Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

help! HT log... lots of weird .exes


  • Please log in to reply

#1
whitknee

whitknee

    New Member

  • Member
  • Pip
  • 1 posts
I have no idea what my boyfriend did to my computer, but I keep getting weird popups and it keeps screwing up my IE toolbar. This is a new computer and the first time I've gotten spyware on it, argh! Any help is MUCH appreciated. I've tried running Ad-Aware, Spybot S&D, etc. but nothing seems to work.

Logfile of HijackThis v1.99.1
Scan saved at 1:45:58 PM, on 7/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TivoServer.exe
C:\WINDOWS\mfclv32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fgtfo.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fgtfo.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\fgtfo.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fgtfo.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fgtfo.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\fgtfo.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\fgtfo.dll/sp.html#12047
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - C:\WINDOWS\gds5.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {E5E988DC-7B26-44B2-3181-C20414A67661} - C:\WINDOWS\system32\addss32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [mfclv32.exe] C:\WINDOWS\mfclv32.exe
O4 - HKLM\..\RunOnce: [winvs.exe] C:\WINDOWS\winvs.exe
O4 - HKLM\..\RunOnce: [atlki.exe] C:\WINDOWS\system32\atlki.exe
O4 - HKLM\..\RunOnce: [mspl32.exe] C:\WINDOWS\mspl32.exe
O4 - HKLM\..\RunOnce: [addqh.exe] C:\WINDOWS\system32\addqh.exe
O4 - HKLM\..\RunOnce: [sdkab32.exe] C:\WINDOWS\sdkab32.exe
O4 - HKLM\..\RunOnce: [appaj.exe] C:\WINDOWS\system32\appaj.exe
O4 - HKLM\..\RunOnce: [apine32.exe] C:\WINDOWS\system32\apine32.exe
O4 - HKLM\..\RunOnce: [ipel.exe] C:\WINDOWS\system32\ipel.exe
O4 - HKLM\..\RunOnce: [adddb32.exe] C:\WINDOWS\system32\adddb32.exe
O4 - HKLM\..\RunOnce: [iefv32.exe] C:\WINDOWS\system32\iefv32.exe
O4 - HKLM\..\RunOnce: [msjl32.exe] C:\WINDOWS\msjl32.exe
O4 - HKLM\..\RunOnce: [apibd32.exe] C:\WINDOWS\system32\apibd32.exe
O4 - HKLM\..\RunOnce: [ntwn.exe] C:\WINDOWS\system32\ntwn.exe
O4 - HKLM\..\RunOnce: [msrl32.exe] C:\WINDOWS\msrl32.exe
O4 - HKLM\..\RunOnce: [ipit32.exe] C:\WINDOWS\ipit32.exe
O4 - HKLM\..\RunOnce: [winht.exe] C:\WINDOWS\winht.exe
O4 - HKLM\..\RunOnce: [sysne32.exe] C:\WINDOWS\sysne32.exe
O4 - HKLM\..\RunOnce: [appdt.exe] C:\WINDOWS\appdt.exe
O4 - HKLM\..\RunOnce: [apipi32.exe] C:\WINDOWS\apipi32.exe
O4 - HKLM\..\RunOnce: [mfcbn.exe] C:\WINDOWS\mfcbn.exe
O4 - HKLM\..\RunOnce: [sdksi32.exe] C:\WINDOWS\sdksi32.exe
O4 - HKLM\..\RunOnce: [mskr.exe] C:\WINDOWS\system32\mskr.exe
O4 - HKLM\..\RunOnce: [d3fi32.exe] C:\WINDOWS\system32\d3fi32.exe
O4 - HKLM\..\RunOnce: [ipke32.exe] C:\WINDOWS\ipke32.exe
O4 - HKLM\..\RunOnce: [msfq32.exe] C:\WINDOWS\system32\msfq32.exe
O4 - HKLM\..\RunOnce: [winku.exe] C:\WINDOWS\winku.exe
O4 - HKLM\..\RunOnce: [ipnm.exe] C:\WINDOWS\ipnm.exe
O4 - HKLM\..\RunOnce: [addmu32.exe] C:\WINDOWS\addmu32.exe
O4 - HKLM\..\RunOnce: [msdj32.exe] C:\WINDOWS\system32\msdj32.exe
O4 - HKLM\..\RunOnce: [iekz.exe] C:\WINDOWS\iekz.exe
O4 - HKLM\..\RunOnce: [mslz.exe] C:\WINDOWS\system32\mslz.exe
O4 - HKLM\..\RunOnce: [appbp32.exe] C:\WINDOWS\appbp32.exe
O4 - HKLM\..\RunOnce: [netzw32.exe] C:\WINDOWS\system32\netzw32.exe
O4 - HKLM\..\RunOnce: [crpr32.exe] C:\WINDOWS\crpr32.exe
O4 - HKLM\..\RunOnce: [msic.exe] C:\WINDOWS\msic.exe
O4 - HKLM\..\RunOnce: [addeg.exe] C:\WINDOWS\system32\addeg.exe
O4 - HKLM\..\RunOnce: [apiwh32.exe] C:\WINDOWS\apiwh32.exe
O4 - HKLM\..\RunOnce: [sysqa.exe] C:\WINDOWS\sysqa.exe
O4 - HKLM\..\RunOnce: [atluc.exe] C:\WINDOWS\atluc.exe
O4 - HKLM\..\RunOnce: [winkj.exe] C:\WINDOWS\winkj.exe
O4 - HKLM\..\RunOnce: [cruc.exe] C:\WINDOWS\system32\cruc.exe
O4 - HKLM\..\RunOnce: [ipfv32.exe] C:\WINDOWS\ipfv32.exe
O4 - HKLM\..\RunOnce: [appvk32.exe] C:\WINDOWS\system32\appvk32.exe
O4 - HKLM\..\RunOnce: [sdkyw.exe] C:\WINDOWS\sdkyw.exe
O4 - HKLM\..\RunOnce: [apici32.exe] C:\WINDOWS\apici32.exe
O4 - HKLM\..\RunOnce: [addsy.exe] C:\WINDOWS\system32\addsy.exe
O4 - HKLM\..\RunOnce: [sysvz32.exe] C:\WINDOWS\system32\sysvz32.exe
O4 - HKLM\..\RunOnce: [msrl.exe] C:\WINDOWS\msrl.exe
O4 - HKLM\..\RunOnce: [ntqt32.exe] C:\WINDOWS\ntqt32.exe
O4 - HKLM\..\RunOnce: [mfcoi32.exe] C:\WINDOWS\system32\mfcoi32.exe
O4 - HKLM\..\RunOnce: [apioy.exe] C:\WINDOWS\apioy.exe
O4 - HKLM\..\RunOnce: [addml32.exe] C:\WINDOWS\system32\addml32.exe
O4 - HKLM\..\RunOnce: [atloy.exe] C:\WINDOWS\system32\atloy.exe
O4 - HKLM\..\RunOnce: [sdkmn32.exe] C:\WINDOWS\sdkmn32.exe
O4 - HKLM\..\RunOnce: [d3cv32.exe] C:\WINDOWS\d3cv32.exe
O4 - HKLM\..\RunOnce: [javaxh.exe] C:\WINDOWS\system32\javaxh.exe
O4 - HKLM\..\RunOnce: [apiwo32.exe] C:\WINDOWS\system32\apiwo32.exe
O4 - HKLM\..\RunOnce: [addue32.exe] C:\WINDOWS\addue32.exe
O4 - HKLM\..\RunOnce: [appuu.exe] C:\WINDOWS\appuu.exe
O4 - HKLM\..\RunOnce: [windu.exe] C:\WINDOWS\windu.exe
O4 - HKLM\..\RunOnce: [netsj32.exe] C:\WINDOWS\netsj32.exe
O4 - HKLM\..\RunOnce: [javair32.exe] C:\WINDOWS\javair32.exe
O4 - HKLM\..\RunOnce: [nteu.exe] C:\WINDOWS\nteu.exe
O4 - HKLM\..\RunOnce: [appdk32.exe] C:\WINDOWS\appdk32.exe
O4 - HKLM\..\RunOnce: [ieba32.exe] C:\WINDOWS\system32\ieba32.exe
O4 - HKLM\..\RunOnce: [sysbi.exe] C:\WINDOWS\system32\sysbi.exe
O4 - HKLM\..\RunOnce: [iejq.exe] C:\WINDOWS\iejq.exe
O4 - HKLM\..\RunOnce: [atlzf.exe] C:\WINDOWS\system32\atlzf.exe
O4 - HKLM\..\RunOnce: [winou.exe] C:\WINDOWS\system32\winou.exe
O4 - HKLM\..\RunOnce: [d3zn32.exe] C:\WINDOWS\d3zn32.exe
O4 - HKLM\..\RunOnce: [mssy32.exe] C:\WINDOWS\mssy32.exe
O4 - HKLM\..\RunOnce: [appcx.exe] C:\WINDOWS\system32\appcx.exe
O4 - HKLM\..\RunOnce: [netnx32.exe] C:\WINDOWS\system32\netnx32.exe
O4 - HKLM\..\RunOnce: [sdklf.exe] C:\WINDOWS\system32\sdklf.exe
O4 - HKLM\..\RunOnce: [mshb32.exe] C:\WINDOWS\system32\mshb32.exe
O4 - HKLM\..\RunOnce: [crqj.exe] C:\WINDOWS\system32\crqj.exe
O4 - HKLM\..\RunOnce: [crey32.exe] C:\WINDOWS\system32\crey32.exe
O4 - HKLM\..\RunOnce: [crlv32.exe] C:\WINDOWS\crlv32.exe
O4 - HKLM\..\RunOnce: [apipz32.exe] C:\WINDOWS\system32\apipz32.exe
O4 - HKLM\..\RunOnce: [d3sl32.exe] C:\WINDOWS\d3sl32.exe
O4 - HKLM\..\RunOnce: [sysxp.exe] C:\WINDOWS\system32\sysxp.exe
O4 - HKLM\..\RunOnce: [msyp32.exe] C:\WINDOWS\msyp32.exe
O4 - HKLM\..\RunOnce: [msmm32.exe] C:\WINDOWS\system32\msmm32.exe
O4 - HKLM\..\RunOnce: [iprj32.exe] C:\WINDOWS\iprj32.exe
O4 - HKLM\..\RunOnce: [msuu32.exe] C:\WINDOWS\system32\msuu32.exe
O4 - HKLM\..\RunOnce: [winzz.exe] C:\WINDOWS\winzz.exe
O4 - HKLM\..\RunOnce: [sysaz32.exe] C:\WINDOWS\system32\sysaz32.exe
O4 - HKLM\..\RunOnce: [ieow32.exe] C:\WINDOWS\ieow32.exe
O4 - HKLM\..\RunOnce: [sdkts.exe] C:\WINDOWS\system32\sdkts.exe
O4 - HKLM\..\RunOnce: [apixe.exe] C:\WINDOWS\apixe.exe
O4 - HKLM\..\RunOnce: [crmt32.exe] C:\WINDOWS\system32\crmt32.exe
O4 - HKLM\..\RunOnce: [sysdb32.exe] C:\WINDOWS\system32\sysdb32.exe
O4 - HKLM\..\RunOnce: [msgm.exe] C:\WINDOWS\msgm.exe
O4 - HKLM\..\RunOnce: [ipfu32.exe] C:\WINDOWS\ipfu32.exe
O4 - HKLM\..\RunOnce: [atlvk32.exe] C:\WINDOWS\system32\atlvk32.exe
O4 - HKLM\..\RunOnce: [mfcda.exe] C:\WINDOWS\system32\mfcda.exe
O4 - HKLM\..\RunOnce: [atlea.exe] C:\WINDOWS\system32\atlea.exe
O4 - HKLM\..\RunOnce: [nttp32.exe] C:\WINDOWS\nttp32.exe
O4 - HKLM\..\RunOnce: [d3rw32.exe] C:\WINDOWS\system32\d3rw32.exe
O4 - HKLM\..\RunOnce: [addhr32.exe] C:\WINDOWS\addhr32.exe
O4 - HKLM\..\RunOnce: [atlad.exe] C:\WINDOWS\atlad.exe
O4 - HKLM\..\RunOnce: [ipwh.exe] C:\WINDOWS\system32\ipwh.exe
O4 - HKLM\..\RunOnce: [crph32.exe] C:\WINDOWS\crph32.exe
O4 - HKLM\..\RunOnce: [iefp.exe] C:\WINDOWS\system32\iefp.exe
O4 - HKLM\..\RunOnce: [appbt32.exe] C:\WINDOWS\system32\appbt32.exe
O4 - HKLM\..\RunOnce: [wintt.exe] C:\WINDOWS\system32\wintt.exe
O4 - HKLM\..\RunOnce: [addyq32.exe] C:\WINDOWS\system32\addyq32.exe
O4 - HKLM\..\RunOnce: [winnf32.exe] C:\WINDOWS\winnf32.exe
O4 - HKLM\..\RunOnce: [addnv32.exe] C:\WINDOWS\addnv32.exe
O4 - HKLM\..\RunOnce: [netwo32.exe] C:\WINDOWS\system32\netwo32.exe
O4 - HKLM\..\RunOnce: [ieww.exe] C:\WINDOWS\ieww.exe
O4 - HKLM\..\RunOnce: [crai.exe] C:\WINDOWS\system32\crai.exe
O4 - HKLM\..\RunOnce: [winpx32.exe] C:\WINDOWS\winpx32.exe
O4 - HKLM\..\RunOnce: [mfcge.exe] C:\WINDOWS\mfcge.exe
O4 - HKLM\..\RunOnce: [ntki32.exe] C:\WINDOWS\system32\ntki32.exe
O4 - HKLM\..\RunOnce: [apitj.exe] C:\WINDOWS\apitj.exe
O4 - HKLM\..\RunOnce: [netzf32.exe] C:\WINDOWS\system32\netzf32.exe
O4 - HKLM\..\RunOnce: [netnc32.exe] C:\WINDOWS\netnc32.exe
O4 - HKLM\..\RunOnce: [winsy32.exe] C:\WINDOWS\winsy32.exe
O4 - HKLM\..\RunOnce: [netvk.exe] C:\WINDOWS\system32\netvk.exe
O4 - HKLM\..\RunOnce: [atlrw32.exe] C:\WINDOWS\system32\atlrw32.exe
O4 - HKLM\..\RunOnce: [syspe.exe] C:\WINDOWS\syspe.exe
O4 - HKLM\..\RunOnce: [sdkot32.exe] C:\WINDOWS\sdkot32.exe
O4 - HKLM\..\RunOnce: [apiej32.exe] C:\WINDOWS\system32\apiej32.exe
O4 - HKLM\..\RunOnce: [netmr.exe] C:\WINDOWS\system32\netmr.exe
O4 - HKLM\..\RunOnce: [apinz.exe] C:\WINDOWS\system32\apinz.exe
O4 - HKLM\..\RunOnce: [d3wx32.exe] C:\WINDOWS\system32\d3wx32.exe
O4 - HKLM\..\RunOnce: [ntun.exe] C:\WINDOWS\ntun.exe
O4 - HKLM\..\RunOnce: [atltc32.exe] C:\WINDOWS\atltc32.exe
O4 - HKLM\..\RunOnce: [ieks32.exe] C:\WINDOWS\system32\ieks32.exe
O4 - HKLM\..\RunOnce: [sysra.exe] C:\WINDOWS\system32\sysra.exe
O4 - HKLM\..\RunOnce: [iesa.exe] C:\WINDOWS\iesa.exe
O4 - HKLM\..\RunOnce: [mfcix32.exe] C:\WINDOWS\system32\mfcix32.exe
O4 - HKLM\..\RunOnce: [ipgf32.exe] C:\WINDOWS\system32\ipgf32.exe
O4 - HKLM\..\RunOnce: [apibi.exe] C:\WINDOWS\system32\apibi.exe
O4 - HKLM\..\RunOnce: [winay32.exe] C:\WINDOWS\system32\winay32.exe
O4 - HKLM\..\RunOnce: [d3yo32.exe] C:\WINDOWS\d3yo32.exe
O4 - HKLM\..\RunOnce: [d3yw.exe] C:\WINDOWS\d3yw.exe
O4 - HKLM\..\RunOnce: [crzw.exe] C:\WINDOWS\system32\crzw.exe
O4 - HKLM\..\RunOnce: [addwt32.exe] C:\WINDOWS\addwt32.exe
O4 - HKLM\..\RunOnce: [mfcma32.exe] C:\WINDOWS\mfcma32.exe
O4 - HKLM\..\RunOnce: [apphe.exe] C:\WINDOWS\system32\apphe.exe
O4 - HKLM\..\RunOnce: [msgu32.exe] C:\WINDOWS\msgu32.exe
O4 - HKLM\..\RunOnce: [sdkfj32.exe] C:\WINDOWS\system32\sdkfj32.exe
O4 - HKLM\..\RunOnce: [javaer.exe] C:\WINDOWS\system32\javaer.exe
O4 - HKLM\..\RunOnce: [ntns.exe] C:\WINDOWS\ntns.exe
O4 - HKLM\..\RunOnce: [iedp.exe] C:\WINDOWS\system32\iedp.exe
O4 - HKLM\..\RunOnce: [crsw32.exe] C:\WINDOWS\system32\crsw32.exe
O4 - HKLM\..\RunOnce: [msdp.exe] C:\WINDOWS\msdp.exe
O4 - HKLM\..\RunOnce: [addht32.exe] C:\WINDOWS\addht32.exe
O4 - HKLM\..\RunOnce: [netmd32.exe] C:\WINDOWS\system32\netmd32.exe
O4 - HKLM\..\RunOnce: [appks32.exe] C:\WINDOWS\appks32.exe
O4 - HKLM\..\RunOnce: [atlka.exe] C:\WINDOWS\system32\atlka.exe
O4 - HKLM\..\RunOnce: [addsb.exe] C:\WINDOWS\addsb.exe
O4 - HKLM\..\RunOnce: [ipiy32.exe] C:\WINDOWS\system32\ipiy32.exe
O4 - HKLM\..\RunOnce: [javayf32.exe] C:\WINDOWS\javayf32.exe
O4 - HKLM\..\RunOnce: [nttj.exe] C:\WINDOWS\nttj.exe
O4 - HKLM\..\RunOnce: [atlsz32.exe] C:\WINDOWS\atlsz32.exe
O4 - HKLM\..\RunOnce: [sysqo.exe] C:\WINDOWS\system32\sysqo.exe
O4 - HKLM\..\RunOnce: [sdkpe32.exe] C:\WINDOWS\system32\sdkpe32.exe
O4 - HKLM\..\RunOnce: [apigl32.exe] C:\WINDOWS\apigl32.exe
O4 - HKLM\..\RunOnce: [netnb32.exe] C:\WINDOWS\netnb32.exe
O4 - HKLM\..\RunOnce: [crxu32.exe] C:\WINDOWS\crxu32.exe
O4 - HKLM\..\RunOnce: [mfcxc.exe] C:\WINDOWS\system32\mfcxc.exe
O4 - HKLM\..\RunOnce: [winbg.exe] C:\WINDOWS\system32\winbg.exe
O4 - HKLM\..\RunOnce: [netqd32.exe] C:\WINDOWS\netqd32.exe
O4 - HKLM\..\RunOnce: [sdkgk32.exe] C:\WINDOWS\sdkgk32.exe
O4 - HKLM\..\RunOnce: [ipco.exe] C:\WINDOWS\ipco.exe
O4 - HKLM\..\RunOnce: [d3ak32.exe] C:\WINDOWS\d3ak32.exe
O4 - HKLM\..\RunOnce: [msis32.exe] C:\WINDOWS\msis32.exe
O4 - HKLM\..\RunOnce: [addss32.exe] C:\WINDOWS\system32\addss32.exe
O4 - HKLM\..\RunOnce: [javasa.exe] C:\WINDOWS\javasa.exe
O4 - HKLM\..\RunOnce: [ipve.exe] C:\WINDOWS\system32\ipve.exe
O4 - HKLM\..\RunOnce: [d3lt32.exe] C:\WINDOWS\d3lt32.exe
O4 - HKLM\..\RunOnce: [winbb32.exe] C:\WINDOWS\winbb32.exe
O4 - HKLM\..\RunOnce: [iewm.exe] C:\WINDOWS\system32\iewm.exe
O4 - HKLM\..\RunOnce: [ntvc32.exe] C:\WINDOWS\system32\ntvc32.exe
O4 - HKLM\..\RunOnce: [mfctk32.exe] C:\WINDOWS\mfctk32.exe
O4 - HKLM\..\RunOnce: [apita.exe] C:\WINDOWS\system32\apita.exe
O4 - HKLM\..\RunOnce: [mfcca.exe] C:\WINDOWS\mfcca.exe
O4 - HKLM\..\RunOnce: [sdkrp32.exe] C:\WINDOWS\system32\sdkrp32.exe
O4 - HKLM\..\RunOnce: [msiw32.exe] C:\WINDOWS\system32\msiw32.exe
O4 - HKLM\..\RunOnce: [crli.exe] C:\WINDOWS\crli.exe
O4 - HKLM\..\RunOnce: [apiky32.exe] C:\WINDOWS\apiky32.exe
O4 - HKLM\..\RunOnce: [addaf32.exe] C:\WINDOWS\system32\addaf32.exe
O4 - HKLM\..\RunOnce: [appav.exe] C:\WINDOWS\system32\appav.exe
O4 - HKLM\..\RunOnce: [croq.exe] C:\WINDOWS\croq.exe
O4 - HKLM\..\RunOnce: [ntsc32.exe] C:\WINDOWS\system32\ntsc32.exe
O4 - HKLM\..\RunOnce: [mfcqr.exe] C:\WINDOWS\mfcqr.exe
O4 - HKLM\..\RunOnce: [ieph32.exe] C:\WINDOWS\ieph32.exe
O4 - HKLM\..\RunOnce: [javafo32.exe] C:\WINDOWS\system32\javafo32.exe
O4 - HKLM\..\RunOnce: [crfe.exe] C:\WINDOWS\system32\crfe.exe
O4 - HKLM\..\RunOnce: [javaof.exe] C:\WINDOWS\javaof.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TivoServer.exe" /auto:TivoServer /registry /service
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://user.vividenc...torLauncher.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineco...loadcontrol.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

Edited by whitknee, 12 July 2005 - 12:49 PM.

  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi WhitKnee and Welcome to GeekstoGo!


Thats a nasty CWS Infection you have there!!

Copy these Instructions to Notepad and Save them to your Desktop,you will need them in Safe Mode!

Please Download these utilities but dont run them until I ask you to!

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


ABout Buster
http://www.besttechi...?showtopic=1488

Follow the Instructions inside the link to Update it,We will run it it Safe Mode!


CleanUp!
http://downloads.ste...p/CleanUp40.exe


Make sure Ad Aware is Updated with the latest definition files!


Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam


After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders,this must be done after restarting in Safe Mode!!
Here is a link to help with that:
http://www.bleepingc...showtutorial=62


Open and Run CleanUp!-> Once it is down-> Click "NO" to Log Off!


Run ABout Buster just as described in the link!

Please run it until you get these Results:

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!



Now,Scan the System with Ewido-> Clean all it finds-> Be sure to Save the Report!


Scan the System with Ad Aware-> Remove all it finds and delete all Quaratine files!


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>OK>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates



Post back with a fresh HijackThis log and the reports from Ewido and Panda!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP