Post #1 HJT Log (too long for one post)

354 · 08-15-2005, 10:01 AM

Here is my HJT log. I have the SearchClick malware and Ad_Aware SE won't remove it.

Logfile of HijackThis v1.99.1
Scan saved at 2:43:24 AM, on 8/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\ipaj32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {FDC8ED78-97D9-350C-2852-74C9718542E6} - C:\WINDOWS\system32\d3vu.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\todd\LOCALS~1\Temp\app2.tmp
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [ipoz.exe] C:\WINDOWS\system32\ipoz.exe
O4 - HKLM\..\Run: [mfcgi.exe] C:\WINDOWS\mfcgi.exe
O4 - HKLM\..\Run: [addkm32.exe] C:\WINDOWS\addkm32.exe
O4 - HKLM\..\Run: [sdkjz32.exe] C:\WINDOWS\sdkjz32.exe
O4 - HKLM\..\Run: [mfcda32.exe] C:\WINDOWS\mfcda32.exe
O4 - HKLM\..\Run: [sdknz.exe] C:\WINDOWS\system32\sdknz.exe
O4 - HKLM\..\Run: [sdkhc32.exe] C:\WINDOWS\sdkhc32.exe
O4 - HKLM\..\Run: [sysdo32.exe] C:\WINDOWS\sysdo32.exe
O4 - HKLM\..\Run: [ipaj32.exe] C:\WINDOWS\system32\ipaj32.exe
O4 - HKLM\..\RunOnce: [ipya.exe] C:\WINDOWS\ipya.exe
O4 - HKLM\..\RunOnce: [d3ki32.exe] C:\WINDOWS\d3ki32.exe
O4 - HKLM\..\RunOnce: [winmp.exe] C:\WINDOWS\winmp.exe
O4 - HKLM\..\RunOnce: [sysao.exe] C:\WINDOWS\sysao.exe
O4 - HKLM\..\RunOnce: [ieyz.exe] C:\WINDOWS\system32\ieyz.exe
O4 - HKLM\..\RunOnce: [sysqf32.exe] C:\WINDOWS\system32\sysqf32.exe
O4 - HKLM\..\RunOnce: [netzn32.exe] C:\WINDOWS\system32\netzn32.exe
O4 - HKLM\..\RunOnce: [sdkmp.exe] C:\WINDOWS\sdkmp.exe
O4 - HKLM\..\RunOnce: [winkm32.exe] C:\WINDOWS\winkm32.exe
O4 - HKLM\..\RunOnce: [javajq.exe] C:\WINDOWS\javajq.exe
O4 - HKLM\..\RunOnce: [mfcye32.exe] C:\WINDOWS\mfcye32.exe
O4 - HKLM\..\RunOnce: [ielg32.exe] C:\WINDOWS\ielg32.exe
O4 - HKLM\..\RunOnce: [sdkgv32.exe] C:\WINDOWS\sdkgv32.exe
O4 - HKLM\..\RunOnce: [javazo32.exe] C:\WINDOWS\system32\javazo32.exe
O4 - HKLM\..\RunOnce: [d3zs.exe] C:\WINDOWS\d3zs.exe
O4 - HKLM\..\RunOnce: [appso.exe] C:\WINDOWS\appso.exe
O4 - HKLM\..\RunOnce: [winny32.exe] C:\WINDOWS\system32\winny32.exe
O4 - HKLM\..\RunOnce: [mfcwl32.exe] C:\WINDOWS\system32\mfcwl32.exe
O4 - HKLM\..\RunOnce: [appzo32.exe] C:\WINDOWS\appzo32.exe
O4 - HKLM\..\RunOnce: [msyc32.exe] C:\WINDOWS\system32\msyc32.exe
O4 - HKLM\..\RunOnce: [ntee.exe] C:\WINDOWS\ntee.exe
O4 - HKLM\..\RunOnce: [javaxf32.exe] C:\WINDOWS\javaxf32.exe
O4 - HKLM\..\RunOnce: [ntbh.exe] C:\WINDOWS\system32\ntbh.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Moaa] C:\Documents and Settings\todd\Application Data\leea.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] C:\Program Files\Creative\SBAudigy2\Program\Startup Menu\ChkColor.EXE
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - Startup: Epson scanner Registration.lnk = D:\Titles\E_Reg\EPSONREG.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
O4 - Global Startup: Reboot.exe
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

08-15-2005, 10:01 AM	#1 (permalink)
354 New Member Join Date: Aug 2005 Age: 44 Posts: 12	Post #1 HJT Log (too long for one post) Here is my HJT log. I have the SearchClick malware and Ad_Aware SE won't remove it. Logfile of HijackThis v1.99.1 Scan saved at 2:43:24 AM, on 8/15/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\D-Link\Air Utility\AirCFG.exe C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\ipaj32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Class - {FDC8ED78-97D9-350C-2852-74C9718542E6} - C:\WINDOWS\system32\d3vu.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\todd\LOCALS~1\Temp\app2.tmp O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe O4 - HKLM\..\Run: [ipoz.exe] C:\WINDOWS\system32\ipoz.exe O4 - HKLM\..\Run: [mfcgi.exe] C:\WINDOWS\mfcgi.exe O4 - HKLM\..\Run: [addkm32.exe] C:\WINDOWS\addkm32.exe O4 - HKLM\..\Run: [sdkjz32.exe] C:\WINDOWS\sdkjz32.exe O4 - HKLM\..\Run: [mfcda32.exe] C:\WINDOWS\mfcda32.exe O4 - HKLM\..\Run: [sdknz.exe] C:\WINDOWS\system32\sdknz.exe O4 - HKLM\..\Run: [sdkhc32.exe] C:\WINDOWS\sdkhc32.exe O4 - HKLM\..\Run: [sysdo32.exe] C:\WINDOWS\sysdo32.exe O4 - HKLM\..\Run: [ipaj32.exe] C:\WINDOWS\system32\ipaj32.exe O4 - HKLM\..\RunOnce: [ipya.exe] C:\WINDOWS\ipya.exe O4 - HKLM\..\RunOnce: [d3ki32.exe] C:\WINDOWS\d3ki32.exe O4 - HKLM\..\RunOnce: [winmp.exe] C:\WINDOWS\winmp.exe O4 - HKLM\..\RunOnce: [sysao.exe] C:\WINDOWS\sysao.exe O4 - HKLM\..\RunOnce: [ieyz.exe] C:\WINDOWS\system32\ieyz.exe O4 - HKLM\..\RunOnce: [sysqf32.exe] C:\WINDOWS\system32\sysqf32.exe O4 - HKLM\..\RunOnce: [netzn32.exe] C:\WINDOWS\system32\netzn32.exe O4 - HKLM\..\RunOnce: [sdkmp.exe] C:\WINDOWS\sdkmp.exe O4 - HKLM\..\RunOnce: [winkm32.exe] C:\WINDOWS\winkm32.exe O4 - HKLM\..\RunOnce: [javajq.exe] C:\WINDOWS\javajq.exe O4 - HKLM\..\RunOnce: [mfcye32.exe] C:\WINDOWS\mfcye32.exe O4 - HKLM\..\RunOnce: [ielg32.exe] C:\WINDOWS\ielg32.exe O4 - HKLM\..\RunOnce: [sdkgv32.exe] C:\WINDOWS\sdkgv32.exe O4 - HKLM\..\RunOnce: [javazo32.exe] C:\WINDOWS\system32\javazo32.exe O4 - HKLM\..\RunOnce: [d3zs.exe] C:\WINDOWS\d3zs.exe O4 - HKLM\..\RunOnce: [appso.exe] C:\WINDOWS\appso.exe O4 - HKLM\..\RunOnce: [winny32.exe] C:\WINDOWS\system32\winny32.exe O4 - HKLM\..\RunOnce: [mfcwl32.exe] C:\WINDOWS\system32\mfcwl32.exe O4 - HKLM\..\RunOnce: [appzo32.exe] C:\WINDOWS\appzo32.exe O4 - HKLM\..\RunOnce: [msyc32.exe] C:\WINDOWS\system32\msyc32.exe O4 - HKLM\..\RunOnce: [ntee.exe] C:\WINDOWS\ntee.exe O4 - HKLM\..\RunOnce: [javaxf32.exe] C:\WINDOWS\javaxf32.exe O4 - HKLM\..\RunOnce: [ntbh.exe] C:\WINDOWS\system32\ntbh.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Moaa] C:\Documents and Settings\todd\Application Data\leea.exe O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] C:\Program Files\Creative\SBAudigy2\Program\Startup Menu\ChkColor.EXE O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe O4 - Startup: Epson scanner Registration.lnk = D:\Titles\E_Reg\EPSONREG.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe O4 - Global Startup: Reboot.exe O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode