Logfile of HijackThis v1.99.1
Scan saved at 6:43:46 PM, on 8/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Atiptaxx.exe
C:\WINDOWS\system32\qfksdkah.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\sdkox.exe
C:\WINDOWS\system32\combo.exe
C:\Documents and Settings\New\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\scjvx.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\scjvx.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\scjvx.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\scjvx.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\scjvx.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\scjvx.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\scjvx.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: Class - {0B7CD9AB-FA76-CAC5-AA75-8F58E9132349} - C:\WINDOWS\system32\sysnl32.dll
O2 - BHO: Class - {4E08BE38-D4B4-A5CF-2262-2FA489C00DD6} - C:\WINDOWS\appqf32.dll
O2 - BHO: Class - {BA99F0F7-81BA-A3D0-11AE-7FAE337FF72F} - C:\WINDOWS\msft32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {EFCA30F1-4CC5-0280-8C70-0601199DABBF} - C:\WINDOWS\system32\d3nb32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [yrnqcyarinko] C:\WINDOWS\system32\qfksdkah.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [sdkox.exe] C:\WINDOWS\sdkox.exe
O4 - HKLM\..\Run: [combo.exe] combo.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\system32\intell32.exe
O4 - HKLM\..\RunOnce: [sysnf32.exe] C:\WINDOWS\system32\sysnf32.exe
O4 - HKLM\..\RunOnce: [atlnw32.exe] C:\WINDOWS\atlnw32.exe
O4 - HKLM\..\RunOnce: [winse32.exe] C:\WINDOWS\system32\winse32.exe
O4 - HKLM\..\RunOnce: [iele.exe] C:\WINDOWS\system32\iele.exe
O4 - HKLM\..\RunOnce: [d3bz.exe] C:\WINDOWS\system32\d3bz.exe
O4 - HKLM\..\RunOnce: [crfp.exe] C:\WINDOWS\system32\crfp.exe
O4 - HKLM\..\RunOnce: [crzf32.exe] C:\WINDOWS\crzf32.exe
O4 - HKLM\..\RunOnce: [apply32.exe] C:\WINDOWS\apply32.exe
O4 - HKLM\..\RunOnce: [ieze32.exe] C:\WINDOWS\ieze32.exe
O4 - HKLM\..\RunOnce: [apiob.exe] C:\WINDOWS\apiob.exe
O4 - HKLM\..\RunOnce: [sdknm.exe] C:\WINDOWS\sdknm.exe
O4 - HKLM\..\RunOnce: [d3nz32.exe] C:\WINDOWS\system32\d3nz32.exe
O4 - HKLM\..\RunOnce: [netrw32.exe] C:\WINDOWS\netrw32.exe
O4 - HKLM\..\RunOnce: [sysvt.exe] C:\WINDOWS\sysvt.exe
O4 - HKLM\..\RunOnce: [sdkxi.exe] C:\WINDOWS\sdkxi.exe
O4 - HKLM\..\RunOnce: [mfcvs.exe] C:\WINDOWS\system32\mfcvs.exe
O4 - HKLM\..\RunOnce: [atlhf.exe] C:\WINDOWS\system32\atlhf.exe
O4 - HKLM\..\RunOnce: [atley.exe] C:\WINDOWS\system32\atley.exe
O4 - HKLM\..\RunOnce: [winsr32.exe] C:\WINDOWS\system32\winsr32.exe
O4 - HKLM\..\RunOnce: [sdkdx.exe] C:\WINDOWS\system32\sdkdx.exe
O4 - HKLM\..\RunOnce: [atlgc32.exe] C:\WINDOWS\system32\atlgc32.exe
O4 - HKLM\..\RunOnce: [winqt.exe] C:\WINDOWS\system32\winqt.exe
O4 - HKLM\..\RunOnce: [winde32.exe] C:\WINDOWS\winde32.exe
O4 - HKLM\..\RunOnce: [apizf.exe] C:\WINDOWS\apizf.exe
O4 - HKLM\..\RunOnce: [mfcfv.exe] C:\WINDOWS\system32\mfcfv.exe
O4 - HKLM\..\RunOnce: [ntbj.exe] C:\WINDOWS\ntbj.exe
O4 - HKLM\..\RunOnce: [appoo.exe] C:\WINDOWS\appoo.exe
O4 - HKLM\..\RunOnce: [sdkri32.exe] C:\WINDOWS\system32\sdkri32.exe
O4 - HKLM\..\RunOnce: [appud32.exe] C:\WINDOWS\appud32.exe
O4 - HKLM\..\RunOnce: [atldp.exe] C:\WINDOWS\atldp.exe
O4 - HKLM\..\RunOnce: [sdkba.exe] C:\WINDOWS\system32\sdkba.exe
O4 - HKLM\..\RunOnce: [apidc.exe] C:\WINDOWS\system32\apidc.exe
O4 - HKLM\..\RunOnce: [ieib32.exe] C:\WINDOWS\system32\ieib32.exe
O4 - HKLM\..\RunOnce: [winsl32.exe] C:\WINDOWS\winsl32.exe
O4 - HKLM\..\RunOnce: [atllh.exe] C:\WINDOWS\atllh.exe
O4 - HKLM\..\RunOnce: [addhb.exe] C:\WINDOWS\system32\addhb.exe
O4 - HKLM\..\RunOnce: [apidf.exe] C:\WINDOWS\apidf.exe
O4 - HKLM\..\RunOnce: [msbw32.exe] C:\WINDOWS\system32\msbw32.exe
O4 - HKLM\..\RunOnce: [javajt32.exe] C:\WINDOWS\javajt32.exe
O4 - HKLM\..\RunOnce: [netxb.exe] C:\WINDOWS\netxb.exe
O4 - HKLM\..\RunOnce: [appyf32.exe] C:\WINDOWS\system32\appyf32.exe
O4 - HKLM\..\RunOnce: [ipbm.exe] C:\WINDOWS\ipbm.exe
O4 - HKLM\..\RunOnce: [ietn.exe] C:\WINDOWS\ietn.exe
O4 - HKLM\..\RunOnce: [cryv.exe] C:\WINDOWS\cryv.exe
O4 - HKLM\..\RunOnce: [syskc.exe] C:\WINDOWS\syskc.exe
O4 - HKLM\..\RunOnce: [mfcom.exe] C:\WINDOWS\mfcom.exe
O4 - HKLM\..\RunOnce: [mfcap.exe] C:\WINDOWS\mfcap.exe
O4 - HKLM\..\RunOnce: [crjp.exe] C:\WINDOWS\crjp.exe
O4 - HKLM\..\RunOnce: [ntnz32.exe] C:\WINDOWS\system32\ntnz32.exe
O4 - HKLM\..\RunOnce: [ieql.exe] C:\WINDOWS\system32\ieql.exe
O4 - HKLM\..\RunOnce: [crmx32.exe] C:\WINDOWS\crmx32.exe
O4 - HKLM\..\RunOnce: [ntev.exe] C:\WINDOWS\ntev.exe
O4 - HKLM\..\RunOnce: [ipfw.exe] C:\WINDOWS\system32\ipfw.exe
O4 - HKLM\..\RunOnce: [msct32.exe] C:\WINDOWS\msct32.exe
O4 - HKLM\..\RunOnce: [appmj32.exe] C:\WINDOWS\system32\appmj32.exe
O4 - HKLM\..\RunOnce: [nthv32.exe] C:\WINDOWS\nthv32.exe
O4 - HKLM\..\RunOnce: [crmz.exe] C:\WINDOWS\system32\crmz.exe
O4 - HKLM\..\RunOnce: [addqr.exe] C:\WINDOWS\system32\addqr.exe
O4 - HKLM\..\RunOnce: [d3pz32.exe] C:\WINDOWS\d3pz32.exe
O4 - HKLM\..\RunOnce: [appsq32.exe] C:\WINDOWS\appsq32.exe
O4 - HKLM\..\RunOnce: [netiy.exe] C:\WINDOWS\netiy.exe
O4 - HKLM\..\RunOnce: [crpb32.exe] C:\WINDOWS\crpb32.exe
O4 - HKLM\..\RunOnce: [d3pj.exe] C:\WINDOWS\d3pj.exe
O4 - HKLM\..\RunOnce: [appst32.exe] C:\WINDOWS\system32\appst32.exe
O4 - HKLM\..\RunOnce: [apixx32.exe] C:\WINDOWS\apixx32.exe
O4 - HKLM\..\RunOnce: [iexf.exe] C:\WINDOWS\system32\iexf.exe
O4 - HKLM\..\RunOnce: [appwa32.exe] C:\WINDOWS\system32\appwa32.exe
O4 - HKLM\..\RunOnce: [atlvi32.exe] C:\WINDOWS\system32\atlvi32.exe
O4 - HKLM\..\RunOnce: [winis.exe] C:\WINDOWS\winis.exe
O4 - HKLM\..\RunOnce: [atlsl32.exe] C:\WINDOWS\atlsl32.exe
O4 - HKLM\..\RunOnce: [ipit.exe] C:\WINDOWS\ipit.exe
O4 - HKLM\..\RunOnce: [winro32.exe] C:\WINDOWS\system32\winro32.exe
O4 - HKLM\..\RunOnce: [d3pw32.exe] C:\WINDOWS\d3pw32.exe
O4 - HKLM\..\RunOnce: [atlsv32.exe] C:\WINDOWS\system32\atlsv32.exe
O4 - HKLM\..\RunOnce: [mfcsd.exe] C:\WINDOWS\system32\mfcsd.exe
O4 - HKLM\..\RunOnce: [atlbe.exe] C:\WINDOWS\atlbe.exe
O4 - HKLM\..\RunOnce: [atlwv32.exe] C:\WINDOWS\system32\atlwv32.exe
O4 - HKLM\..\RunOnce: [ieaz32.exe] C:\WINDOWS\system32\ieaz32.exe
O4 - HKLM\..\RunOnce: [mfcdl32.exe] C:\WINDOWS\system32\mfcdl32.exe
O4 - HKLM\..\RunOnce: [sysdz32.exe] C:\WINDOWS\system32\sysdz32.exe
O4 - HKLM\..\RunOnce: [sdkws32.exe] C:\WINDOWS\sdkws32.exe
O4 - HKLM\..\RunOnce: [sdkwa32.exe] C:\WINDOWS\sdkwa32.exe
O4 - HKLM\..\RunOnce: [winaj32.exe] C:\WINDOWS\system32\winaj32.exe
O4 - HKLM\..\RunOnce: [addzz.exe] C:\WINDOWS\system32\addzz.exe
O4 - HKLM\..\RunOnce: [sysia.exe] C:\WINDOWS\sysia.exe
O4 - HKLM\..\RunOnce: [mssy32.exe] C:\WINDOWS\mssy32.exe
O4 - HKLM\..\RunOnce: [apisg.exe] C:\WINDOWS\system32\apisg.exe
O4 - HKLM\..\RunOnce: [appwk32.exe] C:\WINDOWS\appwk32.exe
O4 - HKLM\..\RunOnce: [sysgr.exe] C:\WINDOWS\sysgr.exe
O4 - HKLM\..\RunOnce: [iepr.exe] C:\WINDOWS\iepr.exe
O4 - HKLM\..\RunOnce: [mfceg.exe] C:\WINDOWS\mfceg.exe
O4 - HKLM\..\RunOnce: [sdkof32.exe] C:\WINDOWS\sdkof32.exe
O4 - HKLM\..\RunOnce: [sysrq32.exe] C:\WINDOWS\sysrq32.exe
O4 - HKLM\..\RunOnce: [appwv.exe] C:\WINDOWS\system32\appwv.exe
O4 - HKLM\..\RunOnce: [crkx.exe] C:\WINDOWS\crkx.exe
O4 - HKLM\..\RunOnce: [ntob.exe] C:\WINDOWS\ntob.exe
O4 - HKLM\..\RunOnce: [iedy32.exe] C:\WINDOWS\system32\iedy32.exe
O4 - HKLM\..\RunOnce: [sdkop.exe] C:\WINDOWS\system32\sdkop.exe
O4 - HKLM\..\RunOnce: [appcm.exe] C:\WINDOWS\system32\appcm.exe
O4 - HKLM\..\RunOnce: [javawx.exe] C:\WINDOWS\system32\javawx.exe
O4 - HKLM\..\RunOnce: [sysgv32.exe] C:\WINDOWS\sysgv32.exe
O4 - HKLM\..\RunOnce: [apibh.exe] C:\WINDOWS\system32\apibh.exe
O4 - HKLM\..\RunOnce: [appfl32.exe] C:\WINDOWS\system32\appfl32.exe
O4 - HKLM\..\RunOnce: [sysps.exe] C:\WINDOWS\sysps.exe
O4 - HKLM\..\RunOnce: [ieys.exe] C:\WINDOWS\system32\ieys.exe
O4 - HKLM\..\RunOnce: [atlnh32.exe] C:\WINDOWS\atlnh32.exe
O4 - HKLM\..\RunOnce: [sdkyg32.exe] C:\WINDOWS\system32\sdkyg32.exe
O4 - HKLM\..\RunOnce: [javapc32.exe] C:\WINDOWS\javapc32.exe
O4 - HKLM\..\RunOnce: [iegv.exe] C:\WINDOWS\system32\iegv.exe
O4 - HKLM\..\RunOnce: [iesi32.exe] C:\WINDOWS\iesi32.exe
O4 - HKLM\..\RunOnce: [d3id.exe] C:\WINDOWS\d3id.exe
O4 - HKLM\..\RunOnce: [ntbt32.exe] C:\WINDOWS\system32\ntbt32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://fpw.levelupg...Crypt/npkcx.cab
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\sysnf32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
hope you can help me with my problem. thanks!!!