Options
Can't run program (Low disk space warning) and blank browser popup
Hi. I'm having the following probs on my laptop:
- Cannot run some programs like Solidworks. Sys prompted low disk space when i have 9 gb free space
- Blank browser popup on startup (about:blank - --????www.haoyy.net--)
Pls help me thanx! need the program to do my project urgently
Below is the log file from HijiackThis:
Logfile of HijackThis v1.99.1
Scan saved at 1:54:40 PM, on 10/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
C:\Program Files\msnshell\msnshell.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\xxx\Application Data\MyKey IBM\MyKey IBM.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\Program Files\SMC\SMC2635W Wireless Cardbus Adapter Utility\drivers\WINXP\SMCRMonitor.exe
C:\Downloads\hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [^ヤMr{o:\WINDO\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ワ({oo:\WIND\\a$釚C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [MSNShell] C:\Program Files\msnshell\msnshell.exe autorun
O4 - HKLM\..\Run: [C:\WP魯OWS\oajvnq;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CP聾INDOWS1<ajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [Nonai] C:\Program Files\Hnygl\Klflsto.exe
O4 - HKLM\..\Run: [U61魯OWS\,,nq;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [U61魯OWS\,\,;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [U6・魯OWS\,\,\xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOWS\oajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤMr{o:\WI3ヤO\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤMrv-:\WI3ヤO\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WINDOW foajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WINDOW fx]jvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{o:\WI3ヤO\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0xーj\WI3ヤ^#\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{o:\WINDO\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{o:IsIN^#\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{xIsI^#N\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WINDOW foajvnq^#xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB0INDOW foajvnq^#xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB0INDOW fx]jvnq^NC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB0INDOW fx]jvnqNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB0INDOGGfxNvnqNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB0xーNDOGGfxNvnqNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB0xーNDOGGjNvnqNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤMr{o:\WINDOGG^#a\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WI3ヤOW fマNbュサ1蹐:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WI3ヤOW fマNbュサ1ーC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WI3ヤOGGfマNュサ1ーC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WI3ヤOGGfマGGュサ1ーC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<03ヤOGGfマGGョヌ1ーC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\W[DOWS\oajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\W[DOW^#oajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WB<DOWS\oajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C0WB<DOWS\oajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C0WB<DOWS3ヤajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: []PWB<DOWS3ヤajv・exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: []PWB<DOWS^#ajv・exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOWS\oajvn] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤMr{o:\W^#N\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤMr{x\W^^#\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤMr{j\W^GG\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{v-\W^GG\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{v-Is^GG\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{v-Is^#N\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{v・ご脆゚fマNC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDO[\oajvnq*xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{o:\W^#N\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0v-:\W^#N\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0v・ご脆゚fマNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0xー・ご脆マ'マNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0xーxー/ご脆マ'マNC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0xーxー/ご脆゚fマNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0xー・ご積'゚fマNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<0NDOW foajv・exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WINDOW j]jvnq^#xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<0NDOW j]jv#xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<0NDOWGGj]jv・] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WIND[S\oajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WIND[t゚\x]jvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WIND[t゚Nル]jvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WIND[t゚NルNvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C0WIND[t゚NルNvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C0WIND[t゚NルGGvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WINDOGGfoajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WI3ヤOG^#マNbュサ1蹐:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WI3ヤOG^^#Nュサ1蹐:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WI3ヤOG^GGNュサ1蹐:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [wBa0o8y] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [wBa0o8ykg:^#Nbュサ1C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [wBa0o8ykg:^#Nbュサ$ヒユC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [wBa0o8ykg:3ヤGGbュサ$ヒユC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB0I3ヤOW fマNbュサ1蹐:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDO[\x]jvnq*xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOGG^#Nvnq*TC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOGG3ヤGGvnq*TC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOGG3ヤGGvnq*NC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOGGGヤGNnq*NC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^チv-o:\WINDOI8\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤMrv-:\WINDO\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINB<W.ノoajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C0WINB<W.ノoajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C0WINB<W.ノoajvnq^#xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C0WINB<GGノoajvnq^#xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: []PWINB<GGノoajv#xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOWS^#ajvn] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOWS^^#jvn] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOWS3ヤ#jvn] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [C:\WINDOWS^#Nvn] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [IEXPLORE.EXE] IEXPLORE.EXE about:blank
O4 - HKCU\..\Run: [MyKey IBM] C:\Documents and Settings\xxx\Application Data\MyKey IBM\MyKey IBM.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SMC2635W Wireless Cardbus Adapter Utility.lnk = C:\Program Files\SMC\SMC2635W Wireless Cardbus Adapter Utility\drivers\WINXP\SMCRMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: °U¶EENE÷°eAA - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [!IESearch] !IESearch
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121585157785
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - http://www.friendster.com/emailimport/ms/emailimport.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.zorpia.com/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab
O16 - DPF: {CD79C574-4775-4A42-A66B-D7071AE095AF} (SlideViewerOcx Control) - http://presentur.ntu.edu.sg/aculearn-idm/dlls/SlideViewer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: mp3 - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
O23 - Service: ZipToA - Unknown owner - C:\WINDOWS\System32\ZipToA.exe (file missing)
- Cannot run some programs like Solidworks. Sys prompted low disk space when i have 9 gb free space
- Blank browser popup on startup (about:blank - --????www.haoyy.net--)
Pls help me thanx! need the program to do my project urgently
Below is the log file from HijiackThis:
Logfile of HijackThis v1.99.1
Scan saved at 1:54:40 PM, on 10/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
C:\Program Files\msnshell\msnshell.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\xxx\Application Data\MyKey IBM\MyKey IBM.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\Program Files\SMC\SMC2635W Wireless Cardbus Adapter Utility\drivers\WINXP\SMCRMonitor.exe
C:\Downloads\hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [^ヤMr{o:\WINDO\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ワ({oo:\WIND\\a$釚C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [MSNShell] C:\Program Files\msnshell\msnshell.exe autorun
O4 - HKLM\..\Run: [C:\WP魯OWS\oajvnq;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CP聾INDOWS1<ajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [Nonai] C:\Program Files\Hnygl\Klflsto.exe
O4 - HKLM\..\Run: [U61魯OWS\,,nq;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [U61魯OWS\,\,;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [U6・魯OWS\,\,\xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOWS\oajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤMr{o:\WI3ヤO\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤMrv-:\WI3ヤO\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WINDOW foajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WINDOW fx]jvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{o:\WI3ヤO\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0xーj\WI3ヤ^#\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{o:\WINDO\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{o:IsIN^#\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{xIsI^#N\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WINDOW foajvnq^#xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB0INDOW foajvnq^#xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB0INDOW fx]jvnq^NC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB0INDOW fx]jvnqNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB0INDOGGfxNvnqNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB0xーNDOGGfxNvnqNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB0xーNDOGGjNvnqNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤMr{o:\WINDOGG^#a\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WI3ヤOW fマNbュサ1蹐:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WI3ヤOW fマNbュサ1ーC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WI3ヤOGGfマNュサ1ーC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WI3ヤOGGfマGGュサ1ーC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<03ヤOGGfマGGョヌ1ーC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\W[DOWS\oajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\W[DOW^#oajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WB<DOWS\oajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C0WB<DOWS\oajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C0WB<DOWS3ヤajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: []PWB<DOWS3ヤajv・exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: []PWB<DOWS^#ajv・exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOWS\oajvn] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤMr{o:\W^#N\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤMr{x\W^^#\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤMr{j\W^GG\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{v-\W^GG\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{v-Is^GG\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{v-Is^#N\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{v・ご脆゚fマNC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDO[\oajvnq*xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{o:\W^#N\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0v-:\W^#N\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0v・ご脆゚fマNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0xー・ご脆マ'マNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0xーxー/ご脆マ'マNC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0xーxー/ご脆゚fマNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0xー・ご積'゚fマNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<0NDOW foajv・exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WINDOW j]jvnq^#xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<0NDOW j]jv#xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<0NDOWGGj]jv・] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WIND[S\oajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WIND[t゚\x]jvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WIND[t゚Nル]jvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WIND[t゚NルNvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C0WIND[t゚NルNvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C0WIND[t゚NルGGvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WINDOGGfoajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WI3ヤOG^#マNbュサ1蹐:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WI3ヤOG^^#Nュサ1蹐:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WI3ヤOG^GGNュサ1蹐:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [wBa0o8y] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [wBa0o8ykg:^#Nbュサ1C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [wBa0o8ykg:^#Nbュサ$ヒユC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [wBa0o8ykg:3ヤGGbュサ$ヒユC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB0I3ヤOW fマNbュサ1蹐:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDO[\x]jvnq*xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOGG^#Nvnq*TC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOGG3ヤGGvnq*TC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOGG3ヤGGvnq*NC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOGGGヤGNnq*NC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^チv-o:\WINDOI8\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤMrv-:\WINDO\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINB<W.ノoajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C0WINB<W.ノoajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C0WINB<W.ノoajvnq^#xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C0WINB<GGノoajvnq^#xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: []PWINB<GGノoajv#xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOWS^#ajvn] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOWS^^#jvn] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOWS3ヤ#jvn] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [C:\WINDOWS^#Nvn] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [IEXPLORE.EXE] IEXPLORE.EXE about:blank
O4 - HKCU\..\Run: [MyKey IBM] C:\Documents and Settings\xxx\Application Data\MyKey IBM\MyKey IBM.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SMC2635W Wireless Cardbus Adapter Utility.lnk = C:\Program Files\SMC\SMC2635W Wireless Cardbus Adapter Utility\drivers\WINXP\SMCRMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: °U¶EENE÷°eAA - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [!IESearch] !IESearch
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121585157785
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - http://www.friendster.com/emailimport/ms/emailimport.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.zorpia.com/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab
O16 - DPF: {CD79C574-4775-4A42-A66B-D7071AE095AF} (SlideViewerOcx Control) - http://presentur.ntu.edu.sg/aculearn-idm/dlls/SlideViewer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: mp3 - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
O23 - Service: ZipToA - Unknown owner - C:\WINDOWS\System32\ZipToA.exe (file missing)
0
Comments
===
Move HJT to your C: so backups can be created. Do this before continuing.
===
Download CWShredder 2.15 from here. Check for updates first and then Run it and press the *fix,* not scan and allow it to clean the infection. Close all browser and explorer windows before hitting the fix button.
===
Disable System Restore - explained here
View hidden files and folders - explained here
Go into Safe Mode - explained here
===
Check the following in HJT and click 'Fix Checked'
O4 - HKLM\..\Run: [^ヤMr{o:\WINDO\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ワ({oo:\WIND\\a$釚C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WP魯OWS\oajvnq;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CP聾INDOWS1<ajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [Nonai] C:\Program Files\Hnygl\Klflsto.exe
O4 - HKLM\..\Run: [U61魯OWS\,,nq;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [U61魯OWS\,\,;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [U6・魯OWS\,\,\xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOWS\oajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤMr{o:\WI3ヤO\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤMrv-:\WI3ヤO\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WINDOW foajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WINDOW fx]jvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{o:\WI3ヤO\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0xーj\WI3ヤ^#\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{o:\WINDO\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{o:IsIN^#\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{xIsI^#N \oa\ C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WINDOW foajvnq^#xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB0INDOW foajvnq^#xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB0INDOW fx]jvnq^N C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB0INDOW fx]jvnqN bC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB0INDOGGfxN vnqN bC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB0xーNDOGGfxN vnqN bC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB0xーNDOGGjN vnqN bC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤMr{o:\WINDOGG^#a\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WI3ヤOW fマNbュサ1蹐:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WI3ヤOW fマNbュサ1ーC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WI3ヤOGGfマN ュサ1ーC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WI3ヤOGGfマGGュサ1ーC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<03ヤOGGfマGGョヌ1ーC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\W[DOWS\oajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\W[DOW^#oajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WB<DOWS\oajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C0WB<DOWS\oajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C0WB<DOWS3ヤajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: []PWB<DOWS3ヤajv・exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: []PWB<DOWS^#ajv・exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOWS\oajvn] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤMr{o:\W^#N \\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤMr{x\W^^# \\oa\ C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤMr{j\W^GG \\oa\ C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{v-\W^GG \\oa\ C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{v-Is^GG \\oa\ C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{v-Is^#N \\oa\ C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{v・ご脆゚fマNC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDO[\oajvnq*xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0{o:\W^#N \\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0v-:\W^#N \\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0v・ご脆゚fマNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0xー・ご脆マ'マNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0xーxー/ご脆マ'マNC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0xーxー/ご脆゚fマNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤ0xー・ご積'゚fマNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<0NDOW foajv・exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WINDOW j]jvnq^#xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<0NDOW j]jv#xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<0NDOWGGj]jv・] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WIND[S\oajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WIND[t゚\x]jvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WIND[t゚Nル]jvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WIND[t゚NルN vnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C0WIND[t゚NルN vnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C0WIND[t゚NルGGvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WINDOGGfoajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WI3ヤOG^#マNbュサ1蹐:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WI3ヤOG^^#N ュサ1蹐:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB<WI3ヤOG^GGN ュサ1蹐:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [wBa0o8y] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [wBa0o8ykg:^#N bュサ1C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [wBa0o8ykg:^#N bュサ$ヒユC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [wBa0o8ykg:3ヤGGbュサ$ヒユC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [CB0I3ヤOW fマNbュサ1蹐:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDO[\x]jvnq*xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOGG^#N vnq*TC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOGG3ヤGGvnq*TC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOGG3ヤGGvnq*NC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOGGGヤGN nq*NC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^チv-o:\WINDOI8\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [^ヤMrv-:\WINDO\\oa\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINB<W.ノoajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C0WINB<W.ノoajvnq.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C0WINB<W.ノoajvnq^#xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C0WINB<GGノoajvnq^#xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: []PWINB<GGノoajv#xC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOWS^#ajvn] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOWS^^#jvn] C:\WINDOWS\oajvnq.exe
O4 - HKLM\..\Run: [C:\WINDOWS3ヤ#jvn] C:\WINDOWS\oajvnq.exe
O4 - HKCU\..\Run: [IEXPLORE.EXE] IEXPLORE.EXE about:blank
O9 - Extra button: °U¶EENE÷°eAA - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab
O18 - Protocol: mp3 - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no file)
===
Still in Safe Mode, remove the following:
C:\WINB << This file or folder
C:\WINDOWS\oajvnq.exe << This file
===
Run CWSredder again
===
Reboot into Normal Mode and enable System Restore (same link as disabling)
===
Post a new HJT log