about:blank [CLOSED]

hi i sure could use some help tried everything you said.. favorites keep poping up we didnt put in, cant hold home page, coolweb keeps popping up.. we have programs popping up in add and remove that we didnt install... cant get rid of them.. please help if you can..
thanks
reen58

Logfile of HijackThis v1.99.1
Scan saved at 11:30:52 PM, on 5/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\RAM Idle\RAM_XP.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\appsp32.exe
C:\Documents and Settings\chris rugen\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\irlgs.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\irlgs.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\irlgs.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\irlgs.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\irlgs.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\irlgs.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = aroundmaine.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\irlgs.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = aroundmaine.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = aroundmaine.com
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {7B9F0EE4-BFCC-13BF-7127-EC3A3BA67B92} - C:\WINDOWS\sdkxz32.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking\Program\Ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking\Program\ereg.ini"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_XP.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [Ad-Protect] C:\Program Files\Ad-Protect\ad-protect.exe /s
O4 - HKLM\..\Run: [winow32.exe] C:\WINDOWS\system32\winow32.exe
O4 - HKLM\..\Run: [appsp32.exe] C:\WINDOWS\system32\appsp32.exe
O4 - HKLM\..\RunOnce: [crhp32.exe] C:\WINDOWS\crhp32.exe
O4 - HKLM\..\RunOnce: [atlsj.exe] C:\WINDOWS\atlsj.exe
O4 - HKLM\..\RunOnce: [winar32.exe] C:\WINDOWS\system32\winar32.exe
O4 - HKLM\..\RunOnce: [netui.exe] C:\WINDOWS\netui.exe
O4 - HKLM\..\RunOnce: [d3eo.exe] C:\WINDOWS\system32\d3eo.exe
O4 - HKLM\..\RunOnce: [d3uh.exe] C:\WINDOWS\d3uh.exe
O4 - HKLM\..\RunOnce: [netlh.exe] C:\WINDOWS\netlh.exe
O4 - HKLM\..\RunOnce: [sysyt32.exe] C:\WINDOWS\sysyt32.exe
O4 - HKLM\..\RunOnce: [netdf.exe] C:\WINDOWS\netdf.exe
O4 - HKLM\..\RunOnce: [sysri.exe] C:\WINDOWS\sysri.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuke...erInstaller.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c139.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberli...xp/CheckDVD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104871622000
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipcu32.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:55:24 PM, 5/30/2005
+ Report-Checksum: CBDD8F38

+ Date of database: 5/31/2005
+ Version of scan engine: v3.0

+ Duration: 17 min
+ Scanned Files: 63251
+ Speed: 60.85 Files/Second
+ Infected files: 109
+ Removed files: 109
+ Files put in quarantine: 109
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\WINDOWS\system32\crbc.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\crcq.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\crcr32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\crdf32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\crhf.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\crjm32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\crjz.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\crjz32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\crlk32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\croy32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\crrf.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\crrf.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\crue.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\crwm.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\crzs.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\d3gm.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\d3lq.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\d3sm32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\d3uv32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\d3xw32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\egjqz.dll -> Spyware.SearchPage -> Cleaned with backup
C:\WINDOWS\system32\iedf.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\ieft.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\iegf.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\iegp.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\iejx.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\ielp32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\ierq.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\ietr.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\iezb.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\ipau.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\ipfx.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\iplz.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\ipmp32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\ippy.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\ipus32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\javamp.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\javani32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\javauu.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\javauw32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\mfcba.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\mfcbj.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\mfcbm32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\mfcgi.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\mfciy32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\mfcxc.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\mfcxp.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\mfcyc.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\mfczv32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\msdw.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\mshv32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\msir32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\msri.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\msso32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\mstk.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\msxc32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\mszk.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\nethp.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\netiy32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\netkq32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\netmv.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\netor.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\netzh.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\ntav32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\ntde.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\ntdn32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\ntef32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\ntgu32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\ntkf.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\ntmt.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\ntyb.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\sdkao32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\sdkdh.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\sdkgz32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\sdkjh32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\sdkjh32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\sdkop32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\sdkri32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\sdksu32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\sdkti32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\sdkuy32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\sdkvs32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\sdkwy32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\sdkxs32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\sysaa32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\sysbj32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\sysbx32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\sysfu32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\syslz32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\sysrl.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\systa32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\syswm32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\sysxi.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\sysyw.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\winal.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\winmi32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\winna.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\winoe.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\winox.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\winpc.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\winpy.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\winus32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\winxk.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\syswo.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\winhk.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\winit32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\winkv32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\winum32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\__delete_on_reboot__d3ui32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup

::Report End

Hello, ok, please follow these instructions carefully!

Please read through the instructions before you start (you may want to print this out).

Please download and install these programs - don't run them yet!!

Please download and unzip
About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.
AboutBuster MUST be updated before you use it.
Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.

Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first.

Download and unzip cwsserviceremove to your desktop.
cwsserviceremove.reg

Download CW-Shredder at the link below:
http://cwshredder.ne.../CWShredder.exe

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

For anyone using Windows XP, 'Search' will not automatically show hidden files even if your folder options settings are set to do that. Do this so you can see hidden files and folders - click here http://www.davehigha...ds/xphidden.zip to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes.

+++++++++++++++++++++++++++++++++++++++++++++++++

Here's the fix:

Important Step
1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:

Network Security Service

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps.

2. Reboot into SafeMode. <---MAKE SURE YOU KNOW HOW TO DO THIS!!

3. CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following, then click "Fix Checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\irlgs.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\irlgs.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\irlgs.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\irlgs.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\irlgs.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\irlgs.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\irlgs.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {7B9F0EE4-BFCC-13BF-7127-EC3A3BA67B92} - C:\WINDOWS\sdkxz32.dll
O4 - HKLM\..\Run: [winow32.exe] C:\WINDOWS\system32\winow32.exe
O4 - HKLM\..\Run: [appsp32.exe] C:\WINDOWS\system32\appsp32.exe
O4 - HKLM\..\RunOnce: [crhp32.exe] C:\WINDOWS\crhp32.exe
O4 - HKLM\..\RunOnce: [atlsj.exe] C:\WINDOWS\atlsj.exe
O4 - HKLM\..\RunOnce: [winar32.exe] C:\WINDOWS\system32\winar32.exe
O4 - HKLM\..\RunOnce: [netui.exe] C:\WINDOWS\netui.exe
O4 - HKLM\..\RunOnce: [d3eo.exe] C:\WINDOWS\system32\d3eo.exe
O4 - HKLM\..\RunOnce: [d3uh.exe] C:\WINDOWS\d3uh.exe
O4 - HKLM\..\RunOnce: [netlh.exe] C:\WINDOWS\netlh.exe
O4 - HKLM\..\RunOnce: [sysyt32.exe] C:\WINDOWS\sysyt32.exe
O4 - HKLM\..\RunOnce: [netdf.exe] C:\WINDOWS\netdf.exe
O4 - HKLM\..\RunOnce: [sysri.exe] C:\WINDOWS\sysri.exe
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipcu32.exe" /s (file missing)

4. Delete the following files if present:
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

C:\WINDOWS\ipcu32.exe << This file
C:\WINDOWS\sysri.exe << This file
C:\WINDOWS\netdf.exe << This file
C:\WINDOWS\sysyt32.exe << This file
C:\WINDOWS\netlh.exe << This file
C:\WINDOWS\d3uh.exe << This file
C:\WINDOWS\system32\d3eo.exe << This file
C:\WINDOWS\netui.exe << This file
C:\WINDOWS\system32\winar32.exe << This file
C:\WINDOWS\atlsj.exe << This file
C:\WINDOWS\crhp32.exe << This file
C:\WINDOWS\system32\appsp32.exe << This file
C:\WINDOWS\system32\winow32.exe << This file
C:\WINDOWS\sdkxz32.dll << This file
C:\WINDOWS\irlgs.dll << This file

5. Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

6. Scan with AdAware and let it remove any bad files found.

7. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

8. Double click on the cwsserviceremove and when asked to merge say yes.

9. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

10. Reboot into normal mode.

11. Download the Hoster from here hoster Press "Restore Original Hosts" and press "OK". Exit Program.

then reboot and post a fresh Hijack This log to see how we did.

#1
reen58

Posted 30 May 2005 - 09:46 PM

Advertisements

#2
pomp

Posted 31 May 2005 - 04:51 AM

#3
Kat

Posted 26 August 2005 - 01:36 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us