HijackThis Log (help please)

RipAndTear · Jul 13, 2004

This netqp32.exe file keeps adding itself to my startup menu without asking permission with Spybot. Also, when I try to open Internet Explorer, a bunch of Spybot requests pop up and Explorer won't load any pages, unless I delete the HKCU's, HKLM's, and BHO's beforehand (they'll come back soon enough though). Also, Spybot will find 5 entries of a DSO exploit (and remove them) every time I run it. Please help...

Logfile of HijackThis v1.97.7
Scan saved at 00:32:33, on 2004-07-13
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\netqp32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\iemw.exe
C:\WINDOWS\appbu32.exe
C:\Program Files\Winamp\Winamp.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kawyo.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://kawyo.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://kawyo.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kawyo.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://kawyo.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kawyo.dll/sp.html#96676
O2 - BHO: (no name) - {F18B8F19-2940-0876-54D4-FBE52283D28C} - C:\WINDOWS\system32\atlrw32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [netqp32.exe] C:\WINDOWS\system32\netqp32.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\RunOnce: [iemw.exe] C:\WINDOWS\system32\iemw.exe
O4 - HKLM\..\RunOnce: [appbu32.exe] C:\WINDOWS\appbu32.exe
O4 - HKLM\..\RunOnce: [crqs32.exe] C:\WINDOWS\system32\crqs32.exe
O4 - HKLM\..\RunOnce: [winui.exe] C:\WINDOWS\system32\winui.exe
O4 - HKLM\..\RunOnce: [sdkhl.exe] C:\WINDOWS\sdkhl.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)

RipAndTear · Jun 27, 2004

bump..

RipAndTear · Jul 13, 2004

Any way to get help?

Log in or Sign up

HijackThis Log (help please)

RipAndTear Registered Member

RipAndTear Registered Member

RipAndTear Registered Member

Log in or Sign up

HijackThis Log (help please)

RipAndTear Registered Member

RipAndTear Registered Member

RipAndTear Registered Member

Useful Searches