Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Spyware is controlling my computer :( [CLOSED]

Started by ineedhelp69 , Aug 07 2005 03:25 PM

  • This topic is locked This topic is locked

#1
ineedhelp69
Posted 07 August 2005 - 03:25 PM

ineedhelp69

    New Member

  • Member
  • Pip
  • 2 posts
My computer has been running like crap for the past couple of days. Browsing extremly slow and starting and rebooting very slow. Constent pop ups are now the norm :tazz: . I have included my hi-jack this log and have already run Adaware Spybot S and D and also cleanitup. I still have yet to get the problem. Any help would be very much apprieciated. Thank you for your time.



Logfile of HijackThis v1.99.1
Scan saved at 4:24:34 PM, on 8/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\d3ri.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\MIKEYT~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\DOCUME~1\MIKEYT~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vrfwt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vrfwt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vrfwt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vrfwt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vrfwt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vrfwt.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vrfwt.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {2BAB9DCF-AB6E-FD19-25BB-4FA3012F78E1} - C:\WINDOWS\system32\apptq.dll
O2 - BHO: Class - {4F96C427-A2E2-F522-0ABA-0CDBB14A7153} - C:\WINDOWS\system32\apiez32.dll
O2 - BHO: Class - {FEB759AF-0344-33C1-9B59-C5DB1E7E371F} - C:\WINDOWS\system32\appoo.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\DOCUME~1\MIKEYT~1\LOCALS~1\Temp\Temporary Directory 1 for cmi8738_w2k_xp_me-630.zip\CMI8738 for XP-W2K-ME\Setup.exe /SPEAKER
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [sdkif32.exe] C:\WINDOWS\sdkif32.exe
O4 - HKLM\..\Run: [sysqm32.exe] C:\WINDOWS\system32\sysqm32.exe
O4 - HKLM\..\Run: [iegc.exe] C:\WINDOWS\system32\iegc.exe
O4 - HKLM\..\Run: [appal32.exe] C:\WINDOWS\system32\appal32.exe
O4 - HKLM\..\Run: [javaeg.exe] C:\WINDOWS\javaeg.exe
O4 - HKLM\..\Run: [apiyf32.exe] C:\WINDOWS\apiyf32.exe
O4 - HKLM\..\Run: [d3fi32.exe] C:\WINDOWS\system32\d3fi32.exe
O4 - HKLM\..\Run: [ielt.exe] C:\WINDOWS\system32\ielt.exe
O4 - HKLM\..\Run: [javayd32.exe] C:\WINDOWS\system32\javayd32.exe
O4 - HKLM\..\Run: [winmr.exe] C:\WINDOWS\system32\winmr.exe
O4 - HKLM\..\Run: [addyn32.exe] C:\WINDOWS\addyn32.exe
O4 - HKLM\..\Run: [mfctl32.exe] C:\WINDOWS\system32\mfctl32.exe
O4 - HKLM\..\Run: [apppp32.exe] C:\WINDOWS\system32\apppp32.exe
O4 - HKLM\..\Run: [crid32.exe] C:\WINDOWS\system32\crid32.exe
O4 - HKLM\..\Run: [mfcjb32.exe] C:\WINDOWS\system32\mfcjb32.exe
O4 - HKLM\..\Run: [winaf.exe] C:\WINDOWS\winaf.exe
O4 - HKLM\..\Run: [ipfe.exe] C:\WINDOWS\ipfe.exe
O4 - HKLM\..\Run: [ielx.exe] C:\WINDOWS\ielx.exe
O4 - HKLM\..\Run: [atljt.exe] C:\WINDOWS\atljt.exe
O4 - HKLM\..\Run: [d3kf.exe] C:\WINDOWS\system32\d3kf.exe
O4 - HKLM\..\Run: [mfczy.exe] C:\WINDOWS\system32\mfczy.exe
O4 - HKLM\..\Run: [winal.exe] C:\WINDOWS\system32\winal.exe
O4 - HKLM\..\Run: [d3os32.exe] C:\WINDOWS\system32\d3os32.exe
O4 - HKLM\..\Run: [addbg32.exe] C:\WINDOWS\system32\addbg32.exe
O4 - HKLM\..\Run: [apivz32.exe] C:\WINDOWS\system32\apivz32.exe
O4 - HKLM\..\Run: [iphd32.exe] C:\WINDOWS\iphd32.exe
O4 - HKLM\..\Run: [winrs32.exe] C:\WINDOWS\winrs32.exe
O4 - HKLM\..\Run: [ipqa32.exe] C:\WINDOWS\system32\ipqa32.exe
O4 - HKLM\..\Run: [apisf32.exe] C:\WINDOWS\system32\apisf32.exe
O4 - HKLM\..\Run: [winua.exe] C:\WINDOWS\system32\winua.exe
O4 - HKLM\..\Run: [javaiq.exe] C:\WINDOWS\javaiq.exe
O4 - HKLM\..\Run: [sdkpj32.exe] C:\WINDOWS\sdkpj32.exe
O4 - HKLM\..\Run: [atlud.exe] C:\WINDOWS\system32\atlud.exe
O4 - HKLM\..\Run: [d3hl32.exe] C:\WINDOWS\system32\d3hl32.exe
O4 - HKLM\..\Run: [mfcav.exe] C:\WINDOWS\mfcav.exe
O4 - HKLM\..\Run: [sdksr.exe] C:\WINDOWS\sdksr.exe
O4 - HKLM\..\Run: [apivh.exe] C:\WINDOWS\apivh.exe
O4 - HKLM\..\Run: [sdkia.exe] C:\WINDOWS\system32\sdkia.exe
O4 - HKLM\..\Run: [d3ri.exe] C:\WINDOWS\d3ri.exe
O4 - HKLM\..\RunOnce: [adduu.exe] C:\WINDOWS\adduu.exe
O4 - HKLM\..\RunOnce: [wingz32.exe] C:\WINDOWS\system32\wingz32.exe
O4 - HKLM\..\RunOnce: [syspd32.exe] C:\WINDOWS\syspd32.exe
O4 - HKLM\..\RunOnce: [crqs32.exe] C:\WINDOWS\crqs32.exe
O4 - HKLM\..\RunOnce: [iedc32.exe] C:\WINDOWS\system32\iedc32.exe
O4 - HKLM\..\RunOnce: [atlcq.exe] C:\WINDOWS\system32\atlcq.exe
O4 - HKLM\..\RunOnce: [crbs.exe] C:\WINDOWS\system32\crbs.exe
O4 - HKLM\..\RunOnce: [ielf.exe] C:\WINDOWS\system32\ielf.exe
O4 - HKLM\..\RunOnce: [ntoy32.exe] C:\WINDOWS\system32\ntoy32.exe
O4 - HKLM\..\RunOnce: [netsz.exe] C:\WINDOWS\system32\netsz.exe
O4 - HKLM\..\RunOnce: [winti32.exe] C:\WINDOWS\winti32.exe
O4 - HKLM\..\RunOnce: [mswn.exe] C:\WINDOWS\system32\mswn.exe
O4 - HKLM\..\RunOnce: [sdkvy.exe] C:\WINDOWS\sdkvy.exe
O4 - HKLM\..\RunOnce: [winid.exe] C:\WINDOWS\system32\winid.exe
O4 - HKLM\..\RunOnce: [iesh32.exe] C:\WINDOWS\iesh32.exe
O4 - HKLM\..\RunOnce: [appkq32.exe] C:\WINDOWS\system32\appkq32.exe
O4 - HKLM\..\RunOnce: [netmt32.exe] C:\WINDOWS\system32\netmt32.exe
O4 - HKLM\..\RunOnce: [addrn.exe] C:\WINDOWS\system32\addrn.exe
O4 - HKLM\..\RunOnce: [netkj32.exe] C:\WINDOWS\netkj32.exe
O4 - HKLM\..\RunOnce: [crwj.exe] C:\WINDOWS\crwj.exe
O4 - HKLM\..\RunOnce: [winbl.exe] C:\WINDOWS\winbl.exe
O4 - HKLM\..\RunOnce: [mfchw.exe] C:\WINDOWS\system32\mfchw.exe
O4 - HKLM\..\RunOnce: [netdp.exe] C:\WINDOWS\system32\netdp.exe
O4 - HKLM\..\RunOnce: [iewx32.exe] C:\WINDOWS\system32\iewx32.exe
O4 - HKLM\..\RunOnce: [d3ft32.exe] C:\WINDOWS\system32\d3ft32.exe
O4 - HKLM\..\RunOnce: [ntyk32.exe] C:\WINDOWS\ntyk32.exe
O4 - HKLM\..\RunOnce: [crrb32.exe] C:\WINDOWS\system32\crrb32.exe
O4 - HKLM\..\RunOnce: [iebn32.exe] C:\WINDOWS\system32\iebn32.exe
O4 - HKLM\..\RunOnce: [javavq32.exe] C:\WINDOWS\javavq32.exe
O4 - HKLM\..\RunOnce: [addoy.exe] C:\WINDOWS\addoy.exe
O4 - HKLM\..\RunOnce: [sysmj32.exe] C:\WINDOWS\system32\sysmj32.exe
O4 - HKLM\..\RunOnce: [winzx.exe] C:\WINDOWS\winzx.exe
O4 - HKLM\..\RunOnce: [apiku.exe] C:\WINDOWS\system32\apiku.exe
O4 - HKLM\..\RunOnce: [javaow.exe] C:\WINDOWS\system32\javaow.exe
O4 - HKLM\..\RunOnce: [javasj32.exe] C:\WINDOWS\system32\javasj32.exe
O4 - HKLM\..\RunOnce: [netps.exe] C:\WINDOWS\system32\netps.exe
O4 - HKLM\..\RunOnce: [addwy32.exe] C:\WINDOWS\addwy32.exe
O4 - HKLM\..\RunOnce: [mfcug.exe] C:\WINDOWS\mfcug.exe
O4 - HKLM\..\RunOnce: [ieyy32.exe] C:\WINDOWS\ieyy32.exe
O4 - HKLM\..\RunOnce: [ntzh.exe] C:\WINDOWS\system32\ntzh.exe
O4 - HKLM\..\RunOnce: [mshu.exe] C:\WINDOWS\system32\mshu.exe
O4 - HKLM\..\RunOnce: [crzt.exe] C:\WINDOWS\crzt.exe
O4 - HKLM\..\RunOnce: [mshw32.exe] C:\WINDOWS\system32\mshw32.exe
O4 - HKLM\..\RunOnce: [ipwv32.exe] C:\WINDOWS\ipwv32.exe
O4 - HKLM\..\RunOnce: [cryn32.exe] C:\WINDOWS\cryn32.exe
O4 - HKLM\..\RunOnce: [winhi32.exe] C:\WINDOWS\winhi32.exe
O4 - HKLM\..\RunOnce: [javakt.exe] C:\WINDOWS\system32\javakt.exe
O4 - HKLM\..\RunOnce: [mfcnl32.exe] C:\WINDOWS\system32\mfcnl32.exe
O4 - HKLM\..\RunOnce: [ielj.exe] C:\WINDOWS\ielj.exe
O4 - HKLM\..\RunOnce: [apprv.exe] C:\WINDOWS\system32\apprv.exe
O4 - HKLM\..\RunOnce: [iecm32.exe] C:\WINDOWS\iecm32.exe
O4 - HKLM\..\RunOnce: [ipth.exe] C:\WINDOWS\ipth.exe
O4 - HKLM\..\RunOnce: [winge.exe] C:\WINDOWS\system32\winge.exe
O4 - HKLM\..\RunOnce: [ipnd32.exe] C:\WINDOWS\ipnd32.exe
O4 - HKLM\..\RunOnce: [crqv.exe] C:\WINDOWS\system32\crqv.exe
O4 - HKLM\..\RunOnce: [addra32.exe] C:\WINDOWS\system32\addra32.exe
O4 - HKLM\..\RunOnce: [javasl32.exe] C:\WINDOWS\javasl32.exe
O4 - HKLM\..\RunOnce: [mfcln.exe] C:\WINDOWS\system32\mfcln.exe
O4 - HKLM\..\RunOnce: [iprn.exe] C:\WINDOWS\system32\iprn.exe
O4 - HKLM\..\RunOnce: [javavt.exe] C:\WINDOWS\javavt.exe
O4 - HKLM\..\RunOnce: [sysck.exe] C:\WINDOWS\sysck.exe
O4 - HKLM\..\RunOnce: [ntzv.exe] C:\WINDOWS\ntzv.exe
O4 - HKLM\..\RunOnce: [netav32.exe] C:\WINDOWS\system32\netav32.exe
O4 - HKLM\..\RunOnce: [winuz32.exe] C:\WINDOWS\system32\winuz32.exe
O4 - HKLM\..\RunOnce: [sysrx.exe] C:\WINDOWS\sysrx.exe
O4 - HKLM\..\RunOnce: [syspo.exe] C:\WINDOWS\system32\syspo.exe
O4 - HKLM\..\RunOnce: [ieoj32.exe] C:\WINDOWS\system32\ieoj32.exe
O4 - HKLM\..\RunOnce: [mfczs32.exe] C:\WINDOWS\system32\mfczs32.exe
O4 - HKLM\..\RunOnce: [mfczv.exe] C:\WINDOWS\system32\mfczv.exe
O4 - HKLM\..\RunOnce: [addya.exe] C:\WINDOWS\system32\addya.exe
O4 - HKLM\..\RunOnce: [javand32.exe] C:\WINDOWS\system32\javand32.exe
O4 - HKLM\..\RunOnce: [sysgb.exe] C:\WINDOWS\sysgb.exe
O4 - HKLM\..\RunOnce: [syswb.exe] C:\WINDOWS\syswb.exe
O4 - HKLM\..\RunOnce: [javaur32.exe] C:\WINDOWS\system32\javaur32.exe
O4 - HKLM\..\RunOnce: [ntqa.exe] C:\WINDOWS\ntqa.exe
O4 - HKLM\..\RunOnce: [msue.exe] C:\WINDOWS\msue.exe
O4 - HKLM\..\RunOnce: [appyo.exe] C:\WINDOWS\appyo.exe
O4 - HKLM\..\RunOnce: [netrn.exe] C:\WINDOWS\netrn.exe
O4 - HKLM\..\RunOnce: [ipcy32.exe] C:\WINDOWS\system32\ipcy32.exe
O4 - HKLM\..\RunOnce: [atlbl32.exe] C:\WINDOWS\atlbl32.exe
O4 - HKLM\..\RunOnce: [msav.exe] C:\WINDOWS\msav.exe
O4 - HKLM\..\RunOnce: [apizp32.exe] C:\WINDOWS\apizp32.exe
O4 - HKLM\..\RunOnce: [sdkzg32.exe] C:\WINDOWS\system32\sdkzg32.exe
O4 - HKLM\..\RunOnce: [d3ne.exe] C:\WINDOWS\d3ne.exe
O4 - HKLM\..\RunOnce: [mstb32.exe] C:\WINDOWS\mstb32.exe
O4 - HKLM\..\RunOnce: [sdkqd.exe] C:\WINDOWS\system32\sdkqd.exe
O4 - HKLM\..\RunOnce: [sdkwz.exe] C:\WINDOWS\system32\sdkwz.exe
O4 - HKLM\..\RunOnce: [iplo.exe] C:\WINDOWS\system32\iplo.exe
O4 - HKLM\..\RunOnce: [crcb.exe] C:\WINDOWS\system32\crcb.exe
O4 - HKLM\..\RunOnce: [winko.exe] C:\WINDOWS\system32\winko.exe
O4 - HKLM\..\RunOnce: [apipq.exe] C:\WINDOWS\apipq.exe
O4 - HKLM\..\RunOnce: [ntfx32.exe] C:\WINDOWS\ntfx32.exe
O4 - HKLM\..\RunOnce: [ipzl32.exe] C:\WINDOWS\system32\ipzl32.exe
O4 - HKLM\..\RunOnce: [netjh.exe] C:\WINDOWS\netjh.exe
O4 - HKLM\..\RunOnce: [crru.exe] C:\WINDOWS\crru.exe
O4 - HKLM\..\RunOnce: [javanj.exe] C:\WINDOWS\system32\javanj.exe
O4 - HKLM\..\RunOnce: [appgr32.exe] C:\WINDOWS\system32\appgr32.exe
O4 - HKLM\..\RunOnce: [winlc.exe] C:\WINDOWS\winlc.exe
O4 - HKLM\..\RunOnce: [mfccj32.exe] C:\WINDOWS\mfccj32.exe
O4 - HKLM\..\RunOnce: [crkc32.exe] C:\WINDOWS\system32\crkc32.exe
O4 - HKLM\..\RunOnce: [netxe.exe] C:\WINDOWS\system32\netxe.exe
O4 - HKLM\..\RunOnce: [apipg32.exe] C:\WINDOWS\system32\apipg32.exe
O4 - HKLM\..\RunOnce: [crhk32.exe] C:\WINDOWS\crhk32.exe
O4 - HKLM\..\RunOnce: [winrl32.exe] C:\WINDOWS\system32\winrl32.exe
O4 - HKLM\..\RunOnce: [crwf32.exe] C:\WINDOWS\system32\crwf32.exe
O4 - HKLM\..\RunOnce: [syskn.exe] C:\WINDOWS\syskn.exe
O4 - HKLM\..\RunOnce: [nettt32.exe] C:\WINDOWS\system32\nettt32.exe
O4 - HKLM\..\RunOnce: [msph.exe] C:\WINDOWS\msph.exe
O4 - HKLM\..\RunOnce: [apiiq.exe] C:\WINDOWS\system32\apiiq.exe
O4 - HKLM\..\RunOnce: [ipjb.exe] C:\WINDOWS\system32\ipjb.exe
O4 - HKLM\..\RunOnce: [apicc32.exe] C:\WINDOWS\system32\apicc32.exe
O4 - HKLM\..\RunOnce: [apprt32.exe] C:\WINDOWS\system32\apprt32.exe
O4 - HKLM\..\RunOnce: [winpm.exe] C:\WINDOWS\system32\winpm.exe
O4 - HKLM\..\RunOnce: [msuw32.exe] C:\WINDOWS\msuw32.exe
O4 - HKLM\..\RunOnce: [nthg32.exe] C:\WINDOWS\system32\nthg32.exe
O4 - HKLM\..\RunOnce: [sdknu.exe] C:\WINDOWS\system32\sdknu.exe
O4 - HKLM\..\RunOnce: [winwb32.exe] C:\WINDOWS\system32\winwb32.exe
O4 - HKLM\..\RunOnce: [netgp32.exe] C:\WINDOWS\system32\netgp32.exe
O4 - HKLM\..\RunOnce: [javaec.exe] C:\WINDOWS\system32\javaec.exe
O4 - HKLM\..\RunOnce: [crsf32.exe] C:\WINDOWS\system32\crsf32.exe
O4 - HKLM\..\RunOnce: [winlp32.exe] C:\WINDOWS\system32\winlp32.exe
O4 - HKLM\..\RunOnce: [ntss32.exe] C:\WINDOWS\ntss32.exe
O4 - HKLM\..\RunOnce: [mfcwl32.exe] C:\WINDOWS\mfcwl32.exe
O4 - HKLM\..\RunOnce: [iekn.exe] C:\WINDOWS\system32\iekn.exe
O4 - HKLM\..\RunOnce: [apiqe.exe] C:\WINDOWS\system32\apiqe.exe
O4 - HKLM\..\RunOnce: [winvy32.exe] C:\WINDOWS\system32\winvy32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft.hta
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Read By Natural Voice Reader - C:\Program Files\NaturalReaders\Natural Voice Reader Free\read.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Program Files\NaturalReaders\Natural Voice Reader Free\read.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.game...ts/y/cct0_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.s...og/y/fs10_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: Yahoo! MahJong - http://download.game...nts/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Reversi - http://download.game...nts/y/rt0_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.game...ts/y/sdt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.game...nts/y/wt1_x.cab
O16 - DPF: {1471EAED-278A-4777-8803-CFFEE82A00A8} - http://micronetclub....3dx/3daplyr.CAB
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17....es/MsnPUpld.cab
O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - (no file)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\appwl32.exe
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /Service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe" /Service (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  • 0

Advertisements

#2
Excal
Posted 07 August 2005 - 03:35 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi ineedhelp69 and welcome to GeeksToGo! My name is Excal and I will be helping you.

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted

How to make a permanent folder:

Click "My Computer", then "C:\" and then on "Program Files".
In the menu bar, "File"->"New"->"Folder".
That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis".
Now you have "C:\Program Files\HijackThis". Put your HijackThis.exe there.

Go to Start->Run and type in services.msc and hit OK. Then look for Remote Procedure Call (RPC) Helper and double click on it. Click on the Stop button and under Startup type, choose Disabled.

A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.

1. Please download LSPFix from here.
2. Run the LSPFix.exe that you have just finished downloading.
3. Check the I know what I'm doing box.
4. In the Keep box you should see one or more instances of cdlsp.dll and inetadpt.dll
5. Select every instance of cdlsp.dll and inetadpt.dll and move each one to the Remove box by clicking the >> button.
6. When you are done click Finish>>.
7. Reboot and please post a fresh HiJackThis log..
  • 0

#3
ineedhelp69
Posted 08 August 2005 - 06:05 PM

ineedhelp69

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thank you for responding. I followed your instructions and have a fresh hijack this log. Once again thank you for your help.

Logfile of HijackThis v1.99.1
Scan saved at 7:04:52 PM, on 8/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\sdkif32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Mikey Tubesteak\Desktop\AVgoldfiz\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dvhpg.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dvhpg.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dvhpg.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dvhpg.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dvhpg.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dvhpg.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dvhpg.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {1017A24B-257D-16EF-4FEE-A6CD064A88D5} - C:\WINDOWS\addza.dll
O2 - BHO: Class - {2FC735CE-855B-F1B2-A6ED-CAEA0E1EA230} - C:\WINDOWS\ntkb.dll
O2 - BHO: Class - {3DBE3B76-3521-BE11-EDF8-9D6FD61F6027} - C:\WINDOWS\appnu32.dll
O2 - BHO: Class - {4054D236-524F-3C5F-6F45-BD878D877CD7} - C:\WINDOWS\system32\d3od.dll
O2 - BHO: Class - {41DF9B90-2AEA-7FE8-65F2-AC393F1D4CDE} - C:\WINDOWS\system32\atlpe32.dll
O2 - BHO: Class - {4F9A4F6D-CA0E-3F49-D4C7-79FE3EB7E433} - C:\WINDOWS\appbj32.dll
O2 - BHO: Class - {5E98A737-F955-2341-8318-F6BA73211958} - C:\WINDOWS\system32\mfcij.dll
O2 - BHO: Class - {686EDB70-FD7A-B9A7-77C0-4C7E44057CFF} - C:\WINDOWS\ntiy32.dll
O2 - BHO: Class - {805B9042-4256-DBF7-8C87-9D912D49BF74} - C:\WINDOWS\system32\ipyq.dll
O2 - BHO: Class - {8309C7B2-F8C1-1F6A-FA52-5B8262B95E89} - C:\WINDOWS\system32\sdksf32.dll
O2 - BHO: Class - {94EDC8C3-C5D6-A92A-41EE-6CC367C3A231} - C:\WINDOWS\d3ec.dll
O2 - BHO: Class - {990C2121-07FF-8A44-B63F-04004FA42564} - C:\WINDOWS\system32\iend.dll
O2 - BHO: Class - {9A9D9913-F539-B818-1427-A8E89535E89C} - C:\WINDOWS\d3ip32.dll
O2 - BHO: Class - {A4F3C8E8-8F9B-C5C4-861D-055B55DB0B75} - C:\WINDOWS\cruu.dll
O2 - BHO: Class - {B372C3B7-492A-8F7B-5703-BB61D6F3BB61} - C:\WINDOWS\system32\ipuf32.dll
O2 - BHO: Class - {B5769D78-B754-5933-4551-D7BB1A2896C7} - C:\WINDOWS\syspn.dll
O2 - BHO: Class - {BABA6A69-913E-21ED-2937-B33C5CFEDC5C} - C:\WINDOWS\system32\syszw.dll
O2 - BHO: Class - {C517274B-EAF0-9359-4983-966F788D172B} - C:\WINDOWS\ipwh32.dll
O2 - BHO: Class - {C7F8F9B4-5233-5460-C2DB-34313EC35B32} - C:\WINDOWS\sdkch32.dll
O2 - BHO: Class - {CE8822B5-F232-B915-4610-F4ABB592926D} - C:\WINDOWS\mssw.dll
O2 - BHO: Class - {CF22795E-F0CD-B9F1-BAF6-79B05A0373A3} - C:\WINDOWS\ntaa.dll
O2 - BHO: Class - {D541EC16-E07C-155B-A824-E62402F04EE6} - C:\WINDOWS\system32\d3xf32.dll
O2 - BHO: Class - {E0529D79-7C19-A6FA-AAB9-F02E449A707C} - C:\WINDOWS\msxh32.dll
O2 - BHO: Class - {E5F263EB-855A-1A55-F1D3-D540309CB7A0} - C:\WINDOWS\ipsw32.dll
O2 - BHO: Class - {E68FF21A-1D01-4C00-EDC8-A80470B5A15F} - C:\WINDOWS\system32\appll32.dll
O2 - BHO: Class - {EE5C5E5D-1391-F15D-C214-27CF50897C22} - C:\WINDOWS\system32\msvy32.dll
O2 - BHO: Class - {F6ED913D-FAB1-F1A5-C359-4E2B2AC7B284} - C:\WINDOWS\system32\mfckt.dll
O2 - BHO: Class - {FB403460-5205-9C0D-68F5-071490BA8A0D} - C:\WINDOWS\msqn.dll
O2 - BHO: Class - {FEB759AF-0344-33C1-9B59-C5DB1E7E371F} - C:\WINDOWS\system32\appoo.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\DOCUME~1\MIKEYT~1\LOCALS~1\Temp\Temporary Directory 1 for cmi8738_w2k_xp_me-630.zip\CMI8738 for XP-W2K-ME\Setup.exe /SPEAKER
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [sdkif32.exe] C:\WINDOWS\sdkif32.exe
O4 - HKLM\..\Run: [sysqm32.exe] C:\WINDOWS\system32\sysqm32.exe
O4 - HKLM\..\Run: [iegc.exe] C:\WINDOWS\system32\iegc.exe
O4 - HKLM\..\Run: [appal32.exe] C:\WINDOWS\system32\appal32.exe
O4 - HKLM\..\Run: [javaeg.exe] C:\WINDOWS\javaeg.exe
O4 - HKLM\..\Run: [apiyf32.exe] C:\WINDOWS\apiyf32.exe
O4 - HKLM\..\Run: [d3fi32.exe] C:\WINDOWS\system32\d3fi32.exe
O4 - HKLM\..\Run: [ielt.exe] C:\WINDOWS\system32\ielt.exe
O4 - HKLM\..\Run: [javayd32.exe] C:\WINDOWS\system32\javayd32.exe
O4 - HKLM\..\Run: [winmr.exe] C:\WINDOWS\system32\winmr.exe
O4 - HKLM\..\Run: [addyn32.exe] C:\WINDOWS\addyn32.exe
O4 - HKLM\..\Run: [mfctl32.exe] C:\WINDOWS\system32\mfctl32.exe
O4 - HKLM\..\Run: [apppp32.exe] C:\WINDOWS\system32\apppp32.exe
O4 - HKLM\..\Run: [crid32.exe] C:\WINDOWS\system32\crid32.exe
O4 - HKLM\..\Run: [mfcjb32.exe] C:\WINDOWS\system32\mfcjb32.exe
O4 - HKLM\..\Run: [winaf.exe] C:\WINDOWS\winaf.exe
O4 - HKLM\..\Run: [ipfe.exe] C:\WINDOWS\ipfe.exe
O4 - HKLM\..\Run: [ielx.exe] C:\WINDOWS\ielx.exe
O4 - HKLM\..\Run: [atljt.exe] C:\WINDOWS\atljt.exe
O4 - HKLM\..\Run: [d3kf.exe] C:\WINDOWS\system32\d3kf.exe
O4 - HKLM\..\Run: [mfczy.exe] C:\WINDOWS\system32\mfczy.exe
O4 - HKLM\..\Run: [winal.exe] C:\WINDOWS\system32\winal.exe
O4 - HKLM\..\Run: [d3os32.exe] C:\WINDOWS\system32\d3os32.exe
O4 - HKLM\..\Run: [addbg32.exe] C:\WINDOWS\system32\addbg32.exe
O4 - HKLM\..\Run: [apivz32.exe] C:\WINDOWS\system32\apivz32.exe
O4 - HKLM\..\Run: [iphd32.exe] C:\WINDOWS\iphd32.exe
O4 - HKLM\..\Run: [winrs32.exe] C:\WINDOWS\winrs32.exe
O4 - HKLM\..\Run: [ipqa32.exe] C:\WINDOWS\system32\ipqa32.exe
O4 - HKLM\..\Run: [apisf32.exe] C:\WINDOWS\system32\apisf32.exe
O4 - HKLM\..\Run: [winua.exe] C:\WINDOWS\system32\winua.exe
O4 - HKLM\..\Run: [javaiq.exe] C:\WINDOWS\javaiq.exe
O4 - HKLM\..\Run: [sdkpj32.exe] C:\WINDOWS\sdkpj32.exe
O4 - HKLM\..\Run: [atlud.exe] C:\WINDOWS\system32\atlud.exe
O4 - HKLM\..\Run: [d3hl32.exe] C:\WINDOWS\system32\d3hl32.exe
O4 - HKLM\..\Run: [mfcav.exe] C:\WINDOWS\mfcav.exe
O4 - HKLM\..\Run: [sdksr.exe] C:\WINDOWS\sdksr.exe
O4 - HKLM\..\Run: [apivh.exe] C:\WINDOWS\apivh.exe
O4 - HKLM\..\Run: [sdkia.exe] C:\WINDOWS\system32\sdkia.exe
O4 - HKLM\..\Run: [d3ri.exe] C:\WINDOWS\d3ri.exe
O4 - HKLM\..\RunOnce: [adduu.exe] C:\WINDOWS\adduu.exe
O4 - HKLM\..\RunOnce: [wingz32.exe] C:\WINDOWS\system32\wingz32.exe
O4 - HKLM\..\RunOnce: [syspd32.exe] C:\WINDOWS\syspd32.exe
O4 - HKLM\..\RunOnce: [crqs32.exe] C:\WINDOWS\crqs32.exe
O4 - HKLM\..\RunOnce: [iedc32.exe] C:\WINDOWS\system32\iedc32.exe
O4 - HKLM\..\RunOnce: [atlcq.exe] C:\WINDOWS\system32\atlcq.exe
O4 - HKLM\..\RunOnce: [crbs.exe] C:\WINDOWS\system32\crbs.exe
O4 - HKLM\..\RunOnce: [ielf.exe] C:\WINDOWS\system32\ielf.exe
O4 - HKLM\..\RunOnce: [ntoy32.exe] C:\WINDOWS\system32\ntoy32.exe
O4 - HKLM\..\RunOnce: [netsz.exe] C:\WINDOWS\system32\netsz.exe
O4 - HKLM\..\RunOnce: [winti32.exe] C:\WINDOWS\winti32.exe
O4 - HKLM\..\RunOnce: [mswn.exe] C:\WINDOWS\system32\mswn.exe
O4 - HKLM\..\RunOnce: [sdkvy.exe] C:\WINDOWS\sdkvy.exe
O4 - HKLM\..\RunOnce: [iesh32.exe] C:\WINDOWS\iesh32.exe
O4 - HKLM\..\RunOnce: [appkq32.exe] C:\WINDOWS\system32\appkq32.exe
O4 - HKLM\..\RunOnce: [netmt32.exe] C:\WINDOWS\system32\netmt32.exe
O4 - HKLM\..\RunOnce: [addrn.exe] C:\WINDOWS\system32\addrn.exe
O4 - HKLM\..\RunOnce: [netkj32.exe] C:\WINDOWS\netkj32.exe
O4 - HKLM\..\RunOnce: [crwj.exe] C:\WINDOWS\crwj.exe
O4 - HKLM\..\RunOnce: [winbl.exe] C:\WINDOWS\winbl.exe
O4 - HKLM\..\RunOnce: [mfchw.exe] C:\WINDOWS\system32\mfchw.exe
O4 - HKLM\..\RunOnce: [netdp.exe] C:\WINDOWS\system32\netdp.exe
O4 - HKLM\..\RunOnce: [iewx32.exe] C:\WINDOWS\system32\iewx32.exe
O4 - HKLM\..\RunOnce: [d3ft32.exe] C:\WINDOWS\system32\d3ft32.exe
O4 - HKLM\..\RunOnce: [ntyk32.exe] C:\WINDOWS\ntyk32.exe
O4 - HKLM\..\RunOnce: [crrb32.exe] C:\WINDOWS\system32\crrb32.exe
O4 - HKLM\..\RunOnce: [iebn32.exe] C:\WINDOWS\system32\iebn32.exe
O4 - HKLM\..\RunOnce: [javavq32.exe] C:\WINDOWS\javavq32.exe
O4 - HKLM\..\RunOnce: [addoy.exe] C:\WINDOWS\addoy.exe
O4 - HKLM\..\RunOnce: [sysmj32.exe] C:\WINDOWS\system32\sysmj32.exe
O4 - HKLM\..\RunOnce: [winzx.exe] C:\WINDOWS\winzx.exe
O4 - HKLM\..\RunOnce: [apiku.exe] C:\WINDOWS\system32\apiku.exe
O4 - HKLM\..\RunOnce: [javaow.exe] C:\WINDOWS\system32\javaow.exe
O4 - HKLM\..\RunOnce: [javasj32.exe] C:\WINDOWS\system32\javasj32.exe
O4 - HKLM\..\RunOnce: [netps.exe] C:\WINDOWS\system32\netps.exe
O4 - HKLM\..\RunOnce: [addwy32.exe] C:\WINDOWS\addwy32.exe
O4 - HKLM\..\RunOnce: [mfcug.exe] C:\WINDOWS\mfcug.exe
O4 - HKLM\..\RunOnce: [ieyy32.exe] C:\WINDOWS\ieyy32.exe
O4 - HKLM\..\RunOnce: [ntzh.exe] C:\WINDOWS\system32\ntzh.exe
O4 - HKLM\..\RunOnce: [mshu.exe] C:\WINDOWS\system32\mshu.exe
O4 - HKLM\..\RunOnce: [crzt.exe] C:\WINDOWS\crzt.exe
O4 - HKLM\..\RunOnce: [mshw32.exe] C:\WINDOWS\system32\mshw32.exe
O4 - HKLM\..\RunOnce: [ipwv32.exe] C:\WINDOWS\ipwv32.exe
O4 - HKLM\..\RunOnce: [cryn32.exe] C:\WINDOWS\cryn32.exe
O4 - HKLM\..\RunOnce: [winhi32.exe] C:\WINDOWS\winhi32.exe
O4 - HKLM\..\RunOnce: [javakt.exe] C:\WINDOWS\system32\javakt.exe
O4 - HKLM\..\RunOnce: [mfcnl32.exe] C:\WINDOWS\system32\mfcnl32.exe
O4 - HKLM\..\RunOnce: [ielj.exe] C:\WINDOWS\ielj.exe
O4 - HKLM\..\RunOnce: [apprv.exe] C:\WINDOWS\system32\apprv.exe
O4 - HKLM\..\RunOnce: [iecm32.exe] C:\WINDOWS\iecm32.exe
O4 - HKLM\..\RunOnce: [ipth.exe] C:\WINDOWS\ipth.exe
O4 - HKLM\..\RunOnce: [winge.exe] C:\WINDOWS\system32\winge.exe
O4 - HKLM\..\RunOnce: [ipnd32.exe] C:\WINDOWS\ipnd32.exe
O4 - HKLM\..\RunOnce: [crqv.exe] C:\WINDOWS\system32\crqv.exe
O4 - HKLM\..\RunOnce: [addra32.exe] C:\WINDOWS\system32\addra32.exe
O4 - HKLM\..\RunOnce: [javasl32.exe] C:\WINDOWS\javasl32.exe
O4 - HKLM\..\RunOnce: [mfcln.exe] C:\WINDOWS\system32\mfcln.exe
O4 - HKLM\..\RunOnce: [iprn.exe] C:\WINDOWS\system32\iprn.exe
O4 - HKLM\..\RunOnce: [javavt.exe] C:\WINDOWS\javavt.exe
O4 - HKLM\..\RunOnce: [ntzv.exe] C:\WINDOWS\ntzv.exe
O4 - HKLM\..\RunOnce: [netav32.exe] C:\WINDOWS\system32\netav32.exe
O4 - HKLM\..\RunOnce: [sysrx.exe] C:\WINDOWS\sysrx.exe
O4 - HKLM\..\RunOnce: [syspo.exe] C:\WINDOWS\system32\syspo.exe
O4 - HKLM\..\RunOnce: [ieoj32.exe] C:\WINDOWS\system32\ieoj32.exe
O4 - HKLM\..\RunOnce: [mfczs32.exe] C:\WINDOWS\system32\mfczs32.exe
O4 - HKLM\..\RunOnce: [addya.exe] C:\WINDOWS\system32\addya.exe
O4 - HKLM\..\RunOnce: [javand32.exe] C:\WINDOWS\system32\javand32.exe
O4 - HKLM\..\RunOnce: [sysgb.exe] C:\WINDOWS\sysgb.exe
O4 - HKLM\..\RunOnce: [syswb.exe] C:\WINDOWS\syswb.exe
O4 - HKLM\..\RunOnce: [javaur32.exe] C:\WINDOWS\system32\javaur32.exe
O4 - HKLM\..\RunOnce: [ntqa.exe] C:\WINDOWS\ntqa.exe
O4 - HKLM\..\RunOnce: [msue.exe] C:\WINDOWS\msue.exe
O4 - HKLM\..\RunOnce: [appyo.exe] C:\WINDOWS\appyo.exe
O4 - HKLM\..\RunOnce: [netrn.exe] C:\WINDOWS\netrn.exe
O4 - HKLM\..\RunOnce: [ipcy32.exe] C:\WINDOWS\system32\ipcy32.exe
O4 - HKLM\..\RunOnce: [atlbl32.exe] C:\WINDOWS\atlbl32.exe
O4 - HKLM\..\RunOnce: [msav.exe] C:\WINDOWS\msav.exe
O4 - HKLM\..\RunOnce: [apizp32.exe] C:\WINDOWS\apizp32.exe
O4 - HKLM\..\RunOnce: [sdkzg32.exe] C:\WINDOWS\system32\sdkzg32.exe
O4 - HKLM\..\RunOnce: [d3ne.exe] C:\WINDOWS\d3ne.exe
O4 - HKLM\..\RunOnce: [mstb32.exe] C:\WINDOWS\mstb32.exe
O4 - HKLM\..\RunOnce: [sdkqd.exe] C:\WINDOWS\system32\sdkqd.exe
O4 - HKLM\..\RunOnce: [sdkwz.exe] C:\WINDOWS\system32\sdkwz.exe
O4 - HKLM\..\RunOnce: [iplo.exe] C:\WINDOWS\system32\iplo.exe
O4 - HKLM\..\RunOnce: [crcb.exe] C:\WINDOWS\system32\crcb.exe
O4 - HKLM\..\RunOnce: [winko.exe] C:\WINDOWS\system32\winko.exe
O4 - HKLM\..\RunOnce: [apipq.exe] C:\WINDOWS\apipq.exe
O4 - HKLM\..\RunOnce: [ntfx32.exe] C:\WINDOWS\ntfx32.exe
O4 - HKLM\..\RunOnce: [ipzl32.exe] C:\WINDOWS\system32\ipzl32.exe
O4 - HKLM\..\RunOnce: [netjh.exe] C:\WINDOWS\netjh.exe
O4 - HKLM\..\RunOnce: [crru.exe] C:\WINDOWS\crru.exe
O4 - HKLM\..\RunOnce: [javanj.exe] C:\WINDOWS\system32\javanj.exe
O4 - HKLM\..\RunOnce: [appgr32.exe] C:\WINDOWS\system32\appgr32.exe
O4 - HKLM\..\RunOnce: [winlc.exe] C:\WINDOWS\winlc.exe
O4 - HKLM\..\RunOnce: [mfccj32.exe] C:\WINDOWS\mfccj32.exe
O4 - HKLM\..\RunOnce: [crkc32.exe] C:\WINDOWS\system32\crkc32.exe
O4 - HKLM\..\RunOnce: [netxe.exe] C:\WINDOWS\system32\netxe.exe
O4 - HKLM\..\RunOnce: [apipg32.exe] C:\WINDOWS\system32\apipg32.exe
O4 - HKLM\..\RunOnce: [crhk32.exe] C:\WINDOWS\crhk32.exe
O4 - HKLM\..\RunOnce: [winrl32.exe] C:\WINDOWS\system32\winrl32.exe
O4 - HKLM\..\RunOnce: [crwf32.exe] C:\WINDOWS\system32\crwf32.exe
O4 - HKLM\..\RunOnce: [syskn.exe] C:\WINDOWS\syskn.exe
O4 - HKLM\..\RunOnce: [nettt32.exe] C:\WINDOWS\system32\nettt32.exe
O4 - HKLM\..\RunOnce: [apiiq.exe] C:\WINDOWS\system32\apiiq.exe
O4 - HKLM\..\RunOnce: [ipjb.exe] C:\WINDOWS\system32\ipjb.exe
O4 - HKLM\..\RunOnce: [apicc32.exe] C:\WINDOWS\system32\apicc32.exe
O4 - HKLM\..\RunOnce: [nthg32.exe] C:\WINDOWS\system32\nthg32.exe
O4 - HKLM\..\RunOnce: [winwb32.exe] C:\WINDOWS\system32\winwb32.exe
O4 - HKLM\..\RunOnce: [crsf32.exe] C:\WINDOWS\system32\crsf32.exe
O4 - HKLM\..\RunOnce: [apiqe.exe] C:\WINDOWS\apiqe.exe
O4 - HKLM\..\RunOnce: [apinx.exe] C:\WINDOWS\apinx.exe
O4 - HKLM\..\RunOnce: [ntyy32.exe] C:\WINDOWS\ntyy32.exe
O4 - HKLM\..\RunOnce: [ntnt.exe] C:\WINDOWS\system32\ntnt.exe
O4 - HKLM\..\RunOnce: [d3rp.exe] C:\WINDOWS\system32\d3rp.exe
O4 - HKLM\..\RunOnce: [d3ab.exe] C:\WINDOWS\d3ab.exe
O4 - HKLM\..\RunOnce: [apiof.exe] C:\WINDOWS\system32\apiof.exe
O4 - HKLM\..\RunOnce: [msir.exe] C:\WINDOWS\msir.exe
O4 - HKLM\..\RunOnce: [crjp.exe] C:\WINDOWS\system32\crjp.exe
O4 - HKLM\..\RunOnce: [ipwz.exe] C:\WINDOWS\system32\ipwz.exe
O4 - HKLM\..\RunOnce: [netfz.exe] C:\WINDOWS\netfz.exe
O4 - HKLM\..\RunOnce: [winlt.exe] C:\WINDOWS\winlt.exe
O4 - HKLM\..\RunOnce: [msof32.exe] C:\WINDOWS\system32\msof32.exe
O4 - HKLM\..\RunOnce: [ipua32.exe] C:\WINDOWS\ipua32.exe
O4 - HKLM\..\RunOnce: [ipix.exe] C:\WINDOWS\system32\ipix.exe
O4 - HKLM\..\RunOnce: [apirv.exe] C:\WINDOWS\apirv.exe
O4 - HKLM\..\RunOnce: [winqk32.exe] C:\WINDOWS\winqk32.exe
O4 - HKLM\..\RunOnce: [d3ha.exe] C:\WINDOWS\system32\d3ha.exe
O4 - HKLM\..\RunOnce: [ipmc32.exe] C:\WINDOWS\system32\ipmc32.exe
O4 - HKLM\..\RunOnce: [javakj.exe] C:\WINDOWS\system32\javakj.exe
O4 - HKLM\..\RunOnce: [ieys.exe] C:\WINDOWS\ieys.exe
O4 - HKLM\..\RunOnce: [ipdw32.exe] C:\WINDOWS\system32\ipdw32.exe
O4 - HKLM\..\RunOnce: [sdkxh32.exe] C:\WINDOWS\sdkxh32.exe
O4 - HKLM\..\RunOnce: [atlcj32.exe] C:\WINDOWS\system32\atlcj32.exe
O4 - HKLM\..\RunOnce: [apivv32.exe] C:\WINDOWS\system32\apivv32.exe
O4 - HKLM\..\RunOnce: [sysar32.exe] C:\WINDOWS\sysar32.exe
O4 - HKLM\..\RunOnce: [mspr.exe] C:\WINDOWS\system32\mspr.exe
O4 - HKLM\..\RunOnce: [ntcl32.exe] C:\WINDOWS\system32\ntcl32.exe
O4 - HKLM\..\RunOnce: [appwl32.exe] C:\WINDOWS\appwl32.exe
O4 - HKLM\..\RunOnce: [msmk.exe] C:\WINDOWS\msmk.exe
O4 - HKLM\..\RunOnce: [apivo.exe] C:\WINDOWS\system32\apivo.exe
O4 - HKLM\..\RunOnce: [crgk.exe] C:\WINDOWS\crgk.exe
O4 - HKLM\..\RunOnce: [sdkok32.exe] C:\WINDOWS\sdkok32.exe
O4 - HKLM\..\RunOnce: [mfcue.exe] C:\WINDOWS\system32\mfcue.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft.hta
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Read By Natural Voice Reader - C:\Program Files\NaturalReaders\Natural Voice Reader Free\read.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Program Files\NaturalReaders\Natural Voice Reader Free\read.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.game...ts/y/cct0_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.s...og/y/fs10_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: Yahoo! MahJong - http://download.game...nts/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Reversi - http://download.game...nts/y/rt0_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.game...ts/y/sdt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.game...nts/y/wt1_x.cab
O16 - DPF: {1471EAED-278A-4777-8803-CFFEE82A00A8} - http://micronetclub....3dx/3daplyr.CAB
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17....es/MsnPUpld.cab
O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - (no file)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\appwl32.exe
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /Service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe" /Service (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  • 0

#4
Excal
Posted 08 August 2005 - 07:40 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi ineedhelp69,

You got your work cut out for you on this one!



DOWNLOAD PROGRAMS

Please download and install these programs - don't run them yet!!

Please download and unzip
About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.
AboutBuster MUST be updated before you use it.
Start AboutBuster, click the update button, check for updates. Please don't run it yet.

Please download and install AD-Aware.

Check Here on how setup and use it - please make sure you update it first.

Download and unzip HSfix to your desktop :
HSRegFix

Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Download CWShredder here to its own folder.

Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
We will be using this program later.

Download the Host Here
Please do not use program yet


THE FIX

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Open up the Host program.
  • Make sure that the "make hosts writable?" button in the upper right corner is enabled.
  • Click back up Host files
  • then click Restore orginal host files
  • close program
4. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

5. Go to Start->Run and type in services.msc and hit OK. Then look for Service: Remote Procedure Call (RPC) Helper and double click on it. Click on the Stop button and under Startup type, choose Disabled.

6. Close all browsers, windows and unneeded programs.

7. Open HiJack and do a scan.

8. Put a Check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dvhpg.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dvhpg.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dvhpg.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dvhpg.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dvhpg.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dvhpg.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dvhpg.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {1017A24B-257D-16EF-4FEE-A6CD064A88D5} - C:\WINDOWS\addza.dll
O2 - BHO: Class - {2FC735CE-855B-F1B2-A6ED-CAEA0E1EA230} - C:\WINDOWS\ntkb.dll
O2 - BHO: Class - {3DBE3B76-3521-BE11-EDF8-9D6FD61F6027} - C:\WINDOWS\appnu32.dll
O2 - BHO: Class - {4054D236-524F-3C5F-6F45-BD878D877CD7} - C:\WINDOWS\system32\d3od.dll
O2 - BHO: Class - {41DF9B90-2AEA-7FE8-65F2-AC393F1D4CDE} - C:\WINDOWS\system32\atlpe32.dll
O2 - BHO: Class - {4F9A4F6D-CA0E-3F49-D4C7-79FE3EB7E433} - C:\WINDOWS\appbj32.dll
O2 - BHO: Class - {5E98A737-F955-2341-8318-F6BA73211958} - C:\WINDOWS\system32\mfcij.dll
O2 - BHO: Class - {686EDB70-FD7A-B9A7-77C0-4C7E44057CFF} - C:\WINDOWS\ntiy32.dll
O2 - BHO: Class - {805B9042-4256-DBF7-8C87-9D912D49BF74} - C:\WINDOWS\system32\ipyq.dll
O2 - BHO: Class - {8309C7B2-F8C1-1F6A-FA52-5B8262B95E89} - C:\WINDOWS\system32\sdksf32.dll
O2 - BHO: Class - {94EDC8C3-C5D6-A92A-41EE-6CC367C3A231} - C:\WINDOWS\d3ec.dll
O2 - BHO: Class - {990C2121-07FF-8A44-B63F-04004FA42564} - C:\WINDOWS\system32\iend.dll
O2 - BHO: Class - {9A9D9913-F539-B818-1427-A8E89535E89C} - C:\WINDOWS\d3ip32.dll
O2 - BHO: Class - {A4F3C8E8-8F9B-C5C4-861D-055B55DB0B75} - C:\WINDOWS\cruu.dll
O2 - BHO: Class - {B372C3B7-492A-8F7B-5703-BB61D6F3BB61} - C:\WINDOWS\system32\ipuf32.dll
O2 - BHO: Class - {B5769D78-B754-5933-4551-D7BB1A2896C7} - C:\WINDOWS\syspn.dll
O2 - BHO: Class - {BABA6A69-913E-21ED-2937-B33C5CFEDC5C} - C:\WINDOWS\system32\syszw.dll
O2 - BHO: Class - {C517274B-EAF0-9359-4983-966F788D172B} - C:\WINDOWS\ipwh32.dll
O2 - BHO: Class - {C7F8F9B4-5233-5460-C2DB-34313EC35B32} - C:\WINDOWS\sdkch32.dll
O2 - BHO: Class - {CE8822B5-F232-B915-4610-F4ABB592926D} - C:\WINDOWS\mssw.dll
O2 - BHO: Class - {CF22795E-F0CD-B9F1-BAF6-79B05A0373A3} - C:\WINDOWS\ntaa.dll
O2 - BHO: Class - {D541EC16-E07C-155B-A824-E62402F04EE6} - C:\WINDOWS\system32\d3xf32.dll
O2 - BHO: Class - {E0529D79-7C19-A6FA-AAB9-F02E449A707C} - C:\WINDOWS\msxh32.dll
O2 - BHO: Class - {E5F263EB-855A-1A55-F1D3-D540309CB7A0} - C:\WINDOWS\ipsw32.dll
O2 - BHO: Class - {E68FF21A-1D01-4C00-EDC8-A80470B5A15F} - C:\WINDOWS\system32\appll32.dll
O2 - BHO: Class - {EE5C5E5D-1391-F15D-C214-27CF50897C22} - C:\WINDOWS\system32\msvy32.dll
O2 - BHO: Class - {F6ED913D-FAB1-F1A5-C359-4E2B2AC7B284} - C:\WINDOWS\system32\mfckt.dll
O2 - BHO: Class - {FB403460-5205-9C0D-68F5-071490BA8A0D} - C:\WINDOWS\msqn.dll
O2 - BHO: Class - {FEB759AF-0344-33C1-9B59-C5DB1E7E371F} - C:\WINDOWS\system32\appoo.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [sdkif32.exe] C:\WINDOWS\sdkif32.exe
O4 - HKLM\..\Run: [sysqm32.exe] C:\WINDOWS\system32\sysqm32.exe
O4 - HKLM\..\Run: [iegc.exe] C:\WINDOWS\system32\iegc.exe
O4 - HKLM\..\Run: [appal32.exe] C:\WINDOWS\system32\appal32.exe
O4 - HKLM\..\Run: [javaeg.exe] C:\WINDOWS\javaeg.exe
O4 - HKLM\..\Run: [apiyf32.exe] C:\WINDOWS\apiyf32.exe
O4 - HKLM\..\Run: [d3fi32.exe] C:\WINDOWS\system32\d3fi32.exe
O4 - HKLM\..\Run: [ielt.exe] C:\WINDOWS\system32\ielt.exe
O4 - HKLM\..\Run: [javayd32.exe] C:\WINDOWS\system32\javayd32.exe
O4 - HKLM\..\Run: [winmr.exe] C:\WINDOWS\system32\winmr.exe
O4 - HKLM\..\Run: [addyn32.exe] C:\WINDOWS\addyn32.exe
O4 - HKLM\..\Run: [mfctl32.exe] C:\WINDOWS\system32\mfctl32.exe
O4 - HKLM\..\Run: [apppp32.exe] C:\WINDOWS\system32\apppp32.exe
O4 - HKLM\..\Run: [crid32.exe] C:\WINDOWS\system32\crid32.exe
O4 - HKLM\..\Run: [mfcjb32.exe] C:\WINDOWS\system32\mfcjb32.exe
O4 - HKLM\..\Run: [winaf.exe] C:\WINDOWS\winaf.exe
O4 - HKLM\..\Run: [ipfe.exe] C:\WINDOWS\ipfe.exe
O4 - HKLM\..\Run: [ielx.exe] C:\WINDOWS\ielx.exe
O4 - HKLM\..\Run: [atljt.exe] C:\WINDOWS\atljt.exe
O4 - HKLM\..\Run: [d3kf.exe] C:\WINDOWS\system32\d3kf.exe
O4 - HKLM\..\Run: [mfczy.exe] C:\WINDOWS\system32\mfczy.exe
O4 - HKLM\..\Run: [winal.exe] C:\WINDOWS\system32\winal.exe
O4 - HKLM\..\Run: [d3os32.exe] C:\WINDOWS\system32\d3os32.exe
O4 - HKLM\..\Run: [addbg32.exe] C:\WINDOWS\system32\addbg32.exe
O4 - HKLM\..\Run: [apivz32.exe] C:\WINDOWS\system32\apivz32.exe
O4 - HKLM\..\Run: [iphd32.exe] C:\WINDOWS\iphd32.exe
O4 - HKLM\..\Run: [winrs32.exe] C:\WINDOWS\winrs32.exe
O4 - HKLM\..\Run: [ipqa32.exe] C:\WINDOWS\system32\ipqa32.exe
O4 - HKLM\..\Run: [apisf32.exe] C:\WINDOWS\system32\apisf32.exe
O4 - HKLM\..\Run: [winua.exe] C:\WINDOWS\system32\winua.exe
O4 - HKLM\..\Run: [javaiq.exe] C:\WINDOWS\javaiq.exe
O4 - HKLM\..\Run: [sdkpj32.exe] C:\WINDOWS\sdkpj32.exe
O4 - HKLM\..\Run: [atlud.exe] C:\WINDOWS\system32\atlud.exe
O4 - HKLM\..\Run: [d3hl32.exe] C:\WINDOWS\system32\d3hl32.exe
O4 - HKLM\..\Run: [mfcav.exe] C:\WINDOWS\mfcav.exe
O4 - HKLM\..\Run: [sdksr.exe] C:\WINDOWS\sdksr.exe
O4 - HKLM\..\Run: [apivh.exe] C:\WINDOWS\apivh.exe
O4 - HKLM\..\Run: [sdkia.exe] C:\WINDOWS\system32\sdkia.exe
O4 - HKLM\..\Run: [d3ri.exe] C:\WINDOWS\d3ri.exe
O4 - HKLM\..\RunOnce: [adduu.exe] C:\WINDOWS\adduu.exe
O4 - HKLM\..\RunOnce: [wingz32.exe] C:\WINDOWS\system32\wingz32.exe
O4 - HKLM\..\RunOnce: [syspd32.exe] C:\WINDOWS\syspd32.exe
O4 - HKLM\..\RunOnce: [crqs32.exe] C:\WINDOWS\crqs32.exe
O4 - HKLM\..\RunOnce: [iedc32.exe] C:\WINDOWS\system32\iedc32.exe
O4 - HKLM\..\RunOnce: [atlcq.exe] C:\WINDOWS\system32\atlcq.exe
O4 - HKLM\..\RunOnce: [crbs.exe] C:\WINDOWS\system32\crbs.exe
O4 - HKLM\..\RunOnce: [ielf.exe] C:\WINDOWS\system32\ielf.exe
O4 - HKLM\..\RunOnce: [ntoy32.exe] C:\WINDOWS\system32\ntoy32.exe
O4 - HKLM\..\RunOnce: [netsz.exe] C:\WINDOWS\system32\netsz.exe
O4 - HKLM\..\RunOnce: [winti32.exe] C:\WINDOWS\winti32.exe
O4 - HKLM\..\RunOnce: [mswn.exe] C:\WINDOWS\system32\mswn.exe
O4 - HKLM\..\RunOnce: [sdkvy.exe] C:\WINDOWS\sdkvy.exe
O4 - HKLM\..\RunOnce: [iesh32.exe] C:\WINDOWS\iesh32.exe
O4 - HKLM\..\RunOnce: [appkq32.exe] C:\WINDOWS\system32\appkq32.exe
O4 - HKLM\..\RunOnce: [netmt32.exe] C:\WINDOWS\system32\netmt32.exe
O4 - HKLM\..\RunOnce: [addrn.exe] C:\WINDOWS\system32\addrn.exe
O4 - HKLM\..\RunOnce: [netkj32.exe] C:\WINDOWS\netkj32.exe
O4 - HKLM\..\RunOnce: [crwj.exe] C:\WINDOWS\crwj.exe
O4 - HKLM\..\RunOnce: [winbl.exe] C:\WINDOWS\winbl.exe
O4 - HKLM\..\RunOnce: [mfchw.exe] C:\WINDOWS\system32\mfchw.exe
O4 - HKLM\..\RunOnce: [netdp.exe] C:\WINDOWS\system32\netdp.exe
O4 - HKLM\..\RunOnce: [iewx32.exe] C:\WINDOWS\system32\iewx32.exe
O4 - HKLM\..\RunOnce: [d3ft32.exe] C:\WINDOWS\system32\d3ft32.exe
O4 - HKLM\..\RunOnce: [ntyk32.exe] C:\WINDOWS\ntyk32.exe
O4 - HKLM\..\RunOnce: [crrb32.exe] C:\WINDOWS\system32\crrb32.exe
O4 - HKLM\..\RunOnce: [iebn32.exe] C:\WINDOWS\system32\iebn32.exe
O4 - HKLM\..\RunOnce: [javavq32.exe] C:\WINDOWS\javavq32.exe
O4 - HKLM\..\RunOnce: [addoy.exe] C:\WINDOWS\addoy.exe
O4 - HKLM\..\RunOnce: [sysmj32.exe] C:\WINDOWS\system32\sysmj32.exe
O4 - HKLM\..\RunOnce: [winzx.exe] C:\WINDOWS\winzx.exe
O4 - HKLM\..\RunOnce: [apiku.exe] C:\WINDOWS\system32\apiku.exe
O4 - HKLM\..\RunOnce: [javaow.exe] C:\WINDOWS\system32\javaow.exe
O4 - HKLM\..\RunOnce: [javasj32.exe] C:\WINDOWS\system32\javasj32.exe
O4 - HKLM\..\RunOnce: [netps.exe] C:\WINDOWS\system32\netps.exe
O4 - HKLM\..\RunOnce: [addwy32.exe] C:\WINDOWS\addwy32.exe
O4 - HKLM\..\RunOnce: [mfcug.exe] C:\WINDOWS\mfcug.exe
O4 - HKLM\..\RunOnce: [ieyy32.exe] C:\WINDOWS\ieyy32.exe
O4 - HKLM\..\RunOnce: [ntzh.exe] C:\WINDOWS\system32\ntzh.exe
O4 - HKLM\..\RunOnce: [mshu.exe] C:\WINDOWS\system32\mshu.exe
O4 - HKLM\..\RunOnce: [crzt.exe] C:\WINDOWS\crzt.exe
O4 - HKLM\..\RunOnce: [mshw32.exe] C:\WINDOWS\system32\mshw32.exe
O4 - HKLM\..\RunOnce: [ipwv32.exe] C:\WINDOWS\ipwv32.exe
O4 - HKLM\..\RunOnce: [cryn32.exe] C:\WINDOWS\cryn32.exe
O4 - HKLM\..\RunOnce: [winhi32.exe] C:\WINDOWS\winhi32.exe
O4 - HKLM\..\RunOnce: [javakt.exe] C:\WINDOWS\system32\javakt.exe
O4 - HKLM\..\RunOnce: [mfcnl32.exe] C:\WINDOWS\system32\mfcnl32.exe
O4 - HKLM\..\RunOnce: [ielj.exe] C:\WINDOWS\ielj.exe
O4 - HKLM\..\RunOnce: [apprv.exe] C:\WINDOWS\system32\apprv.exe
O4 - HKLM\..\RunOnce: [iecm32.exe] C:\WINDOWS\iecm32.exe
O4 - HKLM\..\RunOnce: [ipth.exe] C:\WINDOWS\ipth.exe
O4 - HKLM\..\RunOnce: [winge.exe] C:\WINDOWS\system32\winge.exe
O4 - HKLM\..\RunOnce: [ipnd32.exe] C:\WINDOWS\ipnd32.exe
O4 - HKLM\..\RunOnce: [crqv.exe] C:\WINDOWS\system32\crqv.exe
O4 - HKLM\..\RunOnce: [addra32.exe] C:\WINDOWS\system32\addra32.exe
O4 - HKLM\..\RunOnce: [javasl32.exe] C:\WINDOWS\javasl32.exe
O4 - HKLM\..\RunOnce: [mfcln.exe] C:\WINDOWS\system32\mfcln.exe
O4 - HKLM\..\RunOnce: [iprn.exe] C:\WINDOWS\system32\iprn.exe
O4 - HKLM\..\RunOnce: [javavt.exe] C:\WINDOWS\javavt.exe
O4 - HKLM\..\RunOnce: [ntzv.exe] C:\WINDOWS\ntzv.exe
O4 - HKLM\..\RunOnce: [netav32.exe] C:\WINDOWS\system32\netav32.exe
O4 - HKLM\..\RunOnce: [sysrx.exe] C:\WINDOWS\sysrx.exe
O4 - HKLM\..\RunOnce: [syspo.exe] C:\WINDOWS\system32\syspo.exe
O4 - HKLM\..\RunOnce: [ieoj32.exe] C:\WINDOWS\system32\ieoj32.exe
O4 - HKLM\..\RunOnce: [mfczs32.exe] C:\WINDOWS\system32\mfczs32.exe
O4 - HKLM\..\RunOnce: [addya.exe] C:\WINDOWS\system32\addya.exe
O4 - HKLM\..\RunOnce: [javand32.exe] C:\WINDOWS\system32\javand32.exe
O4 - HKLM\..\RunOnce: [sysgb.exe] C:\WINDOWS\sysgb.exe
O4 - HKLM\..\RunOnce: [syswb.exe] C:\WINDOWS\syswb.exe
O4 - HKLM\..\RunOnce: [javaur32.exe] C:\WINDOWS\system32\javaur32.exe
O4 - HKLM\..\RunOnce: [ntqa.exe] C:\WINDOWS\ntqa.exe
O4 - HKLM\..\RunOnce: [msue.exe] C:\WINDOWS\msue.exe
O4 - HKLM\..\RunOnce: [appyo.exe] C:\WINDOWS\appyo.exe
O4 - HKLM\..\RunOnce: [netrn.exe] C:\WINDOWS\netrn.exe
O4 - HKLM\..\RunOnce: [ipcy32.exe] C:\WINDOWS\system32\ipcy32.exe
O4 - HKLM\..\RunOnce: [atlbl32.exe] C:\WINDOWS\atlbl32.exe
O4 - HKLM\..\RunOnce: [msav.exe] C:\WINDOWS\msav.exe
O4 - HKLM\..\RunOnce: [apizp32.exe] C:\WINDOWS\apizp32.exe
O4 - HKLM\..\RunOnce: [sdkzg32.exe] C:\WINDOWS\system32\sdkzg32.exe
O4 - HKLM\..\RunOnce: [d3ne.exe] C:\WINDOWS\d3ne.exe
O4 - HKLM\..\RunOnce: [mstb32.exe] C:\WINDOWS\mstb32.exe
O4 - HKLM\..\RunOnce: [sdkqd.exe] C:\WINDOWS\system32\sdkqd.exe
O4 - HKLM\..\RunOnce: [sdkwz.exe] C:\WINDOWS\system32\sdkwz.exe
O4 - HKLM\..\RunOnce: [iplo.exe] C:\WINDOWS\system32\iplo.exe
O4 - HKLM\..\RunOnce: [crcb.exe] C:\WINDOWS\system32\crcb.exe
O4 - HKLM\..\RunOnce: [winko.exe] C:\WINDOWS\system32\winko.exe
O4 - HKLM\..\RunOnce: [apipq.exe] C:\WINDOWS\apipq.exe
O4 - HKLM\..\RunOnce: [ntfx32.exe] C:\WINDOWS\ntfx32.exe
O4 - HKLM\..\RunOnce: [ipzl32.exe] C:\WINDOWS\system32\ipzl32.exe
O4 - HKLM\..\RunOnce: [netjh.exe] C:\WINDOWS\netjh.exe
O4 - HKLM\..\RunOnce: [crru.exe] C:\WINDOWS\crru.exe
O4 - HKLM\..\RunOnce: [javanj.exe] C:\WINDOWS\system32\javanj.exe
O4 - HKLM\..\RunOnce: [appgr32.exe] C:\WINDOWS\system32\appgr32.exe
O4 - HKLM\..\RunOnce: [winlc.exe] C:\WINDOWS\winlc.exe
O4 - HKLM\..\RunOnce: [mfccj32.exe] C:\WINDOWS\mfccj32.exe
O4 - HKLM\..\RunOnce: [crkc32.exe] C:\WINDOWS\system32\crkc32.exe
O4 - HKLM\..\RunOnce: [netxe.exe] C:\WINDOWS\system32\netxe.exe
O4 - HKLM\..\RunOnce: [apipg32.exe] C:\WINDOWS\system32\apipg32.exe
O4 - HKLM\..\RunOnce: [crhk32.exe] C:\WINDOWS\crhk32.exe
O4 - HKLM\..\RunOnce: [winrl32.exe] C:\WINDOWS\system32\winrl32.exe
O4 - HKLM\..\RunOnce: [crwf32.exe] C:\WINDOWS\system32\crwf32.exe
O4 - HKLM\..\RunOnce: [syskn.exe] C:\WINDOWS\syskn.exe
O4 - HKLM\..\RunOnce: [nettt32.exe] C:\WINDOWS\system32\nettt32.exe
O4 - HKLM\..\RunOnce: [apiiq.exe] C:\WINDOWS\system32\apiiq.exe
O4 - HKLM\..\RunOnce: [ipjb.exe] C:\WINDOWS\system32\ipjb.exe
O4 - HKLM\..\RunOnce: [apicc32.exe] C:\WINDOWS\system32\apicc32.exe
O4 - HKLM\..\RunOnce: [nthg32.exe] C:\WINDOWS\system32\nthg32.exe
O4 - HKLM\..\RunOnce: [winwb32.exe] C:\WINDOWS\system32\winwb32.exe
O4 - HKLM\..\RunOnce: [crsf32.exe] C:\WINDOWS\system32\crsf32.exe
O4 - HKLM\..\RunOnce: [apiqe.exe] C:\WINDOWS\apiqe.exe
O4 - HKLM\..\RunOnce: [apinx.exe] C:\WINDOWS\apinx.exe
O4 - HKLM\..\RunOnce: [ntyy32.exe] C:\WINDOWS\ntyy32.exe
O4 - HKLM\..\RunOnce: [ntnt.exe] C:\WINDOWS\system32\ntnt.exe
O4 - HKLM\..\RunOnce: [d3rp.exe] C:\WINDOWS\system32\d3rp.exe
O4 - HKLM\..\RunOnce: [d3ab.exe] C:\WINDOWS\d3ab.exe
O4 - HKLM\..\RunOnce: [apiof.exe] C:\WINDOWS\system32\apiof.exe
O4 - HKLM\..\RunOnce: [msir.exe] C:\WINDOWS\msir.exe
O4 - HKLM\..\RunOnce: [crjp.exe] C:\WINDOWS\system32\crjp.exe
O4 - HKLM\..\RunOnce: [ipwz.exe] C:\WINDOWS\system32\ipwz.exe
O4 - HKLM\..\RunOnce: [netfz.exe] C:\WINDOWS\netfz.exe
O4 - HKLM\..\RunOnce: [winlt.exe] C:\WINDOWS\winlt.exe
O4 - HKLM\..\RunOnce: [msof32.exe] C:\WINDOWS\system32\msof32.exe
O4 - HKLM\..\RunOnce: [ipua32.exe] C:\WINDOWS\ipua32.exe
O4 - HKLM\..\RunOnce: [ipix.exe] C:\WINDOWS\system32\ipix.exe
O4 - HKLM\..\RunOnce: [apirv.exe] C:\WINDOWS\apirv.exe
O4 - HKLM\..\RunOnce: [winqk32.exe] C:\WINDOWS\winqk32.exe
O4 - HKLM\..\RunOnce: [d3ha.exe] C:\WINDOWS\system32\d3ha.exe
O4 - HKLM\..\RunOnce: [ipmc32.exe] C:\WINDOWS\system32\ipmc32.exe
O4 - HKLM\..\RunOnce: [javakj.exe] C:\WINDOWS\system32\javakj.exe
O4 - HKLM\..\RunOnce: [ieys.exe] C:\WINDOWS\ieys.exe
O4 - HKLM\..\RunOnce: [ipdw32.exe] C:\WINDOWS\system32\ipdw32.exe
O4 - HKLM\..\RunOnce: [sdkxh32.exe] C:\WINDOWS\sdkxh32.exe
O4 - HKLM\..\RunOnce: [atlcj32.exe] C:\WINDOWS\system32\atlcj32.exe
O4 - HKLM\..\RunOnce: [apivv32.exe] C:\WINDOWS\system32\apivv32.exe
O4 - HKLM\..\RunOnce: [sysar32.exe] C:\WINDOWS\sysar32.exe
O4 - HKLM\..\RunOnce: [mspr.exe] C:\WINDOWS\system32\mspr.exe
O4 - HKLM\..\RunOnce: [ntcl32.exe] C:\WINDOWS\system32\ntcl32.exe
O4 - HKLM\..\RunOnce: [appwl32.exe] C:\WINDOWS\appwl32.exe
O4 - HKLM\..\RunOnce: [msmk.exe] C:\WINDOWS\msmk.exe
O4 - HKLM\..\RunOnce: [apivo.exe] C:\WINDOWS\system32\apivo.exe
O4 - HKLM\..\RunOnce: [crgk.exe] C:\WINDOWS\crgk.exe
O4 - HKLM\..\RunOnce: [sdkok32.exe] C:\WINDOWS\sdkok32.exe
O4 - HKLM\..\RunOnce: [mfcue.exe] C:\WINDOWS\system32\mfcue.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft.hta
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - (no file)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\appwl32.exe

9. click the Fix Checked box

10. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\sdkif32.exe
C:\WINDOWS\system32\sysqm32.exe
C:\WINDOWS\system32\iegc.exe
C:\WINDOWS\system32\appal32.exe
C:\WINDOWS\javaeg.exe
C:\WINDOWS\apiyf32.exe
C:\WINDOWS\system32\d3fi32.exe
C:\WINDOWS\system32\ielt.exe
C:\WINDOWS\system32\javayd32.exe
C:\WINDOWS\system32\winmr.exe
C:\WINDOWS\addyn32.exe
C:\WINDOWS\system32\mfctl32.exe
C:\WINDOWS\system32\apppp32.exe
C:\WINDOWS\system32\crid32.exe
C:\WINDOWS\system32\mfcjb32.exe
C:\WINDOWS\winaf.exe
C:\WINDOWS\ipfe.exe
C:\WINDOWS\ielx.exe
C:\WINDOWS\atljt.exe
C:\WINDOWS\system32\d3kf.exe
C:\WINDOWS\system32\mfczy.exe
C:\WINDOWS\system32\winal.exe
C:\WINDOWS\system32\d3os32.exe
C:\WINDOWS\system32\addbg32.exe
C:\WINDOWS\system32\apivz32.exe
C:\WINDOWS\iphd32.exe
C:\WINDOWS\winrs32.exe
C:\WINDOWS\system32\ipqa32.exe
C:\WINDOWS\system32\apisf32.exe
C:\WINDOWS\system32\winua.exe
C:\WINDOWS\javaiq.exe
C:\WINDOWS\sdkpj32.exe
C:\WINDOWS\system32\atlud.exe
C:\WINDOWS\system32\d3hl32.exe
C:\WINDOWS\mfcav.exe
C:\WINDOWS\sdksr.exe
C:\WINDOWS\apivh.exe
C:\WINDOWS\system32\sdkia.exe
C:\WINDOWS\d3ri.exe
C:\WINDOWS\adduu.exe
C:\WINDOWS\system32\wingz32.exe
C:\WINDOWS\syspd32.exe
C:\WINDOWS\crqs32.exe
C:\WINDOWS\system32\iedc32.exe
C:\WINDOWS\system32\atlcq.exe
C:\WINDOWS\system32\crbs.exe
C:\WINDOWS\system32\ielf.exe
C:\WINDOWS\system32\ntoy32.exe
C:\WINDOWS\system32\netsz.exe
C:\WINDOWS\winti32.exe
C:\WINDOWS\system32\mswn.exe
C:\WINDOWS\sdkvy.exe
C:\WINDOWS\iesh32.exe
C:\WINDOWS\system32\appkq32.exe
C:\WINDOWS\system32\netmt32.exe
C:\WINDOWS\system32\addrn.exe
C:\WINDOWS\netkj32.exe
C:\WINDOWS\crwj.exe
C:\WINDOWS\winbl.exe
C:\WINDOWS\system32\mfchw.exe
C:\WINDOWS\system32\netdp.exe
C:\WINDOWS\system32\iewx32.exe
C:\WINDOWS\system32\d3ft32.exe
C:\WINDOWS\ntyk32.exe
C:\WINDOWS\system32\crrb32.exe
C:\WINDOWS\system32\iebn32.exe
C:\WINDOWS\javavq32.exe
C:\WINDOWS\addoy.exe
C:\WINDOWS\system32\sysmj32.exe
C:\WINDOWS\winzx.exe
C:\WINDOWS\system32\apiku.exe
C:\WINDOWS\system32\javaow.exe
C:\WINDOWS\system32\javasj32.exe
C:\WINDOWS\system32\netps.exe
C:\WINDOWS\addwy32.exe
C:\WINDOWS\mfcug.exe
C:\WINDOWS\ieyy32.exe
C:\WINDOWS\system32\ntzh.exe
C:\WINDOWS\system32\mshu.exe
C:\WINDOWS\crzt.exe
C:\WINDOWS\system32\mshw32.exe
C:\WINDOWS\ipwv32.exe
C:\WINDOWS\cryn32.exe
C:\WINDOWS\winhi32.exe
C:\WINDOWS\system32\javakt.exe
C:\WINDOWS\system32\mfcnl32.exe
C:\WINDOWS\ielj.exe
C:\WINDOWS\system32\apprv.exe
C:\WINDOWS\iecm32.exe
C:\WINDOWS\ipth.exe
C:\WINDOWS\system32\winge.exe
C:\WINDOWS\ipnd32.exe
C:\WINDOWS\system32\crqv.exe
C:\WINDOWS\system32\addra32.exe
C:\WINDOWS\javasl32.exe
C:\WINDOWS\system32\mfcln.exe
C:\WINDOWS\system32\iprn.exe
C:\WINDOWS\javavt.exe
C:\WINDOWS\ntzv.exe
C:\WINDOWS\system32\netav32.exe
C:\WINDOWS\sysrx.exe
C:\WINDOWS\system32\syspo.exe
C:\WINDOWS\system32\ieoj32.exe
C:\WINDOWS\system32\mfczs32.exe
C:\WINDOWS\system32\addya.exe
C:\WINDOWS\system32\javand32.exe
C:\WINDOWS\sysgb.exe
C:\WINDOWS\syswb.exe
C:\WINDOWS\system32\javaur32.exe
C:\WINDOWS\ntqa.exe
C:\WINDOWS\msue.exe
C:\WINDOWS\appyo.exe
C:\WINDOWS\netrn.exe
C:\WINDOWS\system32\ipcy32.exe
C:\WINDOWS\atlbl32.exe
C:\WINDOWS\msav.exe
C:\WINDOWS\apizp32.exe
C:\WINDOWS\system32\sdkzg32.exe
C:\WINDOWS\d3ne.exe
C:\WINDOWS\mstb32.exe
C:\WINDOWS\system32\sdkqd.exe
C:\WINDOWS\system32\sdkwz.exe
C:\WINDOWS\system32\iplo.exe
C:\WINDOWS\system32\crcb.exe
C:\WINDOWS\system32\winko.exe
C:\WINDOWS\apipq.exe
C:\WINDOWS\ntfx32.exe
C:\WINDOWS\system32\ipzl32.exe
C:\WINDOWS\netjh.exe
C:\WINDOWS\crru.exe
C:\WINDOWS\system32\javanj.exe
C:\WINDOWS\system32\appgr32.exe
C:\WINDOWS\winlc.exe
C:\WINDOWS\mfccj32.exe
C:\WINDOWS\system32\crkc32.exe
C:\WINDOWS\system32\netxe.exe
C:\WINDOWS\system32\apipg32.exe
C:\WINDOWS\crhk32.exe
C:\WINDOWS\system32\winrl32.exe
C:\WINDOWS\system32\crwf32.exe
C:\WINDOWS\syskn.exe
C:\WINDOWS\system32\nettt32.exe
C:\WINDOWS\system32\apiiq.exe
C:\WINDOWS\system32\ipjb.exe
C:\WINDOWS\system32\apicc32.exe
C:\WINDOWS\system32\nthg32.exe
C:\WINDOWS\system32\winwb32.exe
C:\WINDOWS\system32\crsf32.exe
C:\WINDOWS\apiqe.exe
C:\WINDOWS\apinx.exe
C:\WINDOWS\ntyy32.exe
C:\WINDOWS\system32\ntnt.exe
C:\WINDOWS\system32\d3rp.exe
C:\WINDOWS\d3ab.exe
C:\WINDOWS\system32\apiof.exe
C:\WINDOWS\msir.exe
C:\WINDOWS\system32\crjp.exe
C:\WINDOWS\system32\ipwz.exe
C:\WINDOWS\netfz.exe
C:\WINDOWS\winlt.exe
C:\WINDOWS\system32\msof32.exe
C:\WINDOWS\ipua32.exe
C:\WINDOWS\system32\ipix.exe
C:\WINDOWS\apirv.exe
C:\WINDOWS\winqk32.exe
C:\WINDOWS\system32\d3ha.exe
C:\WINDOWS\system32\ipmc32.exe
C:\WINDOWS\system32\javakj.exe
C:\WINDOWS\ieys.exe
C:\WINDOWS\system32\ipdw32.exe
C:\WINDOWS\sdkxh32.exe
C:\WINDOWS\system32\atlcj32.exe
C:\WINDOWS\system32\apivv32.exe
C:\WINDOWS\sysar32.exe
C:\WINDOWS\system32\mspr.exe
C:\WINDOWS\system32\ntcl32.exe
C:\WINDOWS\appwl32.exe
C:\WINDOWS\msmk.exe
C:\WINDOWS\system32\apivo.exe
C:\WINDOWS\crgk.exe
C:\WINDOWS\sdkok32.exe
C:\WINDOWS\system32\mfcue.exe
C:\WINDOWS\appwl32.exe
Use Start>Search to find this:
Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.
Microsoft.hta

11. Please run about:buster by RubbeRDuckY:
  • Click Begin Removal.
  • It will begin to check your computer for malicious files.
  • AboutBuster will finish and open a new page. Follow the instructions for protection on that page.
  • Shut down AboutBuster. A log should have been created.Please Save this log and copy it in your next post.
12. Scan with AdAware and let it remove any bad files found.

13. Run the program CleanUp! (do not reboot yet)

14. Double click on the HSFix and when asked to merge say yes.

15. Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.

16. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

17. Delete the bad service:
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • click on "delete an NT service"
  • Copy and paste this in the box: 11Fßä#·ºÄÖ`I (make sure there is a space before that first number 1)
  • Click "ok", then reboot
18. Please post an Active scan log and a fresh HiJackThis log. Let me know how your computer is running.

Edited by Excal, 08 August 2005 - 07:41 PM.

  • 0

#5
Excal
Posted 22 August 2005 - 11:06 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP