Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus [CLOSED]

Started by loserhead , Oct 03 2005 11:33 PM

  • This topic is locked This topic is locked

#1
loserhead
Posted 03 October 2005 - 11:33 PM

loserhead

    New Member

  • Member
  • Pip
  • 1 posts
something isnt letting my homepage load or internet explorer and its not letting me use aol instnat messenger

Logfile of HijackThis v1.99.1
Scan saved at 12:27:46 AM, on 10/4/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\javaxn.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINNT\system32\apiay32.exe
C:\Program Files\auso\uott.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\??ool32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\AIM New\aim.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\hooxz.dll/sp.html#89328
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\hooxz.dll/sp.html#89328
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\hooxz.dll/sp.html#89328
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\hooxz.dll/sp.html#89328
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\hooxz.dll/sp.html#89328
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wsecure.cuw.edu:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.cuw.edu; localhost; 127.0.0.1;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {01C085F2-2045-1D3F-8201-086824FEE461} - C:\WINNT\addld.dll (file missing)
O2 - BHO: Class - {061F4600-7622-35F3-F6BE-7313A603238F} - C:\WINNT\system32\crga32.dll (file missing)
O2 - BHO: Class - {064A6B64-1803-C5DB-2D21-0CEBABE0A037} - C:\WINNT\ienr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {07DB1F26-FA16-C8BC-9839-FF3EA09B2DCC} - C:\WINNT\system32\msut.dll (file missing)
O2 - BHO: Class - {0CF29F8F-8388-6D50-D036-BFEE8C71F6FB} - C:\WINNT\system32\appfx.dll (file missing)
O2 - BHO: Class - {137D83E6-97AA-79FF-D2DB-E8990DED6D78} - C:\WINNT\system32\winoy32.dll (file missing)
O2 - BHO: Class - {175A0AA7-4A2E-4257-4315-80F1BEF3F22D} - C:\WINNT\apins32.dll (file missing)
O2 - BHO: Class - {1AE65145-CAC8-83C8-A39A-A959372821A1} - C:\WINNT\system32\appab32.dll (file missing)
O2 - BHO: Class - {1C3A194D-EFEB-4EDC-2A5D-9FEDB5C704C8} - C:\WINNT\system32\mfcjz.dll (file missing)
O2 - BHO: Class - {1CA30F4E-6483-88F6-5131-370912D19AD3} - C:\WINNT\system32\ipqz.dll (file missing)
O2 - BHO: Class - {24FBEEFB-6A7F-88C3-50DC-64D83BE364AA} - C:\WINNT\system32\ipnq32.dll (file missing)
O2 - BHO: Class - {25564CBA-3F35-BE34-EE5D-709FBD1C865F} - C:\WINNT\appsw32.dll
O2 - BHO: Class - {26284AA5-5089-338F-BB4E-33C174CAF6EF} - C:\WINNT\system32\iekh.dll (file missing)
O2 - BHO: Class - {295B7ABE-0572-0C0C-C993-4514907EBA5E} - C:\WINNT\system32\winux32.dll (file missing)
O2 - BHO: Class - {2A654565-5622-BD0F-B043-AE85FEFEA0F9} - C:\WINNT\syssk.dll (file missing)
O2 - BHO: Class - {2AAF6EC1-2E39-F21D-13F6-CEB77B6DEAF9} - C:\WINNT\sysyy.dll (file missing)
O2 - BHO: Class - {32FDEE89-3D00-0142-A0FE-63A0ED9E1F3C} - C:\WINNT\ieug32.dll (file missing)
O2 - BHO: Class - {3478A484-9F0F-5FFA-47A8-C00B879647C3} - C:\WINNT\system32\winlw32.dll (file missing)
O2 - BHO: Class - {35E75DBC-3223-A38B-E563-335B9D4B321D} - C:\WINNT\system32\appjk.dll (file missing)
O2 - BHO: Class - {3AEB30E1-13C4-6D83-6127-8ED6A0ADF422} - C:\WINNT\crpb32.dll (file missing)
O2 - BHO: Class - {42830DBC-37F9-A44A-BA93-07AA2EFCA0D8} - C:\WINNT\system32\javacf32.dll (file missing)
O2 - BHO: (no name) - {478E9887-0E12-25C3-46B1-56A05B8CFF9C} - C:\WINNT\system32\xphkqkt.dll (file missing)
O2 - BHO: Class - {4EE7E146-ED9F-5B80-9A02-499B04EC07D9} - C:\WINNT\msqz.dll (file missing)
O2 - BHO: Class - {500AA008-AE59-D8F5-7711-68C2CC0A729D} - C:\WINNT\netaa32.dll (file missing)
O2 - BHO: Class - {57208800-AC37-9034-8908-40151229CDA9} - C:\WINNT\system32\addhu.dll (file missing)
O2 - BHO: Class - {57B2258D-8C76-2D49-E5D0-CB6F9535E737} - C:\WINNT\sdknf.dll (file missing)
O2 - BHO: Class - {57E42C08-4DB6-A66C-F69A-6BDB648260D9} - C:\WINNT\system32\sysul32.dll (file missing)
O2 - BHO: Class - {59126843-2397-A956-7C69-825958B103A4} - C:\WINNT\ntvz32.dll (file missing)
O2 - BHO: Class - {5929FF60-B346-E7F1-C714-CC8C585DB292} - C:\WINNT\netnb.dll (file missing)
O2 - BHO: Class - {5A3F0E67-3C41-24A5-F260-D84A76848862} - C:\WINNT\system32\syskx.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Class - {5CD74032-A1B2-0372-AFE9-41F6C68604E2} - C:\WINNT\system32\javafo32.dll (file missing)
O2 - BHO: Class - {5E868DF4-0144-D89B-4EAB-314824CAF524} - C:\WINNT\sdkrz32.dll (file missing)
O2 - BHO: Class - {5EADCC9C-7AA2-E86A-1E92-ADE204FD1BB1} - C:\WINNT\netxj32.dll (file missing)
O2 - BHO: Class - {60371180-C8D7-5690-C38C-6414B4FFA455} - C:\WINNT\wintz32.dll (file missing)
O2 - BHO: Class - {61D24763-D52C-CB6C-0CF2-1DBE179615C1} - C:\WINNT\system32\ntai32.dll
O2 - BHO: Class - {6286962A-8362-F853-5123-9596EBAA02B1} - C:\WINNT\system32\ipxx.dll (file missing)
O2 - BHO: Class - {67680F1D-A370-A0B7-FBEB-BDABBEFF8EAE} - C:\WINNT\system32\ipom32.dll (file missing)
O2 - BHO: Class - {6A08448E-0F71-4A94-9AB0-5933F62AE92E} - C:\WINNT\sdklj.dll (file missing)
O2 - BHO: Class - {6D30E3BA-307B-8430-2FD4-9FA6CBF01F7B} - C:\WINNT\netvd32.dll (file missing)
O2 - BHO: Class - {7094D56C-D46D-F6DE-EE8B-E2B474E0AB05} - C:\WINNT\system32\mfchb32.dll (file missing)
O2 - BHO: Class - {72A78EF0-EEC7-7847-9119-8798A2CB7935} - C:\WINNT\crks32.dll (file missing)
O2 - BHO: Class - {732E1483-0E2E-9125-A27C-7D9D86D49426} - C:\WINNT\system32\ipnl32.dll (file missing)
O2 - BHO: Class - {766EAF78-EC74-67D0-7FEC-FD3F6EC5D983} - C:\WINNT\crun.dll (file missing)
O2 - BHO: Class - {78BF8F1B-D598-6BEF-4AED-6FCC68169F03} - C:\WINNT\d3hi32.dll (file missing)
O2 - BHO: Class - {7AC61A82-02CC-65E3-A41A-62AD26DC4035} - C:\WINNT\system32\netag32.dll (file missing)
O2 - BHO: Class - {7B761D26-C2CF-46F7-2E0F-86FD6286D4E1} - C:\WINNT\system32\d3mh32.dll (file missing)
O2 - BHO: Class - {7C4ABA2A-D914-510F-D2AE-633AF286BBEA} - C:\WINNT\d3qa32.dll (file missing)
O2 - BHO: Class - {7CC0602C-1895-21A0-C895-02B92C46C654} - C:\WINNT\winfa.dll (file missing)
O2 - BHO: Class - {80F1BFE9-D4CA-9E42-8C5F-C365E11BF728} - C:\WINNT\system32\netvu32.dll (file missing)
O2 - BHO: Class - {80FA1993-A934-6B14-AF19-0B3DD7C6A5AB} - C:\WINNT\d3da32.dll (file missing)
O2 - BHO: Class - {89627CE2-166D-A5B3-715F-9AA1D5BCB786} - C:\WINNT\apise32.dll (file missing)
O2 - BHO: Class - {8A9C0CDD-53C3-EC21-016E-2CE5DE3929E0} - C:\WINNT\apiif32.dll (file missing)
O2 - BHO: Class - {92C21BCF-7B56-7A01-6204-FD3AC338D097} - C:\WINNT\system32\javaoi32.dll (file missing)
O2 - BHO: Class - {95A3F09B-4262-4283-DBCC-7F94A44A9BA9} - C:\WINNT\addwa.dll (file missing)
O2 - BHO: Class - {977E7B41-8C80-5173-3683-EE4D6352D534} - C:\WINNT\system32\sdkpd32.dll (file missing)
O2 - BHO: Class - {9C150872-2010-3AEA-E084-6FA3EF4CF4A9} - C:\WINNT\ipyd.dll (file missing)
O2 - BHO: Class - {A0B3DCB6-E61C-8E7F-9D49-63181BB0EFEA} - C:\WINNT\atlmk.dll (file missing)
O2 - BHO: Class - {A3C09072-8BED-46A4-8F3C-6ECFF3BB5377} - C:\WINNT\netuj32.dll (file missing)
O2 - BHO: Class - {AB085F30-49D6-FDF6-877D-2913C75DD93B} - C:\WINNT\system32\sdkim.dll (file missing)
O2 - BHO: Class - {B46A2E08-E13C-C731-6E38-83DD58BC00B8} - C:\WINNT\system32\atllt32.dll (file missing)
O2 - BHO: (no name) - {B7DD5CD2-CF42-B497-12C4-C1D95CFF5BC7} - C:\WINNT\system32\ltgjq.dll (file missing)
O2 - BHO: Class - {BA365E1E-3DA5-CADB-A16A-DD61E839592A} - C:\WINNT\sysce.dll (file missing)
O2 - BHO: Class - {BB55AC0A-6982-7D92-61ED-A2D789CCF05A} - C:\WINNT\system32\ntjv.dll (file missing)
O2 - BHO: Class - {C69E3874-96EC-52CD-B372-85F04F4618BE} - C:\WINNT\ipee32.dll (file missing)
O2 - BHO: Class - {C74F9907-464A-C0AA-C72A-35C1E4E18284} - C:\WINNT\appzp.dll (file missing)
O2 - BHO: Class - {CC210209-6559-880E-51F2-5DD7B8270D71} - C:\WINNT\system32\syshn32.dll (file missing)
O2 - BHO: Class - {D6E6F55E-7DA6-CB9A-9D77-AA197D6BE681} - C:\WINNT\system32\mfcch32.dll (file missing)
O2 - BHO: Class - {D74CA3C5-0CE6-1227-73A3-B92CE8EE6758} - C:\WINNT\system32\d3yj32.dll (file missing)
O2 - BHO: Class - {D80E3CA4-F253-A13D-6D60-C3E93685765D} - C:\WINNT\atlmh.dll (file missing)
O2 - BHO: Class - {D9F97F25-2E43-410D-9621-3964C1650A65} - C:\WINNT\system32\msjt32.dll (file missing)
O2 - BHO: Class - {DB08E21D-8CA2-6823-2A8F-82070AC2BF74} - C:\WINNT\ieyt32.dll (file missing)
O2 - BHO: Class - {DD292A8F-27FF-7FB2-01C0-5F232045A1D3} - C:\WINNT\system32\iezy.dll (file missing)
O2 - BHO: Class - {E063C36A-3F19-D879-ED77-EB916D293743} - C:\WINNT\system32\mfchc.dll (file missing)
O2 - BHO: Class - {E3BE6818-89CC-1D1E-13B8-199DA9632293} - C:\WINNT\system32\msek.dll (file missing)
O2 - BHO: Class - {E4D1BE0E-5229-A979-2126-573954059686} - C:\WINNT\system32\crgk32.dll (file missing)
O2 - BHO: Class - {E881B9FB-4D6F-7C14-6520-14CE7D83241F} - C:\WINNT\atlst.dll (file missing)
O2 - BHO: Class - {EDABE459-3C40-BB62-4261-A26482355F01} - C:\WINNT\system32\addap32.dll (file missing)
O2 - BHO: Class - {F1824A3A-84CC-165E-7668-BA8644B61A74} - (no file)
O2 - BHO: Class - {F318EC0A-5201-D9AB-E630-55ADC69D633C} - C:\WINNT\system32\mseo32.dll (file missing)
O2 - BHO: Class - {F59ABAC5-B565-8EDF-6602-A02D5681EFF4} - C:\WINNT\system32\addwh.dll (file missing)
O2 - BHO: Class - {FC44EE64-7882-5ADF-BB6F-1DD6F9FECC17} - C:\WINNT\ieri32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [winjz.exe] C:\WINNT\winjz.exe
O4 - HKLM\..\Run: [msvh.exe] C:\WINNT\msvh.exe
O4 - HKLM\..\Run: [netbi.exe] C:\WINNT\system32\netbi.exe
O4 - HKLM\..\Run: [apiay32.exe] C:\WINNT\system32\apiay32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM New\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Oue] C:\WINNT\system32\??ool32.exe
O4 - HKCU\..\Run: [Uorr] C:\Program Files\auso\uott.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM New\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9733.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125379649671
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/...nnerInstall.cab
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\msur32.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0

Advertisements

#2
miekiemoes
Posted 04 October 2005 - 06:32 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello,

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

* Download and install CCleaner
Do not use it yet.

* Download this regfix: HSfix
Unzip it and place it on your desktop, don't use it yet!

* Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

°First, we will make your hidden files and folders visible.
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide file extensions for known file types.
* Click Yes to confirm.
* Click OK.

* Please reboot your system into SAFE MODE.
°To get into the Windows XP Safe mode as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start hijackthis and click scan and put a checkmark next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\hooxz.dll/sp.html#89328
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\hooxz.dll/sp.html#89328
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\hooxz.dll/sp.html#89328
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\hooxz.dll/sp.html#89328
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\hooxz.dll/sp.html#89328
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {01C085F2-2045-1D3F-8201-086824FEE461} - C:\WINNT\addld.dll (file missing)
O2 - BHO: Class - {061F4600-7622-35F3-F6BE-7313A603238F} - C:\WINNT\system32\crga32.dll (file missing)
O2 - BHO: Class - {064A6B64-1803-C5DB-2D21-0CEBABE0A037} - C:\WINNT\ienr.dll (file missing)
O2 - BHO: Class - {07DB1F26-FA16-C8BC-9839-FF3EA09B2DCC} - C:\WINNT\system32\msut.dll (file missing)
O2 - BHO: Class - {0CF29F8F-8388-6D50-D036-BFEE8C71F6FB} - C:\WINNT\system32\appfx.dll (file missing)
O2 - BHO: Class - {137D83E6-97AA-79FF-D2DB-E8990DED6D78} - C:\WINNT\system32\winoy32.dll (file missing)
O2 - BHO: Class - {175A0AA7-4A2E-4257-4315-80F1BEF3F22D} - C:\WINNT\apins32.dll (file missing)
O2 - BHO: Class - {1AE65145-CAC8-83C8-A39A-A959372821A1} - C:\WINNT\system32\appab32.dll (file missing)
O2 - BHO: Class - {1C3A194D-EFEB-4EDC-2A5D-9FEDB5C704C8} - C:\WINNT\system32\mfcjz.dll (file missing)
O2 - BHO: Class - {1CA30F4E-6483-88F6-5131-370912D19AD3} - C:\WINNT\system32\ipqz.dll (file missing)
O2 - BHO: Class - {24FBEEFB-6A7F-88C3-50DC-64D83BE364AA} - C:\WINNT\system32\ipnq32.dll (file missing)
O2 - BHO: Class - {25564CBA-3F35-BE34-EE5D-709FBD1C865F} - C:\WINNT\appsw32.dll
O2 - BHO: Class - {26284AA5-5089-338F-BB4E-33C174CAF6EF} - C:\WINNT\system32\iekh.dll (file missing)
O2 - BHO: Class - {295B7ABE-0572-0C0C-C993-4514907EBA5E} - C:\WINNT\system32\winux32.dll (file missing)
O2 - BHO: Class - {2A654565-5622-BD0F-B043-AE85FEFEA0F9} - C:\WINNT\syssk.dll (file missing)
O2 - BHO: Class - {2AAF6EC1-2E39-F21D-13F6-CEB77B6DEAF9} - C:\WINNT\sysyy.dll (file missing)
O2 - BHO: Class - {32FDEE89-3D00-0142-A0FE-63A0ED9E1F3C} - C:\WINNT\ieug32.dll (file missing)
O2 - BHO: Class - {3478A484-9F0F-5FFA-47A8-C00B879647C3} - C:\WINNT\system32\winlw32.dll (file missing)
O2 - BHO: Class - {35E75DBC-3223-A38B-E563-335B9D4B321D} - C:\WINNT\system32\appjk.dll (file missing)
O2 - BHO: Class - {3AEB30E1-13C4-6D83-6127-8ED6A0ADF422} - C:\WINNT\crpb32.dll (file missing)
O2 - BHO: Class - {42830DBC-37F9-A44A-BA93-07AA2EFCA0D8} - C:\WINNT\system32\javacf32.dll (file missing)
O2 - BHO: (no name) - {478E9887-0E12-25C3-46B1-56A05B8CFF9C} - C:\WINNT\system32\xphkqkt.dll (file missing)
O2 - BHO: Class - {4EE7E146-ED9F-5B80-9A02-499B04EC07D9} - C:\WINNT\msqz.dll (file missing)
O2 - BHO: Class - {500AA008-AE59-D8F5-7711-68C2CC0A729D} - C:\WINNT\netaa32.dll (file missing)
O2 - BHO: Class - {57208800-AC37-9034-8908-40151229CDA9} - C:\WINNT\system32\addhu.dll (file missing)
O2 - BHO: Class - {57B2258D-8C76-2D49-E5D0-CB6F9535E737} - C:\WINNT\sdknf.dll (file missing)
O2 - BHO: Class - {57E42C08-4DB6-A66C-F69A-6BDB648260D9} - C:\WINNT\system32\sysul32.dll (file missing)
O2 - BHO: Class - {59126843-2397-A956-7C69-825958B103A4} - C:\WINNT\ntvz32.dll (file missing)
O2 - BHO: Class - {5929FF60-B346-E7F1-C714-CC8C585DB292} - C:\WINNT\netnb.dll (file missing)
O2 - BHO: Class - {5A3F0E67-3C41-24A5-F260-D84A76848862} - C:\WINNT\system32\syskx.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Class - {5CD74032-A1B2-0372-AFE9-41F6C68604E2} - C:\WINNT\system32\javafo32.dll (file missing)
O2 - BHO: Class - {5E868DF4-0144-D89B-4EAB-314824CAF524} - C:\WINNT\sdkrz32.dll (file missing)
O2 - BHO: Class - {5EADCC9C-7AA2-E86A-1E92-ADE204FD1BB1} - C:\WINNT\netxj32.dll (file missing)
O2 - BHO: Class - {60371180-C8D7-5690-C38C-6414B4FFA455} - C:\WINNT\wintz32.dll (file missing)
O2 - BHO: Class - {61D24763-D52C-CB6C-0CF2-1DBE179615C1} - C:\WINNT\system32\ntai32.dll
O2 - BHO: Class - {6286962A-8362-F853-5123-9596EBAA02B1} - C:\WINNT\system32\ipxx.dll (file missing)
O2 - BHO: Class - {67680F1D-A370-A0B7-FBEB-BDABBEFF8EAE} - C:\WINNT\system32\ipom32.dll (file missing)
O2 - BHO: Class - {6A08448E-0F71-4A94-9AB0-5933F62AE92E} - C:\WINNT\sdklj.dll (file missing)
O2 - BHO: Class - {6D30E3BA-307B-8430-2FD4-9FA6CBF01F7B} - C:\WINNT\netvd32.dll (file missing)
O2 - BHO: Class - {7094D56C-D46D-F6DE-EE8B-E2B474E0AB05} - C:\WINNT\system32\mfchb32.dll (file missing)
O2 - BHO: Class - {72A78EF0-EEC7-7847-9119-8798A2CB7935} - C:\WINNT\crks32.dll (file missing)
O2 - BHO: Class - {732E1483-0E2E-9125-A27C-7D9D86D49426} - C:\WINNT\system32\ipnl32.dll (file missing)
O2 - BHO: Class - {766EAF78-EC74-67D0-7FEC-FD3F6EC5D983} - C:\WINNT\crun.dll (file missing)
O2 - BHO: Class - {78BF8F1B-D598-6BEF-4AED-6FCC68169F03} - C:\WINNT\d3hi32.dll (file missing)
O2 - BHO: Class - {7AC61A82-02CC-65E3-A41A-62AD26DC4035} - C:\WINNT\system32\netag32.dll (file missing)
O2 - BHO: Class - {7B761D26-C2CF-46F7-2E0F-86FD6286D4E1} - C:\WINNT\system32\d3mh32.dll (file missing)
O2 - BHO: Class - {7C4ABA2A-D914-510F-D2AE-633AF286BBEA} - C:\WINNT\d3qa32.dll (file missing)
O2 - BHO: Class - {7CC0602C-1895-21A0-C895-02B92C46C654} - C:\WINNT\winfa.dll (file missing)
O2 - BHO: Class - {80F1BFE9-D4CA-9E42-8C5F-C365E11BF728} - C:\WINNT\system32\netvu32.dll (file missing)
O2 - BHO: Class - {80FA1993-A934-6B14-AF19-0B3DD7C6A5AB} - C:\WINNT\d3da32.dll (file missing)
O2 - BHO: Class - {89627CE2-166D-A5B3-715F-9AA1D5BCB786} - C:\WINNT\apise32.dll (file missing)
O2 - BHO: Class - {8A9C0CDD-53C3-EC21-016E-2CE5DE3929E0} - C:\WINNT\apiif32.dll (file missing)
O2 - BHO: Class - {92C21BCF-7B56-7A01-6204-FD3AC338D097} - C:\WINNT\system32\javaoi32.dll (file missing)
O2 - BHO: Class - {95A3F09B-4262-4283-DBCC-7F94A44A9BA9} - C:\WINNT\addwa.dll (file missing)
O2 - BHO: Class - {977E7B41-8C80-5173-3683-EE4D6352D534} - C:\WINNT\system32\sdkpd32.dll (file missing)
O2 - BHO: Class - {9C150872-2010-3AEA-E084-6FA3EF4CF4A9} - C:\WINNT\ipyd.dll (file missing)
O2 - BHO: Class - {A0B3DCB6-E61C-8E7F-9D49-63181BB0EFEA} - C:\WINNT\atlmk.dll (file missing)
O2 - BHO: Class - {A3C09072-8BED-46A4-8F3C-6ECFF3BB5377} - C:\WINNT\netuj32.dll (file missing)
O2 - BHO: Class - {AB085F30-49D6-FDF6-877D-2913C75DD93B} - C:\WINNT\system32\sdkim.dll (file missing)
O2 - BHO: Class - {B46A2E08-E13C-C731-6E38-83DD58BC00B8} - C:\WINNT\system32\atllt32.dll (file missing)
O2 - BHO: (no name) - {B7DD5CD2-CF42-B497-12C4-C1D95CFF5BC7} - C:\WINNT\system32\ltgjq.dll (file missing)
O2 - BHO: Class - {BA365E1E-3DA5-CADB-A16A-DD61E839592A} - C:\WINNT\sysce.dll (file missing)
O2 - BHO: Class - {BB55AC0A-6982-7D92-61ED-A2D789CCF05A} - C:\WINNT\system32\ntjv.dll (file missing)
O2 - BHO: Class - {C69E3874-96EC-52CD-B372-85F04F4618BE} - C:\WINNT\ipee32.dll (file missing)
O2 - BHO: Class - {C74F9907-464A-C0AA-C72A-35C1E4E18284} - C:\WINNT\appzp.dll (file missing)
O2 - BHO: Class - {CC210209-6559-880E-51F2-5DD7B8270D71} - C:\WINNT\system32\syshn32.dll (file missing)
O2 - BHO: Class - {D6E6F55E-7DA6-CB9A-9D77-AA197D6BE681} - C:\WINNT\system32\mfcch32.dll (file missing)
O2 - BHO: Class - {D74CA3C5-0CE6-1227-73A3-B92CE8EE6758} - C:\WINNT\system32\d3yj32.dll (file missing)
O2 - BHO: Class - {D80E3CA4-F253-A13D-6D60-C3E93685765D} - C:\WINNT\atlmh.dll (file missing)
O2 - BHO: Class - {D9F97F25-2E43-410D-9621-3964C1650A65} - C:\WINNT\system32\msjt32.dll (file missing)
O2 - BHO: Class - {DB08E21D-8CA2-6823-2A8F-82070AC2BF74} - C:\WINNT\ieyt32.dll (file missing)
O2 - BHO: Class - {DD292A8F-27FF-7FB2-01C0-5F232045A1D3} - C:\WINNT\system32\iezy.dll (file missing)
O2 - BHO: Class - {E063C36A-3F19-D879-ED77-EB916D293743} - C:\WINNT\system32\mfchc.dll (file missing)
O2 - BHO: Class - {E3BE6818-89CC-1D1E-13B8-199DA9632293} - C:\WINNT\system32\msek.dll (file missing)
O2 - BHO: Class - {E4D1BE0E-5229-A979-2126-573954059686} - C:\WINNT\system32\crgk32.dll (file missing)
O2 - BHO: Class - {E881B9FB-4D6F-7C14-6520-14CE7D83241F} - C:\WINNT\atlst.dll (file missing)
O2 - BHO: Class - {EDABE459-3C40-BB62-4261-A26482355F01} - C:\WINNT\system32\addap32.dll (file missing)
O2 - BHO: Class - {F1824A3A-84CC-165E-7668-BA8644B61A74} - (no file)
O2 - BHO: Class - {F318EC0A-5201-D9AB-E630-55ADC69D633C} - C:\WINNT\system32\mseo32.dll (file missing)
O2 - BHO: Class - {F59ABAC5-B565-8EDF-6602-A02D5681EFF4} - C:\WINNT\system32\addwh.dll (file missing)
O2 - BHO: Class - {FC44EE64-7882-5ADF-BB6F-1DD6F9FECC17} - C:\WINNT\ieri32.dll (file missing)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [winjz.exe] C:\WINNT\winjz.exe
O4 - HKLM\..\Run: [msvh.exe] C:\WINNT\msvh.exe
O4 - HKLM\..\Run: [netbi.exe] C:\WINNT\system32\netbi.exe
O4 - HKLM\..\Run: [apiay32.exe] C:\WINNT\system32\apiay32.exe
O4 - HKCU\..\Run: [Oue] C:\WINNT\system32\??ool32.exe
O4 - HKCU\..\Run: [Uorr] C:\Program Files\auso\uott.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/...nnerInstall.cab
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\msur32.exe (file missing)

* Close all open windows except hijackthis and click 'Fix Checked'.

* Navigate to and delete the following files if present:

C:\WINNT\system32\javaxn.exe
C:\WINNT\system32\apiay32.exe
C:\Program Files\auso <== folder
C:\WINNT\system32\ntai32.dll
C:\WINNT\winjz.exe
C:\WINNT\msvh.exe
C:\WINNT\system32\netbi.exe
C:\WINNT\msur32.exe


* Go to start >run and type: services.msc and click OK
Scroll down in that list until you find the service Network Security Service (NSS)
Doubleclick on it. In the window that will appear, click on "Stop" (if not greyed out) and change the Startup Type to disabled.
Click apply and OK and close all open windows.

* Doubleclick on HSfix you downloaded earlier before which is present on your desktop and when it asks you if you want to add the contents to the registry, click yes/ok

* Still in safe mode Run Ccleaner and click Run Cleaner (bottom right)

* Now open Ewido Security Suite
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

* Close Ewido

* Go to start>Control Panel>Internet Options>tab programs> and click restore websettings.

* Reboot your PC back to normal.

* Perform an onlinescan with Bitdefender and/or Housecall (check here autodelete) and let it delete everything it is finding.

* Download DelDomains.inf and save it to your desktop.
Rightclick on it and choose 'install'.
* Post a new hijackthis-log + log from ewido.

Edited by miekiemoes, 04 October 2005 - 06:32 AM.

  • 0

#3
miekiemoes
Posted 13 October 2005 - 04:35 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP