Newbie dot Org HomePage
Visit one of our web buddies
please check out my hijackthis log file
ken

09/03/04 		Can someon help my with this log? Thanks!

Logfile of HijackThis v1.97.7
Scan saved at 4:11:10 PM, on 9/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\ntcx.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\MSSHVC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\SCVHOST.EXE
C:\WINDOWS\system32\ieyg32.exe
C:\documents and settings\user\local settings\temp\x9x0urJ.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\WINDOWS\System\wupdmgr.exe
C:\WINDOWS\System32\capx5032.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Registry Clean Expert\RegCleanExpert.exe
C:\Program Files\Registry Clean Expert\RCScheduler.exe
C:\Documents and Settings\User\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ajsfz.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ajsfz.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\ajsfz.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ajsfz.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\ajsfz.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ajsfz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ajsfz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://C:\WINDOWS\ajsfz.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ajsfz.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ajsfz.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.31.24.2:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.fujitsu-pc-asia.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {B291DEE2-D9B2-592B-0C2E-27B58D348424} - C:\WINDOWS\msul32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\zh-sg\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [@programasukgogb-htm] RunDll32 UDConn.dll,RunAsIcon @programasukgogb
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSSHVC] C:\WINDOWS\System32\MSSHVC.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DED] C:\docume~1\user\locals~1\temp\DED.exe
O4 - HKLM\..\Run: [ML9O] C:\docume~1\user\locals~1\temp\ML9O.exe
O4 - HKLM\..\Run: [MSStartOptimizer] C:\WINDOWS\System32\SCVHOST.EXE
O4 - HKLM\..\Run: [RegCompres] C:\WINDOWS\System32\REGCPM32.EXE
O4 - HKLM\..\Run: [ieyg32.exe] C:\WINDOWS\system32\ieyg32.exe
O4 - HKLM\..\Run: [x9x0urJ] C:\documents and settings\user\local settings\temp\x9x0urJ.exe
O4 - HKLM\..\Run: [3S4N9DY375A59P] C:\WINDOWS\System32\Cpj5Y.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msqr.exe] C:\WINDOWS\system32\msqr.exe
O4 - HKLM\..\Run: [addkv.exe] C:\WINDOWS\system32\addkv.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\wupdmgr.exe
O4 - HKCU\..\Run: [eoxsRkcqX] capx5032.exe
O4 - HKLM\..\RunOnce: [msit.exe] C:\WINDOWS\system32\msit.exe
O4 - HKLM\..\RunOnce: [ntcl.exe] C:\WINDOWS\ntcl.exe
O4 - HKLM\..\RunOnce: [sdkzh.exe] C:\WINDOWS\sdkzh.exe
O4 - HKLM\..\RunOnce: [sdkqr32.exe] C:\WINDOWS\system32\sdkqr32.exe
O4 - HKLM\..\RunOnce: [d3gz.exe] C:\WINDOWS\system32\d3gz.exe
O4 - HKLM\..\RunOnce: [atloy32.exe] C:\WINDOWS\atloy32.exe
O4 - HKLM\..\RunOnce: [d3qd.exe] C:\WINDOWS\system32\d3qd.exe
O4 - HKLM\..\RunOnce: [iema32.exe] C:\WINDOWS\iema32.exe
O4 - HKLM\..\RunOnce: [ieea32.exe] C:\WINDOWS\system32\ieea32.exe
O4 - HKLM\..\RunOnce: [appqi.exe] C:\WINDOWS\system32\appqi.exe
O4 - HKLM\..\RunOnce: [apice.exe] C:\WINDOWS\system32\apice.exe
O4 - HKLM\..\RunOnce: [netmt.exe] C:\WINDOWS\system32\netmt.exe
O4 - HKLM\..\RunOnce: [winmb32.exe] C:\WINDOWS\system32\winmb32.exe
O4 - HKLM\..\RunOnce: [apizx.exe] C:\WINDOWS\apizx.exe
O4 - HKLM\..\RunOnce: [crux.exe] C:\WINDOWS\crux.exe
O4 - HKLM\..\RunOnce: [ntev32.exe] C:\WINDOWS\system32\ntev32.exe
O4 - HKLM\..\RunOnce: [javazb32.exe] C:\WINDOWS\javazb32.exe
O4 - HKLM\..\RunOnce: [javayf.exe] C:\WINDOWS\javayf.exe
O4 - HKLM\..\RunOnce: [mslr32.exe] C:\WINDOWS\system32\mslr32.exe
O4 - HKLM\..\RunOnce: [netyg32.exe] C:\WINDOWS\system32\netyg32.exe
O4 - HKLM\..\RunOnce: [mfcci.exe] C:\WINDOWS\mfcci.exe
O4 - HKLM\..\RunOnce: [sdkxw32.exe] C:\WINDOWS\system32\sdkxw32.exe
O4 - HKLM\..\RunOnce: [msdi32.exe] C:\WINDOWS\msdi32.exe
O4 - HKLM\..\RunOnce: [winyu32.exe] C:\WINDOWS\system32\winyu32.exe
O4 - HKLM\..\RunOnce: [d3mn32.exe] C:\WINDOWS\system32\d3mn32.exe
O4 - HKLM\..\RunOnce: [cruh.exe] C:\WINDOWS\system32\cruh.exe
O4 - HKLM\..\RunOnce: [apitp.exe] C:\WINDOWS\system32\apitp.exe
O4 - HKLM\..\RunOnce: [mfcjh32.exe] C:\WINDOWS\system32\mfcjh32.exe
O4 - HKLM\..\RunOnce: [sysob.exe] C:\WINDOWS\system32\sysob.exe
O4 - HKLM\..\RunOnce: [ntwm32.exe] C:\WINDOWS\ntwm32.exe
O4 - HKLM\..\RunOnce: [appkq.exe] C:\WINDOWS\system32\appkq.exe
O4 - HKLM\..\RunOnce: [d3ol32.exe] C:\WINDOWS\d3ol32.exe
O4 - HKLM\..\RunOnce: [appzy.exe] C:\WINDOWS\system32\appzy.exe
O4 - HKLM\..\RunOnce: [ipyk32.exe] C:\WINDOWS\system32\ipyk32.exe
O4 - HKLM\..\RunOnce: [ipte32.exe] C:\WINDOWS\system32\ipte32.exe
O4 - HKLM\..\RunOnce: [ipwx32.exe] C:\WINDOWS\ipwx32.exe
O4 - HKLM\..\RunOnce: [ipax.exe] C:\WINDOWS\ipax.exe
O4 - HKLM\..\RunOnce: [ntby.exe] C:\WINDOWS\system32\ntby.exe
O4 - HKLM\..\RunOnce: [addqu32.exe] C:\WINDOWS\addqu32.exe
O4 - HKLM\..\RunOnce: [addcn32.exe] C:\WINDOWS\addcn32.exe
O4 - HKLM\..\RunOnce: [addyc32.exe] C:\WINDOWS\system32\addyc32.exe
O4 - HKLM\..\RunOnce: [iejw32.exe] C:\WINDOWS\system32\iejw32.exe
O4 - HKLM\..\RunOnce: [adduv.exe] C:\WINDOWS\system32\adduv.exe
O4 - HKLM\..\RunOnce: [d3ly.exe] C:\WINDOWS\system32\d3ly.exe
O4 - HKLM\..\RunOnce: [ipgz32.exe] C:\WINDOWS\system32\ipgz32.exe
O4 - HKLM\..\RunOnce: [appwn32.exe] C:\WINDOWS\system32\appwn32.exe
O4 - HKLM\..\RunOnce: [windu.exe] C:\WINDOWS\windu.exe
O4 - HKLM\..\RunOnce: [winiz32.exe] C:\WINDOWS\system32\winiz32.exe
O4 - HKLM\..\RunOnce: [iesy32.exe] C:\WINDOWS\iesy32.exe
O4 - HKLM\..\RunOnce: [netit.exe] C:\WINDOWS\netit.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38088.5319444444
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Anti-SpyWare: Hijackthis
Anti-Virus: Ad-aware, Spybot
Browser: IE
Firewall: Kerio Personal Firewall
OS: Win XP

© Copyright 1998-2004 Newbie dot Org -- All rights reserved --
This site maintained by Galaxy Website Design


--|--