Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Coolsearch cannot be delted ~ Heres Hijack File

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 2 posts
Gimme directions pls

Logfile of HijackThis v1.99.1
Scan saved at 5:42:01 PM, on 8/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\RAHULW~1\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe
C:\DOCUME~1\RAHULW~1\LOCALS~1\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ceyhi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ceyhi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ceyhi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ceyhi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ceyhi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ceyhi.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {92093452-29D6-C992-7CF2-E45692D46C2B} - C:\WINDOWS\sdkkq.dll
O2 - BHO: Class - {E3660349-F68F-6736-8733-F80F0102D728} - C:\WINDOWS\crso.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ipah32.exe] C:\WINDOWS\ipah32.exe
O4 - HKLM\..\Run: [apinx32.exe] C:\WINDOWS\system32\apinx32.exe
O4 - HKLM\..\Run: [ntaz.exe] C:\WINDOWS\ntaz.exe
O4 - HKLM\..\Run: [mfcpf32.exe] C:\WINDOWS\mfcpf32.exe
O4 - HKLM\..\Run: [msil.exe] C:\WINDOWS\system32\msil.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\RunOnce: [atlym.exe] C:\WINDOWS\atlym.exe
O4 - HKLM\..\RunOnce: [addqk.exe] C:\WINDOWS\addqk.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [appjw32.exe] C:\WINDOWS\appjw32.exe
O4 - HKLM\..\RunOnce: [ntof32.exe] C:\WINDOWS\ntof32.exe
O4 - HKLM\..\RunOnce: [addus.exe] C:\WINDOWS\addus.exe
O4 - HKLM\..\RunOnce: [mslh32.exe] C:\WINDOWS\system32\mslh32.exe
O4 - HKLM\..\RunOnce: [crhz32.exe] C:\WINDOWS\system32\crhz32.exe
O4 - HKLM\..\RunOnce: [sysoe.exe] C:\WINDOWS\system32\sysoe.exe
O4 - HKLM\..\RunOnce: [atlms32.exe] C:\WINDOWS\system32\atlms32.exe
O4 - HKLM\..\RunOnce: [ntxo.exe] C:\WINDOWS\ntxo.exe
O4 - HKLM\..\RunOnce: [ievh32.exe] C:\WINDOWS\system32\ievh32.exe
O4 - HKLM\..\RunOnce: [mshx.exe] C:\WINDOWS\mshx.exe
O4 - HKLM\..\RunOnce: [ient32.exe] C:\WINDOWS\ient32.exe
O4 - HKLM\..\RunOnce: [sdksn.exe] C:\WINDOWS\sdksn.exe
O4 - HKLM\..\RunOnce: [winbt32.exe] C:\WINDOWS\winbt32.exe
O4 - HKLM\..\RunOnce: [javavn32.exe] C:\WINDOWS\javavn32.exe
O4 - HKLM\..\RunOnce: [mfcap.exe] C:\WINDOWS\mfcap.exe
O4 - HKLM\..\RunOnce: [appxm32.exe] C:\WINDOWS\appxm32.exe
O4 - HKLM\..\RunOnce: [mscg.exe] C:\WINDOWS\mscg.exe
O4 - HKLM\..\RunOnce: [mfcte32.exe] C:\WINDOWS\mfcte32.exe
O4 - HKLM\..\RunOnce: [javamp32.exe] C:\WINDOWS\javamp32.exe
O4 - HKLM\..\RunOnce: [apirj.exe] C:\WINDOWS\system32\apirj.exe
O4 - HKLM\..\RunOnce: [apixf32.exe] C:\WINDOWS\system32\apixf32.exe
O4 - HKLM\..\RunOnce: [winka32.exe] C:\WINDOWS\system32\winka32.exe
O4 - HKLM\..\RunOnce: [netfl32.exe] C:\WINDOWS\system32\netfl32.exe
O4 - HKLM\..\RunOnce: [sdkkq.exe] C:\WINDOWS\sdkkq.exe
O4 - HKLM\..\RunOnce: [nttq32.exe] C:\WINDOWS\system32\nttq32.exe
O4 - HKLM\..\RunOnce: [iphn32.exe] C:\WINDOWS\iphn32.exe
O4 - HKLM\..\RunOnce: [appmj.exe] C:\WINDOWS\appmj.exe
O4 - HKLM\..\RunOnce: [ieiv.exe] C:\WINDOWS\ieiv.exe
O4 - HKCU\..\Run: [Steam] D:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
  • 0




    Tech Staff

  • Technician
  • 16,645 posts
Hi xtr3m3woundz...Welcome to G2G!

You definitely have a load of nasties!

Please go to the Malware Forum and follow the instructions at the top....Especially the CLICK HERE .
That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.
If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP