Jump to content


Photo

Getting rid of mfcwj32.exe


  • Please log in to reply
1 reply to this topic

#1 unholydreadlord

unholydreadlord

    Member

  • New Member
  • Pip
  • 2 posts

Posted 29 June 2004 - 10:16 PM

I've been having a ton of problems trying to get rid of a bunch of stuff off of my computer. I think i got rid of most of it, but i can't seem to get rid of mfcwj32.exe. Also, some of this other stuff seems new. i've went through the faq and have asked many friends for help. I also used to be able to remove this stuff by myself, but this one seems to be deeply rooted and fairly new, because none of the programs (even after updates) recognize this as spyware. here's my terrible lookin log, and extra thanks for your time.

Logfile of HijackThis v1.97.7
Scan saved at 11:09:08 PM, on 6/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
H:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
H:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\ipfv32.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\PROGRA~1\Keyboard\Ikeymain.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
H:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
H:\Program Files\UltraMon\UltraMon.exe
H:\Program Files\UltraMon\UltraMonTaskbar.exe
F:\mirc\mirc32.exe
C:\Program Files\AIM95\aim.exe
C:\WINNT\system32\netit32.exeC:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Zinf\zinf.exe
G:\Program Files\PTC\PTC.exe
G:\download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\fkeve.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://fkeve.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://fkeve.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\fkeve.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://fkeve.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\fkeve.dll/sp.html#96676
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - h:\program files\adobe\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {8A16A148-9DB1-FA9C-5B87-4B006016E13C} - C:\WINNT\system32\appuz.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KenKeybd] h:\PROGRA~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [vptray] H:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [mfcwj32.exe] C:\WINNT\system32\mfcwj32.exe
O4 - HKLM\..\Run: [netit32.exe] C:\WINNT\system32\netit32.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Steam] "f:\program files\steam\steam.exe" -silent
O4 - HKLM\..\RunOnce: [d3ms.exe] C:\WINNT\d3ms.exe
O4 - HKLM\..\RunOnce: [appgq32.exe] C:\WINNT\system32\appgq32.exe
O4 - HKLM\..\RunOnce: [ipfo.exe] C:\WINNT\system32\ipfo.exe
O4 - HKLM\..\RunOnce: [addvs.exe] C:\WINNT\system32\addvs.exe
O4 - HKLM\..\RunOnce: [javazg.exe] C:\WINNT\system32\javazg.exe
O4 - HKLM\..\RunOnce: [ntdy32.exe] C:\WINNT\system32\ntdy32.exe
O4 - HKLM\..\RunOnce: [sysjb32.exe] C:\WINNT\system32\sysjb32.exe
O4 - HKLM\..\RunOnce: [iegu32.exe] C:\WINNT\iegu32.exe
O4 - HKLM\..\RunOnce: [appwb32.exe] C:\WINNT\appwb32.exe
O4 - HKLM\..\RunOnce: [sdknz.exe] C:\WINNT\system32\sdknz.exe
O4 - Startup: UltraMon.lnk = H:\Program Files\UltraMon\UltraMon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: cpcScanner - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard..../wowbeta/si.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pu...er/isetupML.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.1_07) - http://drexel.blackb...e-1_3_1-win.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7650.8844444444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://hate.squares...vex/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{22E91E59-623B-4852-9FA0-804A653D1829}: NameServer = 68.80.0.5,68.80.0.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{C08B24F0-3AE6-4943-B6ED-4E85C786263F}: NameServer = 68.80.0.5,68.80.0.6

#2 unholydreadlord

unholydreadlord

    Member

  • New Member
  • Pip
  • 2 posts

Posted 22 July 2004 - 09:28 PM

no reply?--what did i do wrong? :/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button