Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Search Extender/Home Shopping Wizard Help Please [RESOLVED]


  • This topic is locked This topic is locked

#1
Spurs1979

Spurs1979

    New Member

  • Member
  • Pip
  • 5 posts
Hi, I cant get rid of the Search Extender/Home Shopping Wizard spyware like quite a few others I see, tried a few things but cant get anywhere. Here's my hijack this log if someone can please take a look for me, would be very gratefull.

Logfile of HijackThis v1.99.1
Scan saved at 12:35:18, on 06/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\addlf32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\mfczs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Actual Title Buttons\ActualTitleButtonsCenter.exe
C:\Program Files\Motherboard Monitor 5\MBM5.exe
C:\Documents and Settings\Matt\Start Menu\Programs\Startup\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Matt\LOCALS~1\Temp\Rar$EX00.984\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hryax.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hryax.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hryax.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hryax.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hryax.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hryax.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hryax.dll/sp.html#44768
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {F672C21B-A6D3-5A1A-57D9-FA17425A21F1} - C:\WINDOWS\system32\apinm32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [mfczs.exe] C:\WINDOWS\system32\mfczs.exe
O4 - HKLM\..\RunServices: [Windows Registry Security] crss.exe
O4 - HKLM\..\RunOnce: [sysfm32.exe] C:\WINDOWS\system32\sysfm32.exe
O4 - HKLM\..\RunOnce: [appif32.exe] C:\WINDOWS\appif32.exe
O4 - HKLM\..\RunOnce: [mfciq32.exe] C:\WINDOWS\system32\mfciq32.exe
O4 - HKLM\..\RunOnce: [javacq32.exe] C:\WINDOWS\system32\javacq32.exe
O4 - HKLM\..\RunOnce: [apixq.exe] C:\WINDOWS\apixq.exe
O4 - HKLM\..\RunOnce: [winew.exe] C:\WINDOWS\winew.exe
O4 - HKLM\..\RunOnce: [sdktu.exe] C:\WINDOWS\system32\sdktu.exe
O4 - HKLM\..\RunOnce: [iexw.exe] C:\WINDOWS\system32\iexw.exe
O4 - HKLM\..\RunOnce: [atlyl.exe] C:\WINDOWS\atlyl.exe
O4 - HKLM\..\RunOnce: [mskc.exe] C:\WINDOWS\system32\mskc.exe
O4 - HKLM\..\RunOnce: [atlyg.exe] C:\WINDOWS\atlyg.exe
O4 - HKLM\..\RunOnce: [apphg.exe] C:\WINDOWS\system32\apphg.exe
O4 - HKLM\..\RunOnce: [sdkjs32.exe] C:\WINDOWS\system32\sdkjs32.exe
O4 - HKLM\..\RunOnce: [winqo.exe] C:\WINDOWS\winqo.exe
O4 - HKLM\..\RunOnce: [winyp.exe] C:\WINDOWS\winyp.exe
O4 - HKLM\..\RunOnce: [apien.exe] C:\WINDOWS\system32\apien.exe
O4 - HKLM\..\RunOnce: [d3ic32.exe] C:\WINDOWS\d3ic32.exe
O4 - HKLM\..\RunOnce: [apikw32.exe] C:\WINDOWS\apikw32.exe
O4 - HKLM\..\RunOnce: [crhr.exe] C:\WINDOWS\system32\crhr.exe
O4 - HKLM\..\RunOnce: [sysze.exe] C:\WINDOWS\sysze.exe
O4 - HKLM\..\RunOnce: [apipp.exe] C:\WINDOWS\system32\apipp.exe
O4 - HKLM\..\RunOnce: [ntwn.exe] C:\WINDOWS\ntwn.exe
O4 - HKLM\..\RunOnce: [ippx32.exe] C:\WINDOWS\system32\ippx32.exe
O4 - HKLM\..\RunOnce: [appzq.exe] C:\WINDOWS\appzq.exe
O4 - HKLM\..\RunOnce: [mfciy32.exe] C:\WINDOWS\mfciy32.exe
O4 - HKLM\..\RunOnce: [msgv32.exe] C:\WINDOWS\system32\msgv32.exe
O4 - HKLM\..\RunOnce: [crsf.exe] C:\WINDOWS\system32\crsf.exe
O4 - HKLM\..\RunOnce: [ieeb32.exe] C:\WINDOWS\ieeb32.exe
O4 - HKLM\..\RunOnce: [windj32.exe] C:\WINDOWS\system32\windj32.exe
O4 - HKLM\..\RunOnce: [d3kh.exe] C:\WINDOWS\system32\d3kh.exe
O4 - HKLM\..\RunOnce: [ieme.exe] C:\WINDOWS\system32\ieme.exe
O4 - HKLM\..\RunOnce: [addmk32.exe] C:\WINDOWS\addmk32.exe
O4 - HKLM\..\RunOnce: [mfckr.exe] C:\WINDOWS\system32\mfckr.exe
O4 - HKLM\..\RunOnce: [javaam32.exe] C:\WINDOWS\javaam32.exe
O4 - HKLM\..\RunOnce: [javaud32.exe] C:\WINDOWS\system32\javaud32.exe
O4 - HKLM\..\RunOnce: [sysqb32.exe] C:\WINDOWS\sysqb32.exe
O4 - HKLM\..\RunOnce: [sdkpj.exe] C:\WINDOWS\sdkpj.exe
O4 - HKLM\..\RunOnce: [nettt.exe] C:\WINDOWS\system32\nettt.exe
O4 - HKLM\..\RunOnce: [sdkyi.exe] C:\WINDOWS\sdkyi.exe
O4 - HKLM\..\RunOnce: [ntfm.exe] C:\WINDOWS\ntfm.exe
O4 - HKLM\..\RunOnce: [javaww.exe] C:\WINDOWS\system32\javaww.exe
O4 - HKLM\..\RunOnce: [sdkie.exe] C:\WINDOWS\system32\sdkie.exe
O4 - HKLM\..\RunOnce: [ierv.exe] C:\WINDOWS\system32\ierv.exe
O4 - HKLM\..\RunOnce: [sdkan32.exe] C:\WINDOWS\sdkan32.exe
O4 - HKLM\..\RunOnce: [winih.exe] C:\WINDOWS\system32\winih.exe
O4 - HKLM\..\RunOnce: [crty.exe] C:\WINDOWS\crty.exe
O4 - HKLM\..\RunOnce: [appde32.exe] C:\WINDOWS\appde32.exe
O4 - HKLM\..\RunOnce: [sysvk.exe] C:\WINDOWS\system32\sysvk.exe
O4 - HKLM\..\RunOnce: [addgv.exe] C:\WINDOWS\addgv.exe
O4 - HKLM\..\RunOnce: [adduk32.exe] C:\WINDOWS\adduk32.exe
O4 - HKLM\..\RunOnce: [crze.exe] C:\WINDOWS\crze.exe
O4 - HKLM\..\RunOnce: [croz32.exe] C:\WINDOWS\system32\croz32.exe
O4 - HKLM\..\RunOnce: [sysdk.exe] C:\WINDOWS\system32\sysdk.exe
O4 - HKLM\..\RunOnce: [mfcng.exe] C:\WINDOWS\system32\mfcng.exe
O4 - HKLM\..\RunOnce: [winbm.exe] C:\WINDOWS\winbm.exe
O4 - HKLM\..\RunOnce: [appjs.exe] C:\WINDOWS\system32\appjs.exe
O4 - HKLM\..\RunOnce: [iptq32.exe] C:\WINDOWS\system32\iptq32.exe
O4 - HKLM\..\RunOnce: [winoi.exe] C:\WINDOWS\winoi.exe
O4 - HKLM\..\RunOnce: [ipxo32.exe] C:\WINDOWS\system32\ipxo32.exe
O4 - HKLM\..\RunOnce: [ieaf32.exe] C:\WINDOWS\system32\ieaf32.exe
O4 - HKLM\..\RunOnce: [d3vt32.exe] C:\WINDOWS\system32\d3vt32.exe
O4 - HKLM\..\RunOnce: [ipiv32.exe] C:\WINDOWS\ipiv32.exe
O4 - HKLM\..\RunOnce: [sdkpd.exe] C:\WINDOWS\sdkpd.exe
O4 - HKLM\..\RunOnce: [ntcp32.exe] C:\WINDOWS\system32\ntcp32.exe
O4 - HKLM\..\RunOnce: [crpz.exe] C:\WINDOWS\crpz.exe
O4 - HKLM\..\RunOnce: [javafu32.exe] C:\WINDOWS\javafu32.exe
O4 - HKLM\..\RunOnce: [appna.exe] C:\WINDOWS\system32\appna.exe
O4 - HKLM\..\RunOnce: [msmi32.exe] C:\WINDOWS\system32\msmi32.exe
O4 - HKLM\..\RunOnce: [javawo32.exe] C:\WINDOWS\javawo32.exe
O4 - HKLM\..\RunOnce: [javalj.exe] C:\WINDOWS\system32\javalj.exe
O4 - HKLM\..\RunOnce: [winlq32.exe] C:\WINDOWS\system32\winlq32.exe
O4 - HKLM\..\RunOnce: [netem.exe] C:\WINDOWS\netem.exe
O4 - HKLM\..\RunOnce: [atlve32.exe] C:\WINDOWS\system32\atlve32.exe
O4 - HKLM\..\RunOnce: [sdkyn32.exe] C:\WINDOWS\system32\sdkyn32.exe
O4 - HKLM\..\RunOnce: [msov.exe] C:\WINDOWS\system32\msov.exe
O4 - HKLM\..\RunOnce: [ipqe32.exe] C:\WINDOWS\ipqe32.exe
O4 - HKLM\..\RunOnce: [addvg.exe] C:\WINDOWS\addvg.exe
O4 - HKLM\..\RunOnce: [nettw.exe] C:\WINDOWS\nettw.exe
O4 - HKLM\..\RunOnce: [sysbj32.exe] C:\WINDOWS\system32\sysbj32.exe
O4 - HKLM\..\RunOnce: [mfcli.exe] C:\WINDOWS\system32\mfcli.exe
O4 - HKLM\..\RunOnce: [atlaf.exe] C:\WINDOWS\system32\atlaf.exe
O4 - HKLM\..\RunOnce: [mscb.exe] C:\WINDOWS\system32\mscb.exe
O4 - HKLM\..\RunOnce: [nthw32.exe] C:\WINDOWS\nthw32.exe
O4 - HKLM\..\RunOnce: [netpq.exe] C:\WINDOWS\netpq.exe
O4 - HKLM\..\RunOnce: [addck.exe] C:\WINDOWS\addck.exe
O4 - HKLM\..\RunOnce: [ntbl.exe] C:\WINDOWS\system32\ntbl.exe
O4 - HKLM\..\RunOnce: [msli.exe] C:\WINDOWS\msli.exe
O4 - HKLM\..\RunOnce: [sysbm32.exe] C:\WINDOWS\system32\sysbm32.exe
O4 - HKLM\..\RunOnce: [javago.exe] C:\WINDOWS\javago.exe
O4 - HKLM\..\RunOnce: [sysqg.exe] C:\WINDOWS\sysqg.exe
O4 - HKLM\..\RunOnce: [sdkvi32.exe] C:\WINDOWS\system32\sdkvi32.exe
O4 - HKLM\..\RunOnce: [winym32.exe] C:\WINDOWS\system32\winym32.exe
O4 - HKLM\..\RunOnce: [javalh32.exe] C:\WINDOWS\javalh32.exe
O4 - HKLM\..\RunOnce: [atljf.exe] C:\WINDOWS\atljf.exe
O4 - HKLM\..\RunOnce: [msoh32.exe] C:\WINDOWS\msoh32.exe
O4 - HKLM\..\RunOnce: [sysbi.exe] C:\WINDOWS\system32\sysbi.exe
O4 - HKLM\..\RunOnce: [javagk32.exe] C:\WINDOWS\system32\javagk32.exe
O4 - HKLM\..\RunOnce: [winac.exe] C:\WINDOWS\winac.exe
O4 - HKLM\..\RunOnce: [apily.exe] C:\WINDOWS\apily.exe
O4 - HKLM\..\RunOnce: [ipec32.exe] C:\WINDOWS\ipec32.exe
O4 - HKLM\..\RunOnce: [appkw.exe] C:\WINDOWS\system32\appkw.exe
O4 - HKLM\..\RunOnce: [atlvf32.exe] C:\WINDOWS\system32\atlvf32.exe
O4 - HKLM\..\RunOnce: [crub32.exe] C:\WINDOWS\system32\crub32.exe
O4 - HKLM\..\RunOnce: [apitb.exe] C:\WINDOWS\system32\apitb.exe
O4 - HKLM\..\RunOnce: [apimx.exe] C:\WINDOWS\system32\apimx.exe
O4 - HKLM\..\RunOnce: [addde.exe] C:\WINDOWS\addde.exe
O4 - HKLM\..\RunOnce: [apihg.exe] C:\WINDOWS\apihg.exe
O4 - HKLM\..\RunOnce: [crfb32.exe] C:\WINDOWS\system32\crfb32.exe
O4 - HKLM\..\RunOnce: [d3qm32.exe] C:\WINDOWS\d3qm32.exe
O4 - HKLM\..\RunOnce: [addal32.exe] C:\WINDOWS\system32\addal32.exe
O4 - HKLM\..\RunOnce: [syskl.exe] C:\WINDOWS\syskl.exe
O4 - HKLM\..\RunOnce: [ipsr.exe] C:\WINDOWS\system32\ipsr.exe
O4 - HKLM\..\RunOnce: [apica32.exe] C:\WINDOWS\system32\apica32.exe
O4 - HKLM\..\RunOnce: [d3yu32.exe] C:\WINDOWS\system32\d3yu32.exe
O4 - HKLM\..\RunOnce: [ipdo.exe] C:\WINDOWS\system32\ipdo.exe
O4 - HKLM\..\RunOnce: [netzd.exe] C:\WINDOWS\netzd.exe
O4 - HKLM\..\RunOnce: [sysfh32.exe] C:\WINDOWS\sysfh32.exe
O4 - HKLM\..\RunOnce: [ienj32.exe] C:\WINDOWS\ienj32.exe
O4 - HKLM\..\RunOnce: [syskq.exe] C:\WINDOWS\system32\syskq.exe
O4 - HKLM\..\RunOnce: [iezl32.exe] C:\WINDOWS\system32\iezl32.exe
O4 - HKLM\..\RunOnce: [atlfw32.exe] C:\WINDOWS\atlfw32.exe
O4 - HKLM\..\RunOnce: [ntys32.exe] C:\WINDOWS\system32\ntys32.exe
O4 - HKLM\..\RunOnce: [iemc32.exe] C:\WINDOWS\system32\iemc32.exe
O4 - HKLM\..\RunOnce: [ntsw.exe] C:\WINDOWS\system32\ntsw.exe
O4 - HKLM\..\RunOnce: [atldc.exe] C:\WINDOWS\atldc.exe
O4 - HKLM\..\RunOnce: [adden32.exe] C:\WINDOWS\adden32.exe
O4 - HKLM\..\RunOnce: [ieem.exe] C:\WINDOWS\ieem.exe
O4 - HKLM\..\RunOnce: [crss.exe] C:\WINDOWS\system32\crss.exe
O4 - HKLM\..\RunOnce: [ipwb32.exe] C:\WINDOWS\system32\ipwb32.exe
O4 - HKLM\..\RunOnce: [winzt.exe] C:\WINDOWS\system32\winzt.exe
O4 - HKLM\..\RunOnce: [appfv32.exe] C:\WINDOWS\system32\appfv32.exe
O4 - HKLM\..\RunOnce: [javanb.exe] C:\WINDOWS\javanb.exe
O4 - HKLM\..\RunOnce: [sysxa32.exe] C:\WINDOWS\system32\sysxa32.exe
O4 - HKLM\..\RunOnce: [ipuc32.exe] C:\WINDOWS\system32\ipuc32.exe
O4 - HKLM\..\RunOnce: [sdkgl32.exe] C:\WINDOWS\system32\sdkgl32.exe
O4 - HKLM\..\RunOnce: [crgu.exe] C:\WINDOWS\system32\crgu.exe
O4 - HKLM\..\RunOnce: [netmo32.exe] C:\WINDOWS\netmo32.exe
O4 - HKLM\..\RunOnce: [addlz.exe] C:\WINDOWS\addlz.exe
O4 - HKLM\..\RunOnce: [d3rb.exe] C:\WINDOWS\system32\d3rb.exe
O4 - HKLM\..\RunOnce: [mfclu32.exe] C:\WINDOWS\mfclu32.exe
O4 - HKLM\..\RunOnce: [sdkvi.exe] C:\WINDOWS\system32\sdkvi.exe
O4 - HKLM\..\RunOnce: [mfczb32.exe] C:\WINDOWS\system32\mfczb32.exe
O4 - HKLM\..\RunOnce: [ipcs32.exe] C:\WINDOWS\ipcs32.exe
O4 - HKLM\..\RunOnce: [apphw.exe] C:\WINDOWS\system32\apphw.exe
O4 - HKLM\..\RunOnce: [ieal.exe] C:\WINDOWS\ieal.exe
O4 - HKLM\..\RunOnce: [appul.exe] C:\WINDOWS\system32\appul.exe
O4 - HKLM\..\RunOnce: [ntsy.exe] C:\WINDOWS\ntsy.exe
O4 - HKLM\..\RunOnce: [javase32.exe] C:\WINDOWS\system32\javase32.exe
O4 - HKLM\..\RunOnce: [sysoi.exe] C:\WINDOWS\sysoi.exe
O4 - HKLM\..\RunOnce: [msld.exe] C:\WINDOWS\msld.exe
O4 - HKLM\..\RunOnce: [apiuj.exe] C:\WINDOWS\system32\apiuj.exe
O4 - HKLM\..\RunOnce: [msps32.exe] C:\WINDOWS\system32\msps32.exe
O4 - HKLM\..\RunOnce: [sdkng32.exe] C:\WINDOWS\sdkng32.exe
O4 - HKLM\..\RunOnce: [crpa.exe] C:\WINDOWS\system32\crpa.exe
O4 - HKLM\..\RunOnce: [sdkmz32.exe] C:\WINDOWS\sdkmz32.exe
O4 - HKLM\..\RunOnce: [crnc.exe] C:\WINDOWS\crnc.exe
O4 - HKLM\..\RunOnce: [apise32.exe] C:\WINDOWS\system32\apise32.exe
O4 - HKLM\..\RunOnce: [atlue.exe] C:\WINDOWS\system32\atlue.exe
O4 - HKLM\..\RunOnce: [nteb.exe] C:\WINDOWS\system32\nteb.exe
O4 - HKLM\..\RunOnce: [ipwz.exe] C:\WINDOWS\system32\ipwz.exe
O4 - HKLM\..\RunOnce: [addof.exe] C:\WINDOWS\system32\addof.exe
O4 - HKLM\..\RunOnce: [winqt.exe] C:\WINDOWS\system32\winqt.exe
O4 - HKLM\..\RunOnce: [crdn.exe] C:\WINDOWS\system32\crdn.exe
O4 - HKLM\..\RunOnce: [d3vd32.exe] C:\WINDOWS\d3vd32.exe
O4 - HKLM\..\RunOnce: [ipbf32.exe] C:\WINDOWS\system32\ipbf32.exe
O4 - HKLM\..\RunOnce: [addco32.exe] C:\WINDOWS\addco32.exe
O4 - HKLM\..\RunOnce: [crhi32.exe] C:\WINDOWS\crhi32.exe
O4 - HKLM\..\RunOnce: [d3ha32.exe] C:\WINDOWS\d3ha32.exe
O4 - HKLM\..\RunOnce: [crix.exe] C:\WINDOWS\crix.exe
O4 - HKLM\..\RunOnce: [nettd32.exe] C:\WINDOWS\system32\nettd32.exe
O4 - HKLM\..\RunOnce: [addyf.exe] C:\WINDOWS\system32\addyf.exe
O4 - HKLM\..\RunOnce: [crgn32.exe] C:\WINDOWS\system32\crgn32.exe
O4 - HKLM\..\RunOnce: [netli.exe] C:\WINDOWS\system32\netli.exe
O4 - HKLM\..\RunOnce: [atleo32.exe] C:\WINDOWS\atleo32.exe
O4 - HKLM\..\RunOnce: [msji.exe] C:\WINDOWS\msji.exe
O4 - HKLM\..\RunOnce: [javart.exe] C:\WINDOWS\javart.exe
O4 - HKLM\..\RunOnce: [ntbz.exe] C:\WINDOWS\system32\ntbz.exe
O4 - HKLM\..\RunOnce: [ntvi.exe] C:\WINDOWS\system32\ntvi.exe
O4 - HKLM\..\RunOnce: [atloh32.exe] C:\WINDOWS\system32\atloh32.exe
O4 - HKLM\..\RunOnce: [mfcxn32.exe] C:\WINDOWS\system32\mfcxn32.exe
O4 - HKLM\..\RunOnce: [winnc32.exe] C:\WINDOWS\winnc32.exe
O4 - HKLM\..\RunOnce: [addly32.exe] C:\WINDOWS\addly32.exe
O4 - HKLM\..\RunOnce: [syspw.exe] C:\WINDOWS\syspw.exe
O4 - HKLM\..\RunOnce: [sdkcc32.exe] C:\WINDOWS\system32\sdkcc32.exe
O4 - HKLM\..\RunOnce: [javawl32.exe] C:\WINDOWS\javawl32.exe
O4 - HKLM\..\RunOnce: [atlcq.exe] C:\WINDOWS\system32\atlcq.exe
O4 - HKLM\..\RunOnce: [netjv32.exe] C:\WINDOWS\netjv32.exe
O4 - HKLM\..\RunOnce: [cruu.exe] C:\WINDOWS\system32\cruu.exe
O4 - HKLM\..\RunOnce: [ieev.exe] C:\WINDOWS\ieev.exe
O4 - HKLM\..\RunOnce: [atlix.exe] C:\WINDOWS\system32\atlix.exe
O4 - HKLM\..\RunOnce: [ntgk32.exe] C:\WINDOWS\ntgk32.exe
O4 - HKLM\..\RunOnce: [crlm32.exe] C:\WINDOWS\system32\crlm32.exe
O4 - HKLM\..\RunOnce: [addbj.exe] C:\WINDOWS\addbj.exe
O4 - HKLM\..\RunOnce: [sdkos.exe] C:\WINDOWS\system32\sdkos.exe
O4 - HKLM\..\RunOnce: [mfcum32.exe] C:\WINDOWS\system32\mfcum32.exe
O4 - HKLM\..\RunOnce: [adddu.exe] C:\WINDOWS\system32\adddu.exe
O4 - HKLM\..\RunOnce: [netwr.exe] C:\WINDOWS\netwr.exe
O4 - HKLM\..\RunOnce: [ievd32.exe] C:\WINDOWS\ievd32.exe
O4 - HKLM\..\RunOnce: [atlds.exe] C:\WINDOWS\atlds.exe
O4 - HKLM\..\RunOnce: [javamy32.exe] C:\WINDOWS\system32\javamy32.exe
O4 - HKLM\..\RunOnce: [iell.exe] C:\WINDOWS\system32\iell.exe
O4 - HKLM\..\RunOnce: [ipol.exe] C:\WINDOWS\ipol.exe
O4 - HKLM\..\RunOnce: [addww.exe] C:\WINDOWS\system32\addww.exe
O4 - HKLM\..\RunOnce: [mfcpv.exe] C:\WINDOWS\mfcpv.exe
O4 - HKLM\..\RunOnce: [addlf32.exe] C:\WINDOWS\addlf32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Actual Title Buttons] C:\Program Files\Actual Title Buttons\ActualTitleButtonsCenter.exe
O4 - Startup: MBM 5.lnk = C:\Program Files\Motherboard Monitor 5\MBM5.exe
O4 - Startup: OUTLOOK.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...GB_ZBzeb032YYGB
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.ntvmsnbc....load/nm1228.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101901816260
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft....ayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_mp3.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4p.../LaunchGame.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15010/CTPID.cab
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\syspw.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe



Sorry if I've not done that right, first time at trying

Matt
  • 0

Advertisements


#2
Spurs1979

Spurs1979

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Sorry I just realised I didnt save hijack this to its own folder & run it from the zip folder, I've now put hijack this into its own folder & run hijack this again. This is the log file after the 2nd scan.

Logfile of HijackThis v1.99.1
Scan saved at 12:54:55, on 06/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\addlf32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\mfczs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Actual Title Buttons\ActualTitleButtonsCenter.exe
C:\Program Files\Motherboard Monitor 5\MBM5.exe
C:\Documents and Settings\Matt\Start Menu\Programs\Startup\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Programs\System Tools\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hryax.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hryax.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hryax.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hryax.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hryax.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hryax.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hryax.dll/sp.html#44768
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {F672C21B-A6D3-5A1A-57D9-FA17425A21F1} - C:\WINDOWS\system32\apinm32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [mfczs.exe] C:\WINDOWS\system32\mfczs.exe
O4 - HKLM\..\RunServices: [Windows Registry Security] crss.exe
O4 - HKLM\..\RunOnce: [sysfm32.exe] C:\WINDOWS\system32\sysfm32.exe
O4 - HKLM\..\RunOnce: [mfciq32.exe] C:\WINDOWS\system32\mfciq32.exe
O4 - HKLM\..\RunOnce: [javacq32.exe] C:\WINDOWS\system32\javacq32.exe
O4 - HKLM\..\RunOnce: [apixq.exe] C:\WINDOWS\apixq.exe
O4 - HKLM\..\RunOnce: [winew.exe] C:\WINDOWS\winew.exe
O4 - HKLM\..\RunOnce: [sdktu.exe] C:\WINDOWS\system32\sdktu.exe
O4 - HKLM\..\RunOnce: [iexw.exe] C:\WINDOWS\system32\iexw.exe
O4 - HKLM\..\RunOnce: [mskc.exe] C:\WINDOWS\system32\mskc.exe
O4 - HKLM\..\RunOnce: [apphg.exe] C:\WINDOWS\system32\apphg.exe
O4 - HKLM\..\RunOnce: [sdkjs32.exe] C:\WINDOWS\system32\sdkjs32.exe
O4 - HKLM\..\RunOnce: [winqo.exe] C:\WINDOWS\winqo.exe
O4 - HKLM\..\RunOnce: [winyp.exe] C:\WINDOWS\winyp.exe
O4 - HKLM\..\RunOnce: [apien.exe] C:\WINDOWS\system32\apien.exe
O4 - HKLM\..\RunOnce: [d3ic32.exe] C:\WINDOWS\d3ic32.exe
O4 - HKLM\..\RunOnce: [apikw32.exe] C:\WINDOWS\apikw32.exe
O4 - HKLM\..\RunOnce: [crhr.exe] C:\WINDOWS\system32\crhr.exe
O4 - HKLM\..\RunOnce: [sysze.exe] C:\WINDOWS\sysze.exe
O4 - HKLM\..\RunOnce: [apipp.exe] C:\WINDOWS\system32\apipp.exe
O4 - HKLM\..\RunOnce: [ntwn.exe] C:\WINDOWS\ntwn.exe
O4 - HKLM\..\RunOnce: [ippx32.exe] C:\WINDOWS\system32\ippx32.exe
O4 - HKLM\..\RunOnce: [appzq.exe] C:\WINDOWS\appzq.exe
O4 - HKLM\..\RunOnce: [mfciy32.exe] C:\WINDOWS\mfciy32.exe
O4 - HKLM\..\RunOnce: [msgv32.exe] C:\WINDOWS\system32\msgv32.exe
O4 - HKLM\..\RunOnce: [crsf.exe] C:\WINDOWS\system32\crsf.exe
O4 - HKLM\..\RunOnce: [ieeb32.exe] C:\WINDOWS\ieeb32.exe
O4 - HKLM\..\RunOnce: [windj32.exe] C:\WINDOWS\system32\windj32.exe
O4 - HKLM\..\RunOnce: [d3kh.exe] C:\WINDOWS\system32\d3kh.exe
O4 - HKLM\..\RunOnce: [ieme.exe] C:\WINDOWS\system32\ieme.exe
O4 - HKLM\..\RunOnce: [addmk32.exe] C:\WINDOWS\addmk32.exe
O4 - HKLM\..\RunOnce: [mfckr.exe] C:\WINDOWS\system32\mfckr.exe
O4 - HKLM\..\RunOnce: [javaam32.exe] C:\WINDOWS\javaam32.exe
O4 - HKLM\..\RunOnce: [javaud32.exe] C:\WINDOWS\system32\javaud32.exe
O4 - HKLM\..\RunOnce: [sysqb32.exe] C:\WINDOWS\sysqb32.exe
O4 - HKLM\..\RunOnce: [sdkpj.exe] C:\WINDOWS\sdkpj.exe
O4 - HKLM\..\RunOnce: [nettt.exe] C:\WINDOWS\system32\nettt.exe
O4 - HKLM\..\RunOnce: [sdkyi.exe] C:\WINDOWS\sdkyi.exe
O4 - HKLM\..\RunOnce: [ntfm.exe] C:\WINDOWS\ntfm.exe
O4 - HKLM\..\RunOnce: [javaww.exe] C:\WINDOWS\system32\javaww.exe
O4 - HKLM\..\RunOnce: [sdkie.exe] C:\WINDOWS\system32\sdkie.exe
O4 - HKLM\..\RunOnce: [ierv.exe] C:\WINDOWS\system32\ierv.exe
O4 - HKLM\..\RunOnce: [sdkan32.exe] C:\WINDOWS\sdkan32.exe
O4 - HKLM\..\RunOnce: [winih.exe] C:\WINDOWS\system32\winih.exe
O4 - HKLM\..\RunOnce: [crty.exe] C:\WINDOWS\crty.exe
O4 - HKLM\..\RunOnce: [appde32.exe] C:\WINDOWS\appde32.exe
O4 - HKLM\..\RunOnce: [sysvk.exe] C:\WINDOWS\system32\sysvk.exe
O4 - HKLM\..\RunOnce: [addgv.exe] C:\WINDOWS\addgv.exe
O4 - HKLM\..\RunOnce: [adduk32.exe] C:\WINDOWS\adduk32.exe
O4 - HKLM\..\RunOnce: [crze.exe] C:\WINDOWS\crze.exe
O4 - HKLM\..\RunOnce: [croz32.exe] C:\WINDOWS\system32\croz32.exe
O4 - HKLM\..\RunOnce: [sysdk.exe] C:\WINDOWS\system32\sysdk.exe
O4 - HKLM\..\RunOnce: [mfcng.exe] C:\WINDOWS\system32\mfcng.exe
O4 - HKLM\..\RunOnce: [winbm.exe] C:\WINDOWS\winbm.exe
O4 - HKLM\..\RunOnce: [appjs.exe] C:\WINDOWS\system32\appjs.exe
O4 - HKLM\..\RunOnce: [iptq32.exe] C:\WINDOWS\system32\iptq32.exe
O4 - HKLM\..\RunOnce: [winoi.exe] C:\WINDOWS\winoi.exe
O4 - HKLM\..\RunOnce: [ipxo32.exe] C:\WINDOWS\system32\ipxo32.exe
O4 - HKLM\..\RunOnce: [ieaf32.exe] C:\WINDOWS\system32\ieaf32.exe
O4 - HKLM\..\RunOnce: [d3vt32.exe] C:\WINDOWS\system32\d3vt32.exe
O4 - HKLM\..\RunOnce: [ipiv32.exe] C:\WINDOWS\ipiv32.exe
O4 - HKLM\..\RunOnce: [sdkpd.exe] C:\WINDOWS\sdkpd.exe
O4 - HKLM\..\RunOnce: [ntcp32.exe] C:\WINDOWS\system32\ntcp32.exe
O4 - HKLM\..\RunOnce: [crpz.exe] C:\WINDOWS\crpz.exe
O4 - HKLM\..\RunOnce: [javafu32.exe] C:\WINDOWS\javafu32.exe
O4 - HKLM\..\RunOnce: [appna.exe] C:\WINDOWS\system32\appna.exe
O4 - HKLM\..\RunOnce: [msmi32.exe] C:\WINDOWS\system32\msmi32.exe
O4 - HKLM\..\RunOnce: [javawo32.exe] C:\WINDOWS\javawo32.exe
O4 - HKLM\..\RunOnce: [javalj.exe] C:\WINDOWS\system32\javalj.exe
O4 - HKLM\..\RunOnce: [winlq32.exe] C:\WINDOWS\system32\winlq32.exe
O4 - HKLM\..\RunOnce: [netem.exe] C:\WINDOWS\netem.exe
O4 - HKLM\..\RunOnce: [atlve32.exe] C:\WINDOWS\system32\atlve32.exe
O4 - HKLM\..\RunOnce: [sdkyn32.exe] C:\WINDOWS\system32\sdkyn32.exe
O4 - HKLM\..\RunOnce: [msov.exe] C:\WINDOWS\system32\msov.exe
O4 - HKLM\..\RunOnce: [ipqe32.exe] C:\WINDOWS\ipqe32.exe
O4 - HKLM\..\RunOnce: [addvg.exe] C:\WINDOWS\addvg.exe
O4 - HKLM\..\RunOnce: [nettw.exe] C:\WINDOWS\nettw.exe
O4 - HKLM\..\RunOnce: [sysbj32.exe] C:\WINDOWS\system32\sysbj32.exe
O4 - HKLM\..\RunOnce: [mfcli.exe] C:\WINDOWS\system32\mfcli.exe
O4 - HKLM\..\RunOnce: [atlaf.exe] C:\WINDOWS\system32\atlaf.exe
O4 - HKLM\..\RunOnce: [mscb.exe] C:\WINDOWS\system32\mscb.exe
O4 - HKLM\..\RunOnce: [nthw32.exe] C:\WINDOWS\nthw32.exe
O4 - HKLM\..\RunOnce: [netpq.exe] C:\WINDOWS\netpq.exe
O4 - HKLM\..\RunOnce: [addck.exe] C:\WINDOWS\addck.exe
O4 - HKLM\..\RunOnce: [ntbl.exe] C:\WINDOWS\system32\ntbl.exe
O4 - HKLM\..\RunOnce: [msli.exe] C:\WINDOWS\msli.exe
O4 - HKLM\..\RunOnce: [sysbm32.exe] C:\WINDOWS\system32\sysbm32.exe
O4 - HKLM\..\RunOnce: [javago.exe] C:\WINDOWS\javago.exe
O4 - HKLM\..\RunOnce: [sysqg.exe] C:\WINDOWS\sysqg.exe
O4 - HKLM\..\RunOnce: [sdkvi32.exe] C:\WINDOWS\system32\sdkvi32.exe
O4 - HKLM\..\RunOnce: [winym32.exe] C:\WINDOWS\system32\winym32.exe
O4 - HKLM\..\RunOnce: [javalh32.exe] C:\WINDOWS\javalh32.exe
O4 - HKLM\..\RunOnce: [atljf.exe] C:\WINDOWS\atljf.exe
O4 - HKLM\..\RunOnce: [msoh32.exe] C:\WINDOWS\msoh32.exe
O4 - HKLM\..\RunOnce: [sysbi.exe] C:\WINDOWS\system32\sysbi.exe
O4 - HKLM\..\RunOnce: [javagk32.exe] C:\WINDOWS\system32\javagk32.exe
O4 - HKLM\..\RunOnce: [winac.exe] C:\WINDOWS\winac.exe
O4 - HKLM\..\RunOnce: [apily.exe] C:\WINDOWS\apily.exe
O4 - HKLM\..\RunOnce: [ipec32.exe] C:\WINDOWS\ipec32.exe
O4 - HKLM\..\RunOnce: [appkw.exe] C:\WINDOWS\system32\appkw.exe
O4 - HKLM\..\RunOnce: [atlvf32.exe] C:\WINDOWS\system32\atlvf32.exe
O4 - HKLM\..\RunOnce: [crub32.exe] C:\WINDOWS\system32\crub32.exe
O4 - HKLM\..\RunOnce: [apitb.exe] C:\WINDOWS\system32\apitb.exe
O4 - HKLM\..\RunOnce: [apimx.exe] C:\WINDOWS\system32\apimx.exe
O4 - HKLM\..\RunOnce: [addde.exe] C:\WINDOWS\addde.exe
O4 - HKLM\..\RunOnce: [apihg.exe] C:\WINDOWS\apihg.exe
O4 - HKLM\..\RunOnce: [crfb32.exe] C:\WINDOWS\system32\crfb32.exe
O4 - HKLM\..\RunOnce: [d3qm32.exe] C:\WINDOWS\d3qm32.exe
O4 - HKLM\..\RunOnce: [addal32.exe] C:\WINDOWS\system32\addal32.exe
O4 - HKLM\..\RunOnce: [syskl.exe] C:\WINDOWS\syskl.exe
O4 - HKLM\..\RunOnce: [ipsr.exe] C:\WINDOWS\system32\ipsr.exe
O4 - HKLM\..\RunOnce: [apica32.exe] C:\WINDOWS\system32\apica32.exe
O4 - HKLM\..\RunOnce: [d3yu32.exe] C:\WINDOWS\system32\d3yu32.exe
O4 - HKLM\..\RunOnce: [ipdo.exe] C:\WINDOWS\system32\ipdo.exe
O4 - HKLM\..\RunOnce: [netzd.exe] C:\WINDOWS\netzd.exe
O4 - HKLM\..\RunOnce: [sysfh32.exe] C:\WINDOWS\sysfh32.exe
O4 - HKLM\..\RunOnce: [ienj32.exe] C:\WINDOWS\ienj32.exe
O4 - HKLM\..\RunOnce: [syskq.exe] C:\WINDOWS\system32\syskq.exe
O4 - HKLM\..\RunOnce: [iezl32.exe] C:\WINDOWS\system32\iezl32.exe
O4 - HKLM\..\RunOnce: [atlfw32.exe] C:\WINDOWS\atlfw32.exe
O4 - HKLM\..\RunOnce: [ntys32.exe] C:\WINDOWS\system32\ntys32.exe
O4 - HKLM\..\RunOnce: [iemc32.exe] C:\WINDOWS\system32\iemc32.exe
O4 - HKLM\..\RunOnce: [ntsw.exe] C:\WINDOWS\system32\ntsw.exe
O4 - HKLM\..\RunOnce: [atldc.exe] C:\WINDOWS\atldc.exe
O4 - HKLM\..\RunOnce: [adden32.exe] C:\WINDOWS\adden32.exe
O4 - HKLM\..\RunOnce: [ieem.exe] C:\WINDOWS\ieem.exe
O4 - HKLM\..\RunOnce: [crss.exe] C:\WINDOWS\system32\crss.exe
O4 - HKLM\..\RunOnce: [ipwb32.exe] C:\WINDOWS\system32\ipwb32.exe
O4 - HKLM\..\RunOnce: [winzt.exe] C:\WINDOWS\system32\winzt.exe
O4 - HKLM\..\RunOnce: [appfv32.exe] C:\WINDOWS\system32\appfv32.exe
O4 - HKLM\..\RunOnce: [javanb.exe] C:\WINDOWS\javanb.exe
O4 - HKLM\..\RunOnce: [sysxa32.exe] C:\WINDOWS\system32\sysxa32.exe
O4 - HKLM\..\RunOnce: [ipuc32.exe] C:\WINDOWS\system32\ipuc32.exe
O4 - HKLM\..\RunOnce: [sdkgl32.exe] C:\WINDOWS\system32\sdkgl32.exe
O4 - HKLM\..\RunOnce: [crgu.exe] C:\WINDOWS\system32\crgu.exe
O4 - HKLM\..\RunOnce: [netmo32.exe] C:\WINDOWS\netmo32.exe
O4 - HKLM\..\RunOnce: [addlz.exe] C:\WINDOWS\addlz.exe
O4 - HKLM\..\RunOnce: [d3rb.exe] C:\WINDOWS\system32\d3rb.exe
O4 - HKLM\..\RunOnce: [mfclu32.exe] C:\WINDOWS\mfclu32.exe
O4 - HKLM\..\RunOnce: [sdkvi.exe] C:\WINDOWS\system32\sdkvi.exe
O4 - HKLM\..\RunOnce: [mfczb32.exe] C:\WINDOWS\system32\mfczb32.exe
O4 - HKLM\..\RunOnce: [ipcs32.exe] C:\WINDOWS\ipcs32.exe
O4 - HKLM\..\RunOnce: [apphw.exe] C:\WINDOWS\system32\apphw.exe
O4 - HKLM\..\RunOnce: [ieal.exe] C:\WINDOWS\ieal.exe
O4 - HKLM\..\RunOnce: [appul.exe] C:\WINDOWS\system32\appul.exe
O4 - HKLM\..\RunOnce: [ntsy.exe] C:\WINDOWS\ntsy.exe
O4 - HKLM\..\RunOnce: [javase32.exe] C:\WINDOWS\system32\javase32.exe
O4 - HKLM\..\RunOnce: [sysoi.exe] C:\WINDOWS\sysoi.exe
O4 - HKLM\..\RunOnce: [msld.exe] C:\WINDOWS\msld.exe
O4 - HKLM\..\RunOnce: [apiuj.exe] C:\WINDOWS\system32\apiuj.exe
O4 - HKLM\..\RunOnce: [msps32.exe] C:\WINDOWS\system32\msps32.exe
O4 - HKLM\..\RunOnce: [sdkng32.exe] C:\WINDOWS\sdkng32.exe
O4 - HKLM\..\RunOnce: [crpa.exe] C:\WINDOWS\system32\crpa.exe
O4 - HKLM\..\RunOnce: [sdkmz32.exe] C:\WINDOWS\sdkmz32.exe
O4 - HKLM\..\RunOnce: [crnc.exe] C:\WINDOWS\crnc.exe
O4 - HKLM\..\RunOnce: [apise32.exe] C:\WINDOWS\system32\apise32.exe
O4 - HKLM\..\RunOnce: [atlue.exe] C:\WINDOWS\system32\atlue.exe
O4 - HKLM\..\RunOnce: [nteb.exe] C:\WINDOWS\system32\nteb.exe
O4 - HKLM\..\RunOnce: [ipwz.exe] C:\WINDOWS\system32\ipwz.exe
O4 - HKLM\..\RunOnce: [addof.exe] C:\WINDOWS\system32\addof.exe
O4 - HKLM\..\RunOnce: [winqt.exe] C:\WINDOWS\system32\winqt.exe
O4 - HKLM\..\RunOnce: [crdn.exe] C:\WINDOWS\system32\crdn.exe
O4 - HKLM\..\RunOnce: [d3vd32.exe] C:\WINDOWS\d3vd32.exe
O4 - HKLM\..\RunOnce: [ipbf32.exe] C:\WINDOWS\system32\ipbf32.exe
O4 - HKLM\..\RunOnce: [addco32.exe] C:\WINDOWS\addco32.exe
O4 - HKLM\..\RunOnce: [crhi32.exe] C:\WINDOWS\crhi32.exe
O4 - HKLM\..\RunOnce: [d3ha32.exe] C:\WINDOWS\d3ha32.exe
O4 - HKLM\..\RunOnce: [crix.exe] C:\WINDOWS\crix.exe
O4 - HKLM\..\RunOnce: [nettd32.exe] C:\WINDOWS\system32\nettd32.exe
O4 - HKLM\..\RunOnce: [addyf.exe] C:\WINDOWS\system32\addyf.exe
O4 - HKLM\..\RunOnce: [crgn32.exe] C:\WINDOWS\system32\crgn32.exe
O4 - HKLM\..\RunOnce: [netli.exe] C:\WINDOWS\system32\netli.exe
O4 - HKLM\..\RunOnce: [atleo32.exe] C:\WINDOWS\atleo32.exe
O4 - HKLM\..\RunOnce: [msji.exe] C:\WINDOWS\msji.exe
O4 - HKLM\..\RunOnce: [javart.exe] C:\WINDOWS\javart.exe
O4 - HKLM\..\RunOnce: [ntbz.exe] C:\WINDOWS\system32\ntbz.exe
O4 - HKLM\..\RunOnce: [ntvi.exe] C:\WINDOWS\system32\ntvi.exe
O4 - HKLM\..\RunOnce: [atloh32.exe] C:\WINDOWS\system32\atloh32.exe
O4 - HKLM\..\RunOnce: [mfcxn32.exe] C:\WINDOWS\system32\mfcxn32.exe
O4 - HKLM\..\RunOnce: [winnc32.exe] C:\WINDOWS\winnc32.exe
O4 - HKLM\..\RunOnce: [addly32.exe] C:\WINDOWS\addly32.exe
O4 - HKLM\..\RunOnce: [syspw.exe] C:\WINDOWS\syspw.exe
O4 - HKLM\..\RunOnce: [sdkcc32.exe] C:\WINDOWS\system32\sdkcc32.exe
O4 - HKLM\..\RunOnce: [javawl32.exe] C:\WINDOWS\javawl32.exe
O4 - HKLM\..\RunOnce: [atlcq.exe] C:\WINDOWS\system32\atlcq.exe
O4 - HKLM\..\RunOnce: [netjv32.exe] C:\WINDOWS\netjv32.exe
O4 - HKLM\..\RunOnce: [cruu.exe] C:\WINDOWS\system32\cruu.exe
O4 - HKLM\..\RunOnce: [ieev.exe] C:\WINDOWS\ieev.exe
O4 - HKLM\..\RunOnce: [atlix.exe] C:\WINDOWS\system32\atlix.exe
O4 - HKLM\..\RunOnce: [ntgk32.exe] C:\WINDOWS\ntgk32.exe
O4 - HKLM\..\RunOnce: [crlm32.exe] C:\WINDOWS\system32\crlm32.exe
O4 - HKLM\..\RunOnce: [addbj.exe] C:\WINDOWS\addbj.exe
O4 - HKLM\..\RunOnce: [sdkos.exe] C:\WINDOWS\system32\sdkos.exe
O4 - HKLM\..\RunOnce: [mfcum32.exe] C:\WINDOWS\system32\mfcum32.exe
O4 - HKLM\..\RunOnce: [adddu.exe] C:\WINDOWS\system32\adddu.exe
O4 - HKLM\..\RunOnce: [netwr.exe] C:\WINDOWS\netwr.exe
O4 - HKLM\..\RunOnce: [ievd32.exe] C:\WINDOWS\ievd32.exe
O4 - HKLM\..\RunOnce: [atlds.exe] C:\WINDOWS\atlds.exe
O4 - HKLM\..\RunOnce: [javamy32.exe] C:\WINDOWS\system32\javamy32.exe
O4 - HKLM\..\RunOnce: [iell.exe] C:\WINDOWS\system32\iell.exe
O4 - HKLM\..\RunOnce: [ipol.exe] C:\WINDOWS\ipol.exe
O4 - HKLM\..\RunOnce: [addww.exe] C:\WINDOWS\system32\addww.exe
O4 - HKLM\..\RunOnce: [mfcpv.exe] C:\WINDOWS\mfcpv.exe
O4 - HKLM\..\RunOnce: [addlf32.exe] C:\WINDOWS\addlf32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Actual Title Buttons] C:\Program Files\Actual Title Buttons\ActualTitleButtonsCenter.exe
O4 - Startup: MBM 5.lnk = C:\Program Files\Motherboard Monitor 5\MBM5.exe
O4 - Startup: OUTLOOK.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...GB_ZBzeb032YYGB
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.ntvmsnbc....load/nm1228.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101901816260
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft....ayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_mp3.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4p.../LaunchGame.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15010/CTPID.cab
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\syspw.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
  • 0

#3
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi frost4225 and welcome to GeeksToGo! My name is Excal and I will be helping you.

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

You have a CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download and install CleanUp! Here
Do NOT run it yet.
Save all of these files somewhere you will remember like to the Desktop.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Download and unzip cwsserviceremove to your desktop. use either link below:
Site 1
Site 2
Site 3
Please Do Not use yet.
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Close all browsers, windows and unneeded programs.

4. Go to Start->Run and type in services.msc and hit OK. Then look for Network Security Service and double click on it. Click on the Stop button and under Startup type, choose Disabled.

5. Open HiJack and do a scan.

6. Put a Check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hryax.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hryax.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hryax.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hryax.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hryax.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hryax.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hryax.dll/sp.html#44768
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {F672C21B-A6D3-5A1A-57D9-FA17425A21F1} - C:\WINDOWS\system32\apinm32.dll
O4 - HKLM\..\Run: [mfczs.exe] C:\WINDOWS\system32\mfczs.exe
O4 - HKLM\..\RunServices: [Windows Registry Security] crss.exe
O4 - HKLM\..\RunOnce: [sysfm32.exe] C:\WINDOWS\system32\sysfm32.exe
O4 - HKLM\..\RunOnce: [appif32.exe] C:\WINDOWS\appif32.exe
O4 - HKLM\..\RunOnce: [mfciq32.exe] C:\WINDOWS\system32\mfciq32.exe
O4 - HKLM\..\RunOnce: [javacq32.exe] C:\WINDOWS\system32\javacq32.exe
O4 - HKLM\..\RunOnce: [apixq.exe] C:\WINDOWS\apixq.exe
O4 - HKLM\..\RunOnce: [winew.exe] C:\WINDOWS\winew.exe
O4 - HKLM\..\RunOnce: [sdktu.exe] C:\WINDOWS\system32\sdktu.exe
O4 - HKLM\..\RunOnce: [iexw.exe] C:\WINDOWS\system32\iexw.exe
O4 - HKLM\..\RunOnce: [atlyl.exe] C:\WINDOWS\atlyl.exe
O4 - HKLM\..\RunOnce: [mskc.exe] C:\WINDOWS\system32\mskc.exe
O4 - HKLM\..\RunOnce: [atlyg.exe] C:\WINDOWS\atlyg.exe
O4 - HKLM\..\RunOnce: [apphg.exe] C:\WINDOWS\system32\apphg.exe
O4 - HKLM\..\RunOnce: [sdkjs32.exe] C:\WINDOWS\system32\sdkjs32.exe
O4 - HKLM\..\RunOnce: [winqo.exe] C:\WINDOWS\winqo.exe
O4 - HKLM\..\RunOnce: [winyp.exe] C:\WINDOWS\winyp.exe
O4 - HKLM\..\RunOnce: [apien.exe] C:\WINDOWS\system32\apien.exe
O4 - HKLM\..\RunOnce: [d3ic32.exe] C:\WINDOWS\d3ic32.exe
O4 - HKLM\..\RunOnce: [apikw32.exe] C:\WINDOWS\apikw32.exe
O4 - HKLM\..\RunOnce: [crhr.exe] C:\WINDOWS\system32\crhr.exe
O4 - HKLM\..\RunOnce: [sysze.exe] C:\WINDOWS\sysze.exe
O4 - HKLM\..\RunOnce: [apipp.exe] C:\WINDOWS\system32\apipp.exe
O4 - HKLM\..\RunOnce: [ntwn.exe] C:\WINDOWS\ntwn.exe
O4 - HKLM\..\RunOnce: [ippx32.exe] C:\WINDOWS\system32\ippx32.exe
O4 - HKLM\..\RunOnce: [appzq.exe] C:\WINDOWS\appzq.exe
O4 - HKLM\..\RunOnce: [mfciy32.exe] C:\WINDOWS\mfciy32.exe
O4 - HKLM\..\RunOnce: [msgv32.exe] C:\WINDOWS\system32\msgv32.exe
O4 - HKLM\..\RunOnce: [crsf.exe] C:\WINDOWS\system32\crsf.exe
O4 - HKLM\..\RunOnce: [ieeb32.exe] C:\WINDOWS\ieeb32.exe
O4 - HKLM\..\RunOnce: [windj32.exe] C:\WINDOWS\system32\windj32.exe
O4 - HKLM\..\RunOnce: [d3kh.exe] C:\WINDOWS\system32\d3kh.exe
O4 - HKLM\..\RunOnce: [ieme.exe] C:\WINDOWS\system32\ieme.exe
O4 - HKLM\..\RunOnce: [addmk32.exe] C:\WINDOWS\addmk32.exe
O4 - HKLM\..\RunOnce: [mfckr.exe] C:\WINDOWS\system32\mfckr.exe
O4 - HKLM\..\RunOnce: [javaam32.exe] C:\WINDOWS\javaam32.exe
O4 - HKLM\..\RunOnce: [javaud32.exe] C:\WINDOWS\system32\javaud32.exe
O4 - HKLM\..\RunOnce: [sysqb32.exe] C:\WINDOWS\sysqb32.exe
O4 - HKLM\..\RunOnce: [sdkpj.exe] C:\WINDOWS\sdkpj.exe
O4 - HKLM\..\RunOnce: [nettt.exe] C:\WINDOWS\system32\nettt.exe
O4 - HKLM\..\RunOnce: [sdkyi.exe] C:\WINDOWS\sdkyi.exe
O4 - HKLM\..\RunOnce: [ntfm.exe] C:\WINDOWS\ntfm.exe
O4 - HKLM\..\RunOnce: [javaww.exe] C:\WINDOWS\system32\javaww.exe
O4 - HKLM\..\RunOnce: [sdkie.exe] C:\WINDOWS\system32\sdkie.exe
O4 - HKLM\..\RunOnce: [ierv.exe] C:\WINDOWS\system32\ierv.exe
O4 - HKLM\..\RunOnce: [sdkan32.exe] C:\WINDOWS\sdkan32.exe
O4 - HKLM\..\RunOnce: [winih.exe] C:\WINDOWS\system32\winih.exe
O4 - HKLM\..\RunOnce: [crty.exe] C:\WINDOWS\crty.exe
O4 - HKLM\..\RunOnce: [appde32.exe] C:\WINDOWS\appde32.exe
O4 - HKLM\..\RunOnce: [sysvk.exe] C:\WINDOWS\system32\sysvk.exe
O4 - HKLM\..\RunOnce: [addgv.exe] C:\WINDOWS\addgv.exe
O4 - HKLM\..\RunOnce: [adduk32.exe] C:\WINDOWS\adduk32.exe
O4 - HKLM\..\RunOnce: [crze.exe] C:\WINDOWS\crze.exe
O4 - HKLM\..\RunOnce: [croz32.exe] C:\WINDOWS\system32\croz32.exe
O4 - HKLM\..\RunOnce: [sysdk.exe] C:\WINDOWS\system32\sysdk.exe
O4 - HKLM\..\RunOnce: [mfcng.exe] C:\WINDOWS\system32\mfcng.exe
O4 - HKLM\..\RunOnce: [winbm.exe] C:\WINDOWS\winbm.exe
O4 - HKLM\..\RunOnce: [appjs.exe] C:\WINDOWS\system32\appjs.exe
O4 - HKLM\..\RunOnce: [iptq32.exe] C:\WINDOWS\system32\iptq32.exe
O4 - HKLM\..\RunOnce: [winoi.exe] C:\WINDOWS\winoi.exe
O4 - HKLM\..\RunOnce: [ipxo32.exe] C:\WINDOWS\system32\ipxo32.exe
O4 - HKLM\..\RunOnce: [ieaf32.exe] C:\WINDOWS\system32\ieaf32.exe
O4 - HKLM\..\RunOnce: [d3vt32.exe] C:\WINDOWS\system32\d3vt32.exe
O4 - HKLM\..\RunOnce: [ipiv32.exe] C:\WINDOWS\ipiv32.exe
O4 - HKLM\..\RunOnce: [sdkpd.exe] C:\WINDOWS\sdkpd.exe
O4 - HKLM\..\RunOnce: [ntcp32.exe] C:\WINDOWS\system32\ntcp32.exe
O4 - HKLM\..\RunOnce: [crpz.exe] C:\WINDOWS\crpz.exe
O4 - HKLM\..\RunOnce: [javafu32.exe] C:\WINDOWS\javafu32.exe
O4 - HKLM\..\RunOnce: [appna.exe] C:\WINDOWS\system32\appna.exe
O4 - HKLM\..\RunOnce: [msmi32.exe] C:\WINDOWS\system32\msmi32.exe
O4 - HKLM\..\RunOnce: [javawo32.exe] C:\WINDOWS\javawo32.exe
O4 - HKLM\..\RunOnce: [javalj.exe] C:\WINDOWS\system32\javalj.exe
O4 - HKLM\..\RunOnce: [winlq32.exe] C:\WINDOWS\system32\winlq32.exe
O4 - HKLM\..\RunOnce: [netem.exe] C:\WINDOWS\netem.exe
O4 - HKLM\..\RunOnce: [atlve32.exe] C:\WINDOWS\system32\atlve32.exe
O4 - HKLM\..\RunOnce: [sdkyn32.exe] C:\WINDOWS\system32\sdkyn32.exe
O4 - HKLM\..\RunOnce: [msov.exe] C:\WINDOWS\system32\msov.exe
O4 - HKLM\..\RunOnce: [ipqe32.exe] C:\WINDOWS\ipqe32.exe
O4 - HKLM\..\RunOnce: [addvg.exe] C:\WINDOWS\addvg.exe
O4 - HKLM\..\RunOnce: [nettw.exe] C:\WINDOWS\nettw.exe
O4 - HKLM\..\RunOnce: [sysbj32.exe] C:\WINDOWS\system32\sysbj32.exe
O4 - HKLM\..\RunOnce: [mfcli.exe] C:\WINDOWS\system32\mfcli.exe
O4 - HKLM\..\RunOnce: [atlaf.exe] C:\WINDOWS\system32\atlaf.exe
O4 - HKLM\..\RunOnce: [mscb.exe] C:\WINDOWS\system32\mscb.exe
O4 - HKLM\..\RunOnce: [nthw32.exe] C:\WINDOWS\nthw32.exe
O4 - HKLM\..\RunOnce: [netpq.exe] C:\WINDOWS\netpq.exe
O4 - HKLM\..\RunOnce: [addck.exe] C:\WINDOWS\addck.exe
O4 - HKLM\..\RunOnce: [ntbl.exe] C:\WINDOWS\system32\ntbl.exe
O4 - HKLM\..\RunOnce: [msli.exe] C:\WINDOWS\msli.exe
O4 - HKLM\..\RunOnce: [sysbm32.exe] C:\WINDOWS\system32\sysbm32.exe
O4 - HKLM\..\RunOnce: [javago.exe] C:\WINDOWS\javago.exe
O4 - HKLM\..\RunOnce: [sysqg.exe] C:\WINDOWS\sysqg.exe
O4 - HKLM\..\RunOnce: [sdkvi32.exe] C:\WINDOWS\system32\sdkvi32.exe
O4 - HKLM\..\RunOnce: [winym32.exe] C:\WINDOWS\system32\winym32.exe
O4 - HKLM\..\RunOnce: [javalh32.exe] C:\WINDOWS\javalh32.exe
O4 - HKLM\..\RunOnce: [atljf.exe] C:\WINDOWS\atljf.exe
O4 - HKLM\..\RunOnce: [msoh32.exe] C:\WINDOWS\msoh32.exe
O4 - HKLM\..\RunOnce: [sysbi.exe] C:\WINDOWS\system32\sysbi.exe
O4 - HKLM\..\RunOnce: [javagk32.exe] C:\WINDOWS\system32\javagk32.exe
O4 - HKLM\..\RunOnce: [winac.exe] C:\WINDOWS\winac.exe
O4 - HKLM\..\RunOnce: [apily.exe] C:\WINDOWS\apily.exe
O4 - HKLM\..\RunOnce: [ipec32.exe] C:\WINDOWS\ipec32.exe
O4 - HKLM\..\RunOnce: [appkw.exe] C:\WINDOWS\system32\appkw.exe
O4 - HKLM\..\RunOnce: [atlvf32.exe] C:\WINDOWS\system32\atlvf32.exe
O4 - HKLM\..\RunOnce: [crub32.exe] C:\WINDOWS\system32\crub32.exe
O4 - HKLM\..\RunOnce: [apitb.exe] C:\WINDOWS\system32\apitb.exe
O4 - HKLM\..\RunOnce: [apimx.exe] C:\WINDOWS\system32\apimx.exe
O4 - HKLM\..\RunOnce: [addde.exe] C:\WINDOWS\addde.exe
O4 - HKLM\..\RunOnce: [apihg.exe] C:\WINDOWS\apihg.exe
O4 - HKLM\..\RunOnce: [crfb32.exe] C:\WINDOWS\system32\crfb32.exe
O4 - HKLM\..\RunOnce: [d3qm32.exe] C:\WINDOWS\d3qm32.exe
O4 - HKLM\..\RunOnce: [addal32.exe] C:\WINDOWS\system32\addal32.exe
O4 - HKLM\..\RunOnce: [syskl.exe] C:\WINDOWS\syskl.exe
O4 - HKLM\..\RunOnce: [ipsr.exe] C:\WINDOWS\system32\ipsr.exe
O4 - HKLM\..\RunOnce: [apica32.exe] C:\WINDOWS\system32\apica32.exe
O4 - HKLM\..\RunOnce: [d3yu32.exe] C:\WINDOWS\system32\d3yu32.exe
O4 - HKLM\..\RunOnce: [ipdo.exe] C:\WINDOWS\system32\ipdo.exe
O4 - HKLM\..\RunOnce: [netzd.exe] C:\WINDOWS\netzd.exe
O4 - HKLM\..\RunOnce: [sysfh32.exe] C:\WINDOWS\sysfh32.exe
O4 - HKLM\..\RunOnce: [ienj32.exe] C:\WINDOWS\ienj32.exe
O4 - HKLM\..\RunOnce: [syskq.exe] C:\WINDOWS\system32\syskq.exe
O4 - HKLM\..\RunOnce: [iezl32.exe] C:\WINDOWS\system32\iezl32.exe
O4 - HKLM\..\RunOnce: [atlfw32.exe] C:\WINDOWS\atlfw32.exe
O4 - HKLM\..\RunOnce: [ntys32.exe] C:\WINDOWS\system32\ntys32.exe
O4 - HKLM\..\RunOnce: [iemc32.exe] C:\WINDOWS\system32\iemc32.exe
O4 - HKLM\..\RunOnce: [ntsw.exe] C:\WINDOWS\system32\ntsw.exe
O4 - HKLM\..\RunOnce: [atldc.exe] C:\WINDOWS\atldc.exe
O4 - HKLM\..\RunOnce: [adden32.exe] C:\WINDOWS\adden32.exe
O4 - HKLM\..\RunOnce: [ieem.exe] C:\WINDOWS\ieem.exe
O4 - HKLM\..\RunOnce: [crss.exe] C:\WINDOWS\system32\crss.exe
O4 - HKLM\..\RunOnce: [ipwb32.exe] C:\WINDOWS\system32\ipwb32.exe
O4 - HKLM\..\RunOnce: [winzt.exe] C:\WINDOWS\system32\winzt.exe
O4 - HKLM\..\RunOnce: [appfv32.exe] C:\WINDOWS\system32\appfv32.exe
O4 - HKLM\..\RunOnce: [javanb.exe] C:\WINDOWS\javanb.exe
O4 - HKLM\..\RunOnce: [sysxa32.exe] C:\WINDOWS\system32\sysxa32.exe
O4 - HKLM\..\RunOnce: [ipuc32.exe] C:\WINDOWS\system32\ipuc32.exe
O4 - HKLM\..\RunOnce: [sdkgl32.exe] C:\WINDOWS\system32\sdkgl32.exe
O4 - HKLM\..\RunOnce: [crgu.exe] C:\WINDOWS\system32\crgu.exe
O4 - HKLM\..\RunOnce: [netmo32.exe] C:\WINDOWS\netmo32.exe
O4 - HKLM\..\RunOnce: [addlz.exe] C:\WINDOWS\addlz.exe
O4 - HKLM\..\RunOnce: [d3rb.exe] C:\WINDOWS\system32\d3rb.exe
O4 - HKLM\..\RunOnce: [mfclu32.exe] C:\WINDOWS\mfclu32.exe
O4 - HKLM\..\RunOnce: [sdkvi.exe] C:\WINDOWS\system32\sdkvi.exe
O4 - HKLM\..\RunOnce: [mfczb32.exe] C:\WINDOWS\system32\mfczb32.exe
O4 - HKLM\..\RunOnce: [ipcs32.exe] C:\WINDOWS\ipcs32.exe
O4 - HKLM\..\RunOnce: [apphw.exe] C:\WINDOWS\system32\apphw.exe
O4 - HKLM\..\RunOnce: [ieal.exe] C:\WINDOWS\ieal.exe
O4 - HKLM\..\RunOnce: [appul.exe] C:\WINDOWS\system32\appul.exe
O4 - HKLM\..\RunOnce: [ntsy.exe] C:\WINDOWS\ntsy.exe
O4 - HKLM\..\RunOnce: [javase32.exe] C:\WINDOWS\system32\javase32.exe
O4 - HKLM\..\RunOnce: [sysoi.exe] C:\WINDOWS\sysoi.exe
O4 - HKLM\..\RunOnce: [msld.exe] C:\WINDOWS\msld.exe
O4 - HKLM\..\RunOnce: [apiuj.exe] C:\WINDOWS\system32\apiuj.exe
O4 - HKLM\..\RunOnce: [msps32.exe] C:\WINDOWS\system32\msps32.exe
O4 - HKLM\..\RunOnce: [sdkng32.exe] C:\WINDOWS\sdkng32.exe
O4 - HKLM\..\RunOnce: [crpa.exe] C:\WINDOWS\system32\crpa.exe
O4 - HKLM\..\RunOnce: [sdkmz32.exe] C:\WINDOWS\sdkmz32.exe
O4 - HKLM\..\RunOnce: [crnc.exe] C:\WINDOWS\crnc.exe
O4 - HKLM\..\RunOnce: [apise32.exe] C:\WINDOWS\system32\apise32.exe
O4 - HKLM\..\RunOnce: [atlue.exe] C:\WINDOWS\system32\atlue.exe
O4 - HKLM\..\RunOnce: [nteb.exe] C:\WINDOWS\system32\nteb.exe
O4 - HKLM\..\RunOnce: [ipwz.exe] C:\WINDOWS\system32\ipwz.exe
O4 - HKLM\..\RunOnce: [addof.exe] C:\WINDOWS\system32\addof.exe
O4 - HKLM\..\RunOnce: [winqt.exe] C:\WINDOWS\system32\winqt.exe
O4 - HKLM\..\RunOnce: [crdn.exe] C:\WINDOWS\system32\crdn.exe
O4 - HKLM\..\RunOnce: [d3vd32.exe] C:\WINDOWS\d3vd32.exe
O4 - HKLM\..\RunOnce: [ipbf32.exe] C:\WINDOWS\system32\ipbf32.exe
O4 - HKLM\..\RunOnce: [addco32.exe] C:\WINDOWS\addco32.exe
O4 - HKLM\..\RunOnce: [crhi32.exe] C:\WINDOWS\crhi32.exe
O4 - HKLM\..\RunOnce: [d3ha32.exe] C:\WINDOWS\d3ha32.exe
O4 - HKLM\..\RunOnce: [crix.exe] C:\WINDOWS\crix.exe
O4 - HKLM\..\RunOnce: [nettd32.exe] C:\WINDOWS\system32\nettd32.exe
O4 - HKLM\..\RunOnce: [addyf.exe] C:\WINDOWS\system32\addyf.exe
O4 - HKLM\..\RunOnce: [crgn32.exe] C:\WINDOWS\system32\crgn32.exe
O4 - HKLM\..\RunOnce: [netli.exe] C:\WINDOWS\system32\netli.exe
O4 - HKLM\..\RunOnce: [atleo32.exe] C:\WINDOWS\atleo32.exe
O4 - HKLM\..\RunOnce: [msji.exe] C:\WINDOWS\msji.exe
O4 - HKLM\..\RunOnce: [javart.exe] C:\WINDOWS\javart.exe
O4 - HKLM\..\RunOnce: [ntbz.exe] C:\WINDOWS\system32\ntbz.exe
O4 - HKLM\..\RunOnce: [ntvi.exe] C:\WINDOWS\system32\ntvi.exe
O4 - HKLM\..\RunOnce: [atloh32.exe] C:\WINDOWS\system32\atloh32.exe
O4 - HKLM\..\RunOnce: [mfcxn32.exe] C:\WINDOWS\system32\mfcxn32.exe
O4 - HKLM\..\RunOnce: [winnc32.exe] C:\WINDOWS\winnc32.exe
O4 - HKLM\..\RunOnce: [addly32.exe] C:\WINDOWS\addly32.exe
O4 - HKLM\..\RunOnce: [syspw.exe] C:\WINDOWS\syspw.exe
O4 - HKLM\..\RunOnce: [sdkcc32.exe] C:\WINDOWS\system32\sdkcc32.exe
O4 - HKLM\..\RunOnce: [javawl32.exe] C:\WINDOWS\javawl32.exe
O4 - HKLM\..\RunOnce: [atlcq.exe] C:\WINDOWS\system32\atlcq.exe
O4 - HKLM\..\RunOnce: [netjv32.exe] C:\WINDOWS\netjv32.exe
O4 - HKLM\..\RunOnce: [cruu.exe] C:\WINDOWS\system32\cruu.exe
O4 - HKLM\..\RunOnce: [ieev.exe] C:\WINDOWS\ieev.exe
O4 - HKLM\..\RunOnce: [atlix.exe] C:\WINDOWS\system32\atlix.exe
O4 - HKLM\..\RunOnce: [ntgk32.exe] C:\WINDOWS\ntgk32.exe
O4 - HKLM\..\RunOnce: [crlm32.exe] C:\WINDOWS\system32\crlm32.exe
O4 - HKLM\..\RunOnce: [addbj.exe] C:\WINDOWS\addbj.exe
O4 - HKLM\..\RunOnce: [sdkos.exe] C:\WINDOWS\system32\sdkos.exe
O4 - HKLM\..\RunOnce: [mfcum32.exe] C:\WINDOWS\system32\mfcum32.exe
O4 - HKLM\..\RunOnce: [adddu.exe] C:\WINDOWS\system32\adddu.exe
O4 - HKLM\..\RunOnce: [netwr.exe] C:\WINDOWS\netwr.exe
O4 - HKLM\..\RunOnce: [ievd32.exe] C:\WINDOWS\ievd32.exe
O4 - HKLM\..\RunOnce: [atlds.exe] C:\WINDOWS\atlds.exe
O4 - HKLM\..\RunOnce: [javamy32.exe] C:\WINDOWS\system32\javamy32.exe
O4 - HKLM\..\RunOnce: [iell.exe] C:\WINDOWS\system32\iell.exe
O4 - HKLM\..\RunOnce: [ipol.exe] C:\WINDOWS\ipol.exe
O4 - HKLM\..\RunOnce: [addww.exe] C:\WINDOWS\system32\addww.exe
O4 - HKLM\..\RunOnce: [mfcpv.exe] C:\WINDOWS\mfcpv.exe
O4 - HKLM\..\RunOnce: [addlf32.exe] C:\WINDOWS\addlf32.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...GB_ZBzeb032YYGB
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\syspw.exe


7. click the Fix Checked box

8. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

9. Please remove these entries from Add/Remove Programs in the Control Panel(if present):

mywebsearch


10. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\system32\mfczs.exe
C:\WINDOWS\system32\sysfm32.exe
C:\WINDOWS\appif32.exe
C:\WINDOWS\system32\mfciq32.exe
C:\WINDOWS\system32\javacq32.exe
C:\WINDOWS\apixq.exe
C:\WINDOWS\winew.exe
C:\WINDOWS\system32\sdktu.exe
C:\WINDOWS\system32\iexw.exe
C:\WINDOWS\atlyl.exe
C:\WINDOWS\system32\mskc.exe
C:\WINDOWS\atlyg.exe
C:\WINDOWS\system32\apphg.exe
C:\WINDOWS\system32\sdkjs32.exe
C:\WINDOWS\winqo.exe
C:\WINDOWS\winyp.exe
C:\WINDOWS\system32\apien.exe
C:\WINDOWS\d3ic32.exe
C:\WINDOWS\apikw32.exe
C:\WINDOWS\system32\crhr.exe
C:\WINDOWS\sysze.exe
C:\WINDOWS\system32\apipp.exe
C:\WINDOWS\ntwn.exe
C:\WINDOWS\system32\ippx32.exe
C:\WINDOWS\appzq.exe
C:\WINDOWS\mfciy32.exe
C:\WINDOWS\system32\msgv32.exe
C:\WINDOWS\system32\crsf.exe
C:\WINDOWS\ieeb32.exe
C:\WINDOWS\system32\windj32.exe
C:\WINDOWS\system32\d3kh.exe
C:\WINDOWS\system32\ieme.exe
C:\WINDOWS\addmk32.exe
C:\WINDOWS\system32\mfckr.exe
C:\WINDOWS\javaam32.exe
C:\WINDOWS\system32\javaud32.exe
C:\WINDOWS\sysqb32.exe
C:\WINDOWS\sdkpj.exe
C:\WINDOWS\system32\nettt.exe
C:\WINDOWS\sdkyi.exe
C:\WINDOWS\ntfm.exe
C:\WINDOWS\system32\javaww.exe
C:\WINDOWS\system32\sdkie.exe
C:\WINDOWS\system32\ierv.exe
C:\WINDOWS\sdkan32.exe
C:\WINDOWS\system32\winih.exe
C:\WINDOWS\crty.exe
C:\WINDOWS\appde32.exe
C:\WINDOWS\system32\sysvk.exe
C:\WINDOWS\addgv.exe
C:\WINDOWS\adduk32.exe
C:\WINDOWS\crze.exe
C:\WINDOWS\system32\croz32.exe
C:\WINDOWS\system32\sysdk.exe
C:\WINDOWS\system32\mfcng.exe
C:\WINDOWS\winbm.exe
C:\WINDOWS\system32\appjs.exe
C:\WINDOWS\system32\iptq32.exe
C:\WINDOWS\winoi.exe
C:\WINDOWS\system32\ipxo32.exe
C:\WINDOWS\system32\ieaf32.exe
C:\WINDOWS\system32\d3vt32.exe
C:\WINDOWS\ipiv32.exe
C:\WINDOWS\sdkpd.exe
C:\WINDOWS\system32\ntcp32.exe
C:\WINDOWS\crpz.exe
C:\WINDOWS\javafu32.exe
C:\WINDOWS\system32\appna.exe
C:\WINDOWS\system32\msmi32.exe
C:\WINDOWS\javawo32.exe
C:\WINDOWS\system32\javalj.exe
C:\WINDOWS\system32\winlq32.exe
C:\WINDOWS\netem.exe
C:\WINDOWS\system32\atlve32.exe
C:\WINDOWS\system32\sdkyn32.exe
C:\WINDOWS\system32\msov.exe
C:\WINDOWS\ipqe32.exe
C:\WINDOWS\addvg.exe
C:\WINDOWS\nettw.exe
C:\WINDOWS\system32\sysbj32.exe
C:\WINDOWS\system32\mfcli.exe
C:\WINDOWS\system32\atlaf.exe
C:\WINDOWS\system32\mscb.exe
C:\WINDOWS\nthw32.exe
C:\WINDOWS\netpq.exe
C:\WINDOWS\addck.exe
C:\WINDOWS\system32\ntbl.exe
C:\WINDOWS\msli.exe
C:\WINDOWS\system32\sysbm32.exe
C:\WINDOWS\javago.exe
C:\WINDOWS\sysqg.exe
C:\WINDOWS\system32\sdkvi32.exe
C:\WINDOWS\system32\winym32.exe
C:\WINDOWS\javalh32.exe
C:\WINDOWS\atljf.exe
C:\WINDOWS\msoh32.exe
C:\WINDOWS\system32\sysbi.exe
C:\WINDOWS\system32\javagk32.exe
C:\WINDOWS\winac.exe
C:\WINDOWS\apily.exe
C:\WINDOWS\ipec32.exe
C:\WINDOWS\system32\appkw.exe
C:\WINDOWS\system32\atlvf32.exe
C:\WINDOWS\system32\crub32.exe
C:\WINDOWS\system32\apitb.exe
C:\WINDOWS\system32\apimx.exe
C:\WINDOWS\addde.exe
C:\WINDOWS\apihg.exe
C:\WINDOWS\system32\crfb32.exe
C:\WINDOWS\d3qm32.exe
C:\WINDOWS\system32\addal32.exe
C:\WINDOWS\syskl.exe
C:\WINDOWS\system32\ipsr.exe
C:\WINDOWS\system32\apica32.exe
C:\WINDOWS\system32\d3yu32.exe
C:\WINDOWS\system32\ipdo.exe
C:\WINDOWS\netzd.exe
C:\WINDOWS\sysfh32.exe
C:\WINDOWS\ienj32.exe
C:\WINDOWS\system32\syskq.exe
C:\WINDOWS\system32\iezl32.exe
C:\WINDOWS\atlfw32.exe
C:\WINDOWS\system32\ntys32.exe
C:\WINDOWS\system32\iemc32.exe
C:\WINDOWS\system32\ntsw.exe
C:\WINDOWS\atldc.exe
C:\WINDOWS\adden32.exe
C:\WINDOWS\ieem.exe
C:\WINDOWS\system32\crss.exe
C:\WINDOWS\system32\ipwb32.exe
C:\WINDOWS\system32\winzt.exe
C:\WINDOWS\system32\appfv32.exe
C:\WINDOWS\javanb.exe
C:\WINDOWS\system32\sysxa32.exe
C:\WINDOWS\system32\ipuc32.exe
C:\WINDOWS\system32\sdkgl32.exe
C:\WINDOWS\system32\crgu.exe
C:\WINDOWS\netmo32.exe
C:\WINDOWS\addlz.exe
C:\WINDOWS\system32\d3rb.exe
C:\WINDOWS\mfclu32.exe
C:\WINDOWS\system32\sdkvi.exe
C:\WINDOWS\system32\mfczb32.exe
C:\WINDOWS\ipcs32.exe
C:\WINDOWS\system32\apphw.exe
C:\WINDOWS\ieal.exe
C:\WINDOWS\system32\appul.exe
C:\WINDOWS\ntsy.exe
C:\WINDOWS\system32\javase32.exe
C:\WINDOWS\sysoi.exe
C:\WINDOWS\msld.exe
C:\WINDOWS\system32\apiuj.exe
C:\WINDOWS\system32\msps32.exe
C:\WINDOWS\sdkng32.exe
C:\WINDOWS\system32\crpa.exe
C:\WINDOWS\sdkmz32.exe
C:\WINDOWS\crnc.exe
C:\WINDOWS\system32\apise32.exe
C:\WINDOWS\system32\atlue.exe
C:\WINDOWS\system32\nteb.exe
C:\WINDOWS\system32\ipwz.exe
C:\WINDOWS\system32\addof.exe
C:\WINDOWS\system32\winqt.exe
C:\WINDOWS\system32\crdn.exe
C:\WINDOWS\d3vd32.exe
C:\WINDOWS\system32\ipbf32.exe
C:\WINDOWS\addco32.exe
C:\WINDOWS\crhi32.exe
C:\WINDOWS\d3ha32.exe
C:\WINDOWS\crix.exe
C:\WINDOWS\system32\nettd32.exe
C:\WINDOWS\system32\addyf.exe
C:\WINDOWS\system32\crgn32.exe
C:\WINDOWS\system32\netli.exe
C:\WINDOWS\atleo32.exe
C:\WINDOWS\msji.exe
C:\WINDOWS\javart.exe
C:\WINDOWS\system32\ntbz.exe
C:\WINDOWS\system32\ntvi.exe
C:\WINDOWS\system32\atloh32.exe
C:\WINDOWS\system32\mfcxn32.exe
C:\WINDOWS\winnc32.exe
C:\WINDOWS\addly32.exe
C:\WINDOWS\syspw.exe
C:\WINDOWS\system32\sdkcc32.exe
C:\WINDOWS\javawl32.exe
C:\WINDOWS\system32\atlcq.exe
C:\WINDOWS\netjv32.exe
C:\WINDOWS\system32\cruu.exe
C:\WINDOWS\ieev.exe
C:\WINDOWS\system32\atlix.exe
C:\WINDOWS\ntgk32.exe
C:\WINDOWS\system32\crlm32.exe
C:\WINDOWS\addbj.exe
C:\WINDOWS\system32\sdkos.exe
C:\WINDOWS\system32\mfcum32.exe
C:\WINDOWS\system32\adddu.exe
C:\WINDOWS\netwr.exe
C:\WINDOWS\ievd32.exe
C:\WINDOWS\atlds.exe
C:\WINDOWS\system32\javamy32.exe
C:\WINDOWS\system32\iell.exe
C:\WINDOWS\ipol.exe
C:\WINDOWS\system32\addww.exe
C:\WINDOWS\mfcpv.exe
C:\WINDOWS\addlf32.exe
C:\WINDOWS\hryax.dll
C:\WINDOWS\system32\apinm32.dll
C:\WINDOWS\syspw.exe
crss.exe<----Start>Seach to find this


11. Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
12. Double click on the cwsserviceremove and when asked to merge say yes.

13. Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

14. Now run CleanUp!Reboot your computer into normal windows.

15. Run this online virus scan: ActiveScan - Save the results from the scan!

16. Please post an Active scan log and a fresh HiJackThis log to verify all is good. Ensure you rehide your hidden files and folders back to the way they were.
  • 0

#4
Spurs1979

Spurs1979

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Excal,

Thanks for your reply first of all, quite alot of work to be done, its actually taken me 3 attempts to get all of that lot to work but it seems to have done the trick after the 3rd attempt. Not sure if its because there was so much stuff there it wouldnt get rid of it all in 1 go.

Here are my active scan & my new hijack this log for you to check

Incident Status Location

Adware:Adware/SideFind No disinfected Windows Registry
Adware:Adware/SBSoft No disinfected C:\WINDOWS\Downloaded Program Files\webdlg32.inf
Adware:Adware/MyWebSearch No disinfected Windows Registry
Adware:Adware/SBSoft No disinfected C:\WINDOWS\Downloaded Program Files\webdlg32.inf
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\javauw.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\ntyc32.exe


Logfile of HijackThis v1.99.1
Scan saved at 00:16:23, on 12/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Motherboard Monitor 5\MBM5.exe
C:\Documents and Settings\Matt\Start Menu\Programs\Startup\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Programs\System Tools\hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Startup: MBM 5.lnk = C:\Program Files\Motherboard Monitor 5\MBM5.exe
O4 - Startup: OUTLOOK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.ntvmsnbc....load/nm1228.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101901816260
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft....ayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_mp3.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4p.../LaunchGame.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15010/CTPID.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Thanks again for the initial look for me & help, I've now got my homepage back to google & the items in add/remove programs have now gone it seems.

Matt
  • 0

#5
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi frost4225,

I bet you computer is running a heck of alot faster now with all those programs gone ;)
Glad everything is back to normal ;)



Just a few random bad files to clean up.
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "Delete File on Reboot"
  • Navigate to this file - C:\WINDOWS\Downloaded Program Files\webdlg32.inf
  • Double click on that file.
  • HJT asks you if you want to reboot, now. Click "no".

    Do that for the following files also, until you get to the last one, then click "yes" when HJT asks you to reboot.

C:\WINDOWS\system32\javauw.exe
C:\WINDOWS\system32\ntyc32.exe


Post back when you finish and tell me how your computer is running :tazz:

thanks,

:tazz:

Excal
  • 0

#6
Spurs1979

Spurs1979

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Excal,

I've done the final part of this, the file that was in the downloaded program files wasnt actually there, not even when I let my pc view hidden files so not sure what thats about. The other 2 were there & were deleted on reboot by hijack this.

As for my pc, well it's been about 2 weeks since I realised that my IE was hijacked & I had a few problems, since then I've noticed a big difference in loadup times for Windows itself & some applications. Strangely enough it didnt actually slow down my internet even though it was that which I thought was the big issue.

But anyway it's back to normal & booting up into Windows as quick as it was before so I honestly cant thank you enough for your help, if only all forums were as helpfull as this! :tazz:

Matt (will donate into your paypal for your help, thanks again) ;)
  • 0

#7
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Matt,

I am real glad your computer is running better now ;)

I notice you have Firefox, I would suggest you use this for everything except for windows update. FireFox is less succeptable to all that crapware out there.


Great job, it appears your computer is clean :tazz:

Now that your system is Malware Free, it is important to reset your system Restore. Click Here to learn how to.
Might I suggest the following Free Spyware programs for added security, you can download them at the following links. These programs work great for detection:

Ad-aware SE

Spybot S&D


If you are unhappy with your current antivirus and want to replace it or if you dont already have one, I suggest this Free program:
*Note - do not use more than one anti-virus program as it will more than likely cause conflict.

AVG

The following free programs are great for prevention:

SpywareBlaster 3.4

Spywareguard

IE/Spyad


A Firewall is a must! Here are 2 good free versions:

Sygate

ZoneLabs

There are other options other than Internet Explorer for a browser, which some say have better security. Two of them are:

Firefox

Opera

This site is a great source for tightening up security on Internet Explorer settings.

Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month.

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
For ease use the following program:

Cleanup
Run "Cleanup" and when it has finished, Reboot

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.
  • 0

#8
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP