HijackThis Log (help please)

Discussion in 'adware, spyware & hijack cleaning' started by RipAndTear, Jun 25, 2004.

Thread Status:
Not open for further replies.
  1. RipAndTear

    RipAndTear Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    3
    This netqp32.exe file keeps adding itself to my startup menu without asking permission with Spybot. Also, when I try to open Internet Explorer, a bunch of Spybot requests pop up and Explorer won't load any pages, unless I delete the HKCU's, HKLM's, and BHO's beforehand (they'll come back soon enough though). Also, Spybot will find 5 entries of a DSO exploit (and remove them) every time I run it. Please help... ;)

    Logfile of HijackThis v1.97.7
    Scan saved at 00:32:33, on 2004-07-13
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\netqp32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\CTSvcCDA.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\WINDOWS\System32\NMSSvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\iemw.exe
    C:\WINDOWS\appbu32.exe
    C:\Program Files\Winamp\Winamp.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kawyo.dll/sp.html#96676
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://kawyo.dll/index.html#96676
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://kawyo.dll/index.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kawyo.dll/sp.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://kawyo.dll/index.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kawyo.dll/sp.html#96676
    O2 - BHO: (no name) - {F18B8F19-2940-0876-54D4-FBE52283D28C} - C:\WINDOWS\system32\atlrw32.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [netqp32.exe] C:\WINDOWS\system32\netqp32.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKLM\..\RunOnce: [iemw.exe] C:\WINDOWS\system32\iemw.exe
    O4 - HKLM\..\RunOnce: [appbu32.exe] C:\WINDOWS\appbu32.exe
    O4 - HKLM\..\RunOnce: [crqs32.exe] C:\WINDOWS\system32\crqs32.exe
    O4 - HKLM\..\RunOnce: [winui.exe] C:\WINDOWS\system32\winui.exe
    O4 - HKLM\..\RunOnce: [sdkhl.exe] C:\WINDOWS\sdkhl.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
     
    Last edited: Jul 13, 2004
  2. RipAndTear

    RipAndTear Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    3
  3. RipAndTear

    RipAndTear Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    3
    Any way to get help? o_O
     
Thread Status:
Not open for further replies.