:\WINDOWS\SYSTEM\IPUL32.EXE C:\WINDOWS\SYSTEM\MSLW.EXE C:\WINDOWS\ATLQL32.EXE C:\WINDOWS\APIBE.EXE C:\WINDOWS\ATLEF32.EXE C:\WINDOWS\SYSTEM\ATLDI.EXE C:\WINDOWS\MSBL.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\WINDOWS\IPHP.EXE C:\WINDOWS\SYSTEM\NETEU32.EXE C:\WINDOWS\SYSTEM\IPRK32.EXE C:\WINDOWS\SYSTEM\WINOG32.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPSYSDRV.EXE C:\PROGRAM FILES\MOTIVE\MOTMON.EXE C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE E:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE E:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\RunDLL.exe E:\TRANSP~4.EXE E:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXE C:\PROGRAM FILES\VENTURI182\VENTURI.EXE C:\PROGRAM FILES\VENTURI182\JRE\BIN\JREW.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us2.hpwis.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost O2 - BHO: Class - {204BF802-AFE9-16D2-16CF-D252D78A5DB2} - C:\WINDOWS\SYSTEM\APPJD.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE O4 - HKLM\..\Run: [QuickFinder Scheduler] E:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.EXE O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE O4 - HKLM\..\Run: [MFCNH32.EXE] C:\WINDOWS\SYSTEM\MFCNH32.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - Startup: TRANSP~4.lnk = E:\TRANSP~4.EXE O4 - Startup: PerfectPrint.LNK = E:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE O4 - Startup: Venturi.lnk = C:\Program Files\Venturi182\venturi.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-12.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/is...64/mcfscan.cab O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/...er/MotUtil.cab O16 - DPF: {435583D3-F647-4943-BB40-B0D64CB02718} (Snapfish File Upload ActiveX Control) - http://www.yorkphoto.com/YorkUpload.cab O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file) |
#10
|
|||
|
|||
You will need to find these and delete them from your drive..
C:\WINDOWS\ADDHX32.EXE C:\WINDOWS\SYSTEM\NETSH.EXE C:\WINDOWS\MFCKC.EXE C:\WINDOWS\D3SP32.EXE C:\WINDOWS\WINEF32.EXE C:\WINDOWS\SYSTEM\CRQR32.EXE C:\WINDOWS\JAVABA.EXE C:\WINDOWS\D3YH32.EXE C:\WINDOWS\ATLMD32.EXE C:\WINDOWS\SYSTEM\NETKH.EXE C:\WINDOWS\SYSTEM\JAVANB.EXE C:\WINDOWS\SYSTEM\ATLBV32.EXE C:\WINDOWS\SYSTEM\NTIL32.EXE C:\WINDOWS\NETYQ32.EXE C:\WINDOWS\JAVAAX32.EXE C:\WINDOWS\SYSTEM\JAVALO32.EXE C:\WINDOWS\D3BL32.EXE C:\WINDOWS\NETNY32.EXE C:\WINDOWS\SYSTEM\JAVATT32.EXE C:\WINDOWS\IEGA.EXE C:\WINDOWS\SYSTEM\CRBC.EXE C:\WINDOWS\MSWI32.EXE C:\WINDOWS\MSDP.EXE C:\WINDOWS\SYSTEM\MSEH.EXE C:\WINDOWS\JAVAAD32.EXE C:\WINDOWS\JAVABJ32.EXE C:\WINDOWS\SDKRP.EXE C:\WINDOWS\IEZR.EXE C:\WINDOWS\SYSTEM\D3PC.EXE C:\WINDOWS\SYSTEM\IEQH32.EXE C:\WINDOWS\NETEP.EXE C:\WINDOWS\SYSTEM\SYSGS.EXE C:\WINDOWS\SYSTEM\MFCCV.EXE C:\WINDOWS\SYSTEM\WINHX32.EXE C:\WINDOWS\SYSTEM\SDKVQ32.EXE C:\WINDOWS\NTII.EXE C:\WINDOWS\SDKPV.EXE C:\WINDOWS\SYSTEM\ATLUM.EXE C:\WINDOWS\APPIF32.EXE C:\WINDOWS\SYSTEM\IPBN32.EXE C:\WINDOWS\SYSTEM\MFCVW.EXE C:\WINDOWS\SYSTEM\CRDH32.EXE C:\WINDOWS\SYSTEM\IPUL32.EXE C:\WINDOWS\SYSTEM\MSLW.EXE C:\WINDOWS\ATLQL32.EXE C:\WINDOWS\APIBE.EXE C:\WINDOWS\ATLEF32.EXE C:\WINDOWS\SYSTEM\ATLDI.EXE C:\WINDOWS\MSBL.EXE C:\WINDOWS\IPHP.EXE C:\WINDOWS\SYSTEM\NETEU32.EXE C:\WINDOWS\SYSTEM\IPRK32.EXE C:\WINDOWS\SYSTEM\WINOG32.EXE C:\WINDOWS\SYSTEM\MFCNH32.EXE Last edited by Pancake; September 3rd, 2004 at 03:29 AM. |
#11
|
|||
|
|||
deleted files
Hi,
Why i it that when I delete a file it says it deletes it but then it is there again? Also when I "fix" the entry on HIJack " Default URL searchhook is missing" It may go away but then when I run Hijack scan again it reappears. Thanks. Amy |
#12
|
|||
|
|||
Default URL is ok.Its no problem..Do you want to post a new log
|
#13
|
|||
|
|||
Hi amygirl431,
Download AboutBuster from here: AboutBuster http://www.malwarebytes.biz/AboutBuster.zip Unzip AboutBuster to its own folder. Open, and then update AboutBuster, Dont run it yet, .... 2. Download and unzip "get_active_services_179_161" to its own folder. http://d21c.com/Tom41/get_active_services_179_161.zip If any anti-script programs notify you of a strange script running,....ignore warning, .......allow this file to run. Please post back the results of the "Active.txt" with your next post. The "Active.txt" log will be in the folder you ran "get_active_services" from. 3. Reboot into Safe Mode.....( tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key) Run Aboutbuster twice. Then copy and paste the results from the "Buster report" window, after each scan. Copy both scan reports back to this thread, please. Along with the "Active.txt" log and a new HijackThis log, please. Cheers |
#14
|
|||
|
|||
get_active_services
Am I not understanding how to do this one? I downloaded and unzip (this is extract?) the only thing it said on the screen was" These are the current active services: " Nothing else. Did I do something wrong? There is no log?
|
#15
|
|||
|
|||
hi amygirl431,
i m the new member.r u still getting the "page cannot be displayed" msg when trying to open a website? wat kinda internet connection r u using? |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
Cannot view certain webpages... | leighm88 | Internet / Browsers | 3 | April 17th, 2009 11:56 PM |
Cannot view webpages with IE and Firefox | kapitalk | Internet / Browsers | 0 | October 12th, 2007 04:58 PM |
Can't view all webpages | encounter779 | Internet / Browsers | 3 | April 5th, 2007 12:28 PM |
dnserror wont connect to webpages hjt log | tweenage | Malware Removal | 5 | September 30th, 2006 09:43 AM |
Can not view certain webpages... | bren87 | Internet / Browsers | 0 | January 2nd, 2006 07:32 PM |
All times are GMT +1. The time now is 03:59 PM.