| Home | Forums | Reviews | Guides | Newsgroups | Register | Search |
 |
| Thread Tools |
|
Jeanette
Guest
Posts: n/a
|
Hi,
I am trying to figure out what is going on on my brothers computer. It is a fairly new Dell Dimension 4600 - but takes FOREVER to log into each profile, IE is virtually unusuable, can't visit any search site and just about any other site I try is blocked as well. Netscape still remains useable. Downloaded Google Toolbar and that got rid of lots of porn pop ups, but we've still got lots of spyware, etc messing things up. Have Spy-Bot and Ad-aware and am running them a few times a day (keeps finding new things). Just downloaded Hijack This - but have to admit I have no idea what needs to say and what should go. Already fixed a few obvious URL redirections, but they keep coming back. I've copied over the log file and would really appreciate the help. Also, are there any other programs I should download for this problem - and how often should I run them? Is there any way to keep this from happeneing, we've never had this problem on our home computer. Thanks so much Jeanette Logfile of HijackThis v1.98.0 Scan saved at 10:58:02 AM, on 29/07/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\appln.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\mfcvi.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\addwg.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Netscape\Netscape\Netscp.exe C:\My Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eluix.dll/sp.html#22776 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\eluix.dll/sp.html#22776 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eluix.dll/sp.html#22776 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php R3 - Default URLSearchHook is missing N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.netscape.com/index2.psp"); (C:\Documents and Settings\Doreen\Application Data\Mozilla\Profiles\default\byezdowj.slt\prefs.j s) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Doreen\Application Data\Mozilla\Profiles\default\byezdowj.slt\prefs.j s) O2 - BHO: (no name) - {118BA3A3-204B-60CC-DF7A-B655B766277D} - C:\WINDOWS\system32\addgr.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1721.0\en-ca\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [addwg.exe] C:\WINDOWS\system32\addwg.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunOnce: [mfcvi.exe] C:\WINDOWS\mfcvi.exe O4 - HKLM\..\RunOnce: [sdkff32.exe] C:\WINDOWS\system32\sdkff32.exe O4 - HKLM\..\RunOnce: [msxq32.exe] C:\WINDOWS\msxq32.exe O4 - HKLM\..\RunOnce: [d3mi.exe] C:\WINDOWS\d3mi.exe O4 - HKLM\..\RunOnce: [appfe32.exe] C:\WINDOWS\system32\appfe32.exe O4 - HKLM\..\RunOnce: [javaeg.exe] C:\WINDOWS\system32\javaeg.exe O4 - HKLM\..\RunOnce: [crjx.exe] C:\WINDOWS\system32\crjx.exe O4 - HKLM\..\RunOnce: [javahn.exe] C:\WINDOWS\javahn.exe O4 - HKLM\..\RunOnce: [addhy32.exe] C:\WINDOWS\addhy32.exe O4 - HKLM\..\RunOnce: [addfo.exe] C:\WINDOWS\system32\addfo.exe O4 - HKLM\..\RunOnce: [atlnm32.exe] C:\WINDOWS\system32\atlnm32.exe O4 - HKLM\..\RunOnce: [ntzj32.exe] C:\WINDOWS\system32\ntzj32.exe O4 - HKLM\..\RunOnce: [ntrr32.exe] C:\WINDOWS\system32\ntrr32.exe O4 - HKLM\..\RunOnce: [mskn32.exe] C:\WINDOWS\mskn32.exe O4 - HKLM\..\RunOnce: [netxc.exe] C:\WINDOWS\system32\netxc.exe O4 - HKLM\..\RunOnce: [crpd.exe] C:\WINDOWS\system32\crpd.exe O4 - HKLM\..\RunOnce: [crmu.exe] C:\WINDOWS\system32\crmu.exe O4 - HKLM\..\RunOnce: [apphd32.exe] C:\WINDOWS\apphd32.exe O4 - HKLM\..\RunOnce: [sdkgr32.exe] C:\WINDOWS\sdkgr32.exe O4 - HKLM\..\RunOnce: [ntpz32.exe] C:\WINDOWS\ntpz32.exe O4 - HKLM\..\RunOnce: [sdksb.exe] C:\WINDOWS\system32\sdksb.exe O4 - HKLM\..\RunOnce: [sysgv.exe] C:\WINDOWS\system32\sysgv.exe O4 - HKLM\..\RunOnce: [atlul32.exe] C:\WINDOWS\atlul32.exe O4 - HKLM\..\RunOnce: [iexi32.exe] C:\WINDOWS\system32\iexi32.exe O4 - HKLM\..\RunOnce: [crid.exe] C:\WINDOWS\crid.exe O4 - HKLM\..\RunOnce: [sdkal.exe] C:\WINDOWS\sdkal.exe O4 - HKLM\..\RunOnce: [mscn.exe] C:\WINDOWS\mscn.exe O4 - HKLM\..\RunOnce: [msae.exe] C:\WINDOWS\system32\msae.exe O4 - HKLM\..\RunOnce: [mfcbw.exe] C:\WINDOWS\mfcbw.exe O4 - HKLM\..\RunOnce: [appgs.exe] C:\WINDOWS\appgs.exe O4 - HKLM\..\RunOnce: [netpc32.exe] C:\WINDOWS\system32\netpc32.exe O4 - HKLM\..\RunOnce: [javaue32.exe] C:\WINDOWS\system32\javaue32.exe O4 - HKLM\..\RunOnce: [javaok32.exe] C:\WINDOWS\javaok32.exe O4 - HKLM\..\RunOnce: [mfcai.exe] C:\WINDOWS\system32\mfcai.exe O4 - HKLM\..\RunOnce: [atlpn32.exe] C:\WINDOWS\system32\atlpn32.exe O4 - HKLM\..\RunOnce: [mshk.exe] C:\WINDOWS\mshk.exe O4 - HKLM\..\RunOnce: [winrx32.exe] C:\WINDOWS\winrx32.exe O4 - HKLM\..\RunOnce: [javath32.exe] C:\WINDOWS\system32\javath32.exe O4 - HKLM\..\RunOnce: [syskh32.exe] C:\WINDOWS\system32\syskh32.exe O4 - HKLM\..\RunOnce: [atlde.exe] C:\WINDOWS\system32\atlde.exe O4 - HKLM\..\RunOnce: [nethf32.exe] C:\WINDOWS\nethf32.exe O4 - HKLM\..\RunOnce: [appoy.exe] C:\WINDOWS\system32\appoy.exe O4 - HKLM\..\RunOnce: [winhq.exe] C:\WINDOWS\system32\winhq.exe O4 - HKLM\..\RunOnce: [mfcsz32.exe] C:\WINDOWS\system32\mfcsz32.exe O4 - HKLM\..\RunOnce: [appra.exe] C:\WINDOWS\system32\appra.exe O4 - HKLM\..\RunOnce: [crep.exe] C:\WINDOWS\crep.exe O4 - HKLM\..\RunOnce: [mfcow32.exe] C:\WINDOWS\mfcow32.exe O4 - HKLM\..\RunOnce: [addsa.exe] C:\WINDOWS\addsa.exe O4 - HKLM\..\RunOnce: [apiyg32.exe] C:\WINDOWS\system32\apiyg32.exe O4 - HKLM\..\RunOnce: [ipgz32.exe] C:\WINDOWS\system32\ipgz32.exe O4 - HKLM\..\RunOnce: [mswh32.exe] C:\WINDOWS\system32\mswh32.exe O4 - HKLM\..\RunOnce: [crpz32.exe] C:\WINDOWS\system32\crpz32.exe O4 - HKLM\..\RunOnce: [d3kg.exe] C:\WINDOWS\d3kg.exe O4 - HKLM\..\RunOnce: [msta.exe] C:\WINDOWS\system32\msta.exe O4 - HKLM\..\RunOnce: [d3ff.exe] C:\WINDOWS\system32\d3ff.exe O4 - HKLM\..\RunOnce: [addyc.exe] C:\WINDOWS\addyc.exe O4 - HKLM\..\RunOnce: [sdkbz32.exe] C:\WINDOWS\sdkbz32.exe O4 - HKLM\..\RunOnce: [msgr32.exe] C:\WINDOWS\system32\msgr32.exe O4 - HKLM\..\RunOnce: [addeq32.exe] C:\WINDOWS\addeq32.exe O4 - HKLM\..\RunOnce: [atljf32.exe] C:\WINDOWS\system32\atljf32.exe O4 - HKLM\..\RunOnce: [appdk32.exe] C:\WINDOWS\system32\appdk32.exe O4 - HKLM\..\RunOnce: [winwk32.exe] C:\WINDOWS\system32\winwk32.exe O4 - HKLM\..\RunOnce: [ieft.exe] C:\WINDOWS\system32\ieft.exe O4 - HKLM\..\RunOnce: [ntef.exe] C:\WINDOWS\ntef.exe O4 - HKLM\..\RunOnce: [appds.exe] C:\WINDOWS\appds.exe O4 - HKLM\..\RunOnce: [mfccu32.exe] C:\WINDOWS\system32\mfccu32.exe O4 - HKLM\..\RunOnce: [syszx.exe] C:\WINDOWS\syszx.exe O4 - HKLM\..\RunOnce: [atlby.exe] C:\WINDOWS\atlby.exe O4 - HKLM\..\RunOnce: [apphy32.exe] C:\WINDOWS\apphy32.exe O4 - HKLM\..\RunOnce: [apiep32.exe] C:\WINDOWS\system32\apiep32.exe O4 - HKLM\..\RunOnce: [javaal32.exe] C:\WINDOWS\system32\javaal32.exe O4 - HKLM\..\RunOnce: [nethb32.exe] C:\WINDOWS\nethb32.exe O4 - HKLM\..\RunOnce: [cray32.exe] C:\WINDOWS\system32\cray32.exe O4 - HKLM\..\RunOnce: [apifs.exe] C:\WINDOWS\apifs.exe O4 - HKLM\..\RunOnce: [atlhs32.exe] C:\WINDOWS\system32\atlhs32.exe O4 - HKLM\..\RunOnce: [crbe32.exe] C:\WINDOWS\crbe32.exe O4 - HKLM\..\RunOnce: [mshg32.exe] C:\WINDOWS\system32\mshg32.exe O4 - HKLM\..\RunOnce: [msks.exe] C:\WINDOWS\msks.exe O4 - HKLM\..\RunOnce: [ipgl32.exe] C:\WINDOWS\ipgl32.exe O4 - HKLM\..\RunOnce: [addex32.exe] C:\WINDOWS\addex32.exe O4 - HKLM\..\RunOnce: [atlvu32.exe] C:\WINDOWS\system32\atlvu32.exe O4 - HKLM\..\RunOnce: [winqn32.exe] C:\WINDOWS\system32\winqn32.exe O4 - HKLM\..\RunOnce: [msgn32.exe] C:\WINDOWS\msgn32.exe O4 - HKLM\..\RunOnce: [appln.exe] C:\WINDOWS\appln.exe O4 - HKLM\..\RunOnce: [atlyq.exe] C:\WINDOWS\atlyq.exe O4 - HKLM\..\RunOnce: [apicx32.exe] C:\WINDOWS\apicx32.exe O4 - HKLM\..\RunOnce: [crms32.exe] C:\WINDOWS\system32\crms32.exe O4 - HKLM\..\RunOnce: [wincq32.exe] C:\WINDOWS\system32\wincq32.exe O4 - HKLM\..\RunOnce: [d3qf32.exe] C:\WINDOWS\d3qf32.exe O4 - HKLM\..\RunOnce: [mslk.exe] C:\WINDOWS\mslk.exe O4 - HKLM\..\RunOnce: [netfy.exe] C:\WINDOWS\netfy.exe O4 - HKLM\..\RunOnce: [apipu32.exe] C:\WINDOWS\system32\apipu32.exe O4 - HKLM\..\RunOnce: [mfcvt32.exe] C:\WINDOWS\mfcvt32.exe O4 - HKLM\..\RunOnce: [atlcg.exe] C:\WINDOWS\atlcg.exe O4 - HKLM\..\RunOnce: [ipte32.exe] C:\WINDOWS\ipte32.exe O4 - HKLM\..\RunOnce: [iekd.exe] C:\WINDOWS\system32\iekd.exe O4 - HKLM\..\RunOnce: [appoe.exe] C:\WINDOWS\system32\appoe.exe O4 - HKLM\..\RunOnce: [winmm32.exe] C:\WINDOWS\winmm32.exe O4 - HKLM\..\RunOnce: [apiwi.exe] C:\WINDOWS\system32\apiwi.exe O4 - HKLM\..\RunOnce: [mfcuh.exe] C:\WINDOWS\mfcuh.exe O4 - HKLM\..\RunOnce: [netjr32.exe] C:\WINDOWS\netjr32.exe O4 - HKLM\..\RunOnce: [appoa32.exe] C:\WINDOWS\system32\appoa32.exe O4 - HKLM\..\RunOnce: [javajr32.exe] C:\WINDOWS\javajr32.exe O4 - HKLM\..\RunOnce: [appjt32.exe] C:\WINDOWS\appjt32.exe O4 - HKLM\..\RunOnce: [netlr.exe] C:\WINDOWS\system32\netlr.exe O4 - HKLM\..\RunOnce: [msij.exe] C:\WINDOWS\system32\msij.exe O4 - HKLM\..\RunOnce: [javapz.exe] C:\WINDOWS\system32\javapz.exe O4 - HKLM\..\RunOnce: [mfcom.exe] C:\WINDOWS\system32\mfcom.exe O4 - HKLM\..\RunOnce: [addgf32.exe] C:\WINDOWS\addgf32.exe O4 - HKLM\..\RunOnce: [netwx32.exe] C:\WINDOWS\system32\netwx32.exe O4 - HKLM\..\RunOnce: [ieky.exe] C:\WINDOWS\ieky.exe O4 - HKLM\..\RunOnce: [winmp.exe] C:\WINDOWS\system32\winmp.exe O4 - HKLM\..\RunOnce: [msdq32.exe] C:\WINDOWS\system32\msdq32.exe O4 - HKLM\..\RunOnce: [atltf32.exe] C:\WINDOWS\atltf32.exe O4 - HKLM\..\RunOnce: [sdker.exe] C:\WINDOWS\system32\sdker.exe O4 - HKLM\..\RunOnce: [msyh32.exe] C:\WINDOWS\system32\msyh32.exe O4 - HKLM\..\RunOnce: [ntbe32.exe] C:\WINDOWS\ntbe32.exe O4 - HKLM\..\RunOnce: [atlpz32.exe] C:\WINDOWS\system32\atlpz32.exe O4 - HKLM\..\RunOnce: [appsl32.exe] C:\WINDOWS\system32\appsl32.exe O4 - HKLM\..\RunOnce: [apide.exe] C:\WINDOWS\apide.exe O4 - HKLM\..\RunOnce: [mssj32.exe] C:\WINDOWS\system32\mssj32.exe O4 - HKLM\..\RunOnce: [appny32.exe] C:\WINDOWS\system32\appny32.exe O4 - HKLM\..\RunOnce: [addpj.exe] C:\WINDOWS\addpj.exe O4 - HKLM\..\RunOnce: [ipzg.exe] C:\WINDOWS\ipzg.exe O4 - HKLM\..\RunOnce: [apppo.exe] C:\WINDOWS\system32\apppo.exe O4 - HKLM\..\RunOnce: [javaqp32.exe] C:\WINDOWS\system32\javaqp32.exe O4 - HKLM\..\RunOnce: [sdksi32.exe] C:\WINDOWS\sdksi32.exe O4 - HKLM\..\RunOnce: [applf32.exe] C:\WINDOWS\system32\applf32.exe O4 - HKLM\..\RunOnce: [netlw32.exe] C:\WINDOWS\netlw32.exe O4 - HKLM\..\RunOnce: [msyt.exe] C:\WINDOWS\system32\msyt.exe O4 - HKLM\..\RunOnce: [crnt32.exe] C:\WINDOWS\system32\crnt32.exe O4 - HKLM\..\RunOnce: [appyt32.exe] C:\WINDOWS\system32\appyt32.exe O4 - HKLM\..\RunOnce: [iprq32.exe] C:\WINDOWS\system32\iprq32.exe O4 - HKLM\..\RunOnce: [addui.exe] C:\WINDOWS\system32\addui.exe O4 - HKLM\..\RunOnce: [atloa.exe] C:\WINDOWS\system32\atloa.exe O4 - HKLM\..\RunOnce: [sdkkj.exe] C:\WINDOWS\sdkkj.exe O4 - HKLM\..\RunOnce: [mspj.exe] C:\WINDOWS\system32\mspj.exe O4 - HKLM\..\RunOnce: [netst32.exe] C:\WINDOWS\system32\netst32.exe O4 - HKLM\..\RunOnce: [sysap32.exe] C:\WINDOWS\sysap32.exe O4 - HKLM\..\RunOnce: [msoq32.exe] C:\WINDOWS\system32\msoq32.exe O4 - HKLM\..\RunOnce: [iemk32.exe] C:\WINDOWS\system32\iemk32.exe O4 - HKLM\..\RunOnce: [ntlx32.exe] C:\WINDOWS\ntlx32.exe O4 - HKLM\..\RunOnce: [ipfh.exe] C:\WINDOWS\system32\ipfh.exe O4 - HKLM\..\RunOnce: [mfcwr32.exe] C:\WINDOWS\system32\mfcwr32.exe O4 - HKLM\..\RunOnce: [ipls.exe] C:\WINDOWS\system32\ipls.exe O4 - HKLM\..\RunOnce: [netwv.exe] C:\WINDOWS\netwv.exe O4 - HKLM\..\RunOnce: [syswv32.exe] C:\WINDOWS\system32\syswv32.exe O4 - HKLM\..\RunOnce: [javadd32.exe] C:\WINDOWS\system32\javadd32.exe O4 - HKLM\..\RunOnce: [appsa.exe] C:\WINDOWS\system32\appsa.exe O4 - HKLM\..\RunOnce: [addhv32.exe] C:\WINDOWS\addhv32.exe O4 - HKLM\..\RunOnce: [apilh.exe] C:\WINDOWS\system32\apilh.exe O4 - HKLM\..\RunOnce: [iezd.exe] C:\WINDOWS\iezd.exe O4 - HKLM\..\RunOnce: [sdkqy.exe] C:\WINDOWS\sdkqy.exe O4 - HKLM\..\RunOnce: [mfcbx.exe] C:\WINDOWS\mfcbx.exe O4 - HKLM\..\RunOnce: [apity32.exe] C:\WINDOWS\apity32.exe O4 - HKLM\..\RunOnce: [ntfv.exe] C:\WINDOWS\system32\ntfv.exe O4 - HKLM\..\RunOnce: [msnk32.exe] C:\WINDOWS\system32\msnk32.exe O4 - HKLM\..\RunOnce: [msem32.exe] C:\WINDOWS\system32\msem32.exe O4 - HKLM\..\RunOnce: [sysko.exe] C:\WINDOWS\system32\sysko.exe O4 - HKLM\..\RunOnce: [atlbv32.exe] C:\WINDOWS\system32\atlbv32.exe O4 - HKLM\..\RunOnce: [msgs32.exe] C:\WINDOWS\system32\msgs32.exe O4 - HKLM\..\RunOnce: [appfj.exe] C:\WINDOWS\system32\appfj.exe O4 - HKLM\..\RunOnce: [ipdg.exe] C:\WINDOWS\ipdg.exe O4 - HKLM\..\RunOnce: [sysqx32.exe] C:\WINDOWS\sysqx32.exe O4 - HKLM\..\RunOnce: [wintk.exe] C:\WINDOWS\system32\wintk.exe O4 - HKLM\..\RunOnce: [atlpk.exe] C:\WINDOWS\system32\atlpk.exe O4 - HKLM\..\RunOnce: [nttr32.exe] C:\WINDOWS\system32\nttr32.exe O4 - HKLM\..\RunOnce: [cruv.exe] C:\WINDOWS\cruv.exe O4 - HKLM\..\RunOnce: [iplq.exe] C:\WINDOWS\iplq.exe O4 - HKLM\..\RunOnce: [ieyw.exe] C:\WINDOWS\system32\ieyw.exe O4 - HKLM\..\RunOnce: [ntbp32.exe] C:\WINDOWS\system32\ntbp32.exe O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe O4 - HKLM\..\RunOnce: [atlzo.exe] C:\WINDOWS\system32\atlzo.exe O4 - HKLM\..\RunOnce: [javakd.exe] C:\WINDOWS\javakd.exe O4 - HKLM\..\RunOnce: [sdkcm.exe] C:\WINDOWS\sdkcm.exe O4 - HKLM\..\RunOnce: [winal.exe] C:\WINDOWS\system32\winal.exe O4 - HKLM\..\RunOnce: [ipsz.exe] C:\WINDOWS\system32\ipsz.exe O4 - HKLM\..\RunOnce: [ieiu.exe] C:\WINDOWS\system32\ieiu.exe O4 - HKLM\..\RunOnce: [appnt.exe] C:\WINDOWS\appnt.exe O4 - HKLM\..\RunOnce: [addwu.exe] C:\WINDOWS\system32\addwu.exe O4 - HKLM\..\RunOnce: [wincn32.exe] C:\WINDOWS\wincn32.exe O4 - HKLM\..\RunOnce: [ieob.exe] C:\WINDOWS\system32\ieob.exe O4 - HKLM\..\RunOnce: [appsi32.exe] C:\WINDOWS\system32\appsi32.exe O4 - HKLM\..\RunOnce: [crqc.exe] C:\WINDOWS\system32\crqc.exe O4 - HKLM\..\RunOnce: [appls.exe] C:\WINDOWS\appls.exe O4 - HKLM\..\RunOnce: [netjq.exe] C:\WINDOWS\netjq.exe O4 - HKLM\..\RunOnce: [d3kf.exe] C:\WINDOWS\system32\d3kf.exe O4 - HKLM\..\RunOnce: [apiat32.exe] C:\WINDOWS\system32\apiat32.exe O4 - HKLM\..\RunOnce: [javakt.exe] C:\WINDOWS\javakt.exe O4 - HKLM\..\RunOnce: [winla.exe] C:\WINDOWS\system32\winla.exe O4 - HKLM\..\RunOnce: [cryo32.exe] C:\WINDOWS\system32\cryo32.exe O4 - HKLM\..\RunOnce: [ntlh.exe] C:\WINDOWS\ntlh.exe O4 - HKLM\..\RunOnce: [iptv32.exe] C:\WINDOWS\iptv32.exe O4 - HKLM\..\RunOnce: [ieyt.exe] C:\WINDOWS\ieyt.exe O4 - HKLM\..\RunOnce: [netsn.exe] C:\WINDOWS\system32\netsn.exe O4 - HKLM\..\RunOnce: [winjs.exe] C:\WINDOWS\system32\winjs.exe O4 - HKLM\..\RunOnce: [mfcjx.exe] C:\WINDOWS\mfcjx.exe O4 - HKLM\..\RunOnce: [addts32.exe] C:\WINDOWS\system32\addts32.exe O4 - HKLM\..\RunOnce: [sysch32.exe] C:\WINDOWS\system32\sysch32.exe O4 - HKLM\..\RunOnce: [ntzf32.exe] C:\WINDOWS\ntzf32.exe O4 - HKLM\..\RunOnce: [ntyz.exe] C:\WINDOWS\ntyz.exe O4 - HKLM\..\RunOnce: [ipid32.exe] C:\WINDOWS\system32\ipid32.exe O4 - HKLM\..\RunOnce: [crmw32.exe] C:\WINDOWS\crmw32.exe O4 - HKLM\..\RunOnce: [apifq32.exe] C:\WINDOWS\system32\apifq32.exe O4 - HKLM\..\RunOnce: [ntls.exe] C:\WINDOWS\ntls.exe O4 - HKLM\..\RunOnce: [sysgb32.exe] C:\WINDOWS\system32\sysgb32.exe O4 - HKLM\..\RunOnce: [winft.exe] C:\WINDOWS\system32\winft.exe O4 - HKLM\..\RunOnce: [ieoo.exe] C:\WINDOWS\ieoo.exe O4 - HKLM\..\RunOnce: [d3fg32.exe] C:\WINDOWS\system32\d3fg32.exe O4 - HKLM\..\RunOnce: [javadk.exe] C:\WINDOWS\system32\javadk.exe O4 - HKLM\..\RunOnce: [mfcai32.exe] C:\WINDOWS\mfcai32.exe O4 - HKLM\..\RunOnce: [netuk.exe] C:\WINDOWS\system32\netuk.exe O4 - HKLM\..\RunOnce: [ntfd.exe] C:\WINDOWS\system32\ntfd.exe O4 - HKLM\..\RunOnce: [appwo.exe] C:\WINDOWS\system32\appwo.exe O4 - HKLM\..\RunOnce: [crhc.exe] C:\WINDOWS\crhc.exe O4 - HKLM\..\RunOnce: [javafs32.exe] C:\WINDOWS\javafs32.exe O4 - HKLM\..\RunOnce: [apiku32.exe] C:\WINDOWS\system32\apiku32.exe O4 - HKLM\..\RunOnce: [ntbh32.exe] C:\WINDOWS\system32\ntbh32.exe O4 - HKLM\..\RunOnce: [nthv32.exe] C:\WINDOWS\system32\nthv32.exe O4 - HKLM\..\RunOnce: [mfcfj32.exe] C:\WINDOWS\mfcfj32.exe O4 - HKLM\..\RunOnce: [appgj.exe] C:\WINDOWS\system32\appgj.exe O4 - HKLM\..\RunOnce: [ntbx32.exe] C:\WINDOWS\system32\ntbx32.exe O4 - HKLM\..\RunOnce: [netaw.exe] C:\WINDOWS\netaw.exe O4 - HKLM\..\RunOnce: [ipjk.exe] C:\WINDOWS\ipjk.exe O4 - HKLM\..\RunOnce: [netqe32.exe] C:\WINDOWS\netqe32.exe O4 - HKLM\..\RunOnce: [iezv32.exe] C:\WINDOWS\iezv32.exe O4 - HKLM\..\RunOnce: [addyk32.exe] C:\WINDOWS\system32\addyk32.exe O4 - HKLM\..\RunOnce: [iecw.exe] C:\WINDOWS\iecw.exe O4 - HKLM\..\RunOnce: [sdkot.exe] C:\WINDOWS\sdkot.exe O4 - HKLM\..\RunOnce: [msql.exe] C:\WINDOWS\system32\msql.exe O4 - HKLM\..\RunOnce: [crth.exe] C:\WINDOWS\crth.exe O4 - HKLM\..\RunOnce: [sdknh.exe] C:\WINDOWS\sdknh.exe O4 - HKLM\..\RunOnce: [apiyd.exe] C:\WINDOWS\system32\apiyd.exe O4 - HKLM\..\RunOnce: [netcy32.exe] C:\WINDOWS\netcy32.exe O4 - HKLM\..\RunOnce: [addnp.exe] C:\WINDOWS\system32\addnp.exe O4 - HKLM\..\RunOnce: [netxo32.exe] C:\WINDOWS\netxo32.exe O4 - HKLM\..\RunOnce: [mfcdb32.exe] C:\WINDOWS\system32\mfcdb32.exe O4 - HKLM\..\RunOnce: [iebi.exe] C:\WINDOWS\iebi.exe O4 - HKLM\..\RunOnce: [mfczd.exe] C:\WINDOWS\system32\mfczd.exe O4 - HKLM\..\RunOnce: [atlns.exe] C:\WINDOWS\atlns.exe O4 - HKLM\..\RunOnce: [ipby32.exe] C:\WINDOWS\system32\ipby32.exe O4 - HKLM\..\RunOnce: [javazh.exe] C:\WINDOWS\system32\javazh.exe O4 - HKLM\..\RunOnce: [ipnm.exe] C:\WINDOWS\ipnm.exe O4 - HKLM\..\RunOnce: [appnc.exe] C:\WINDOWS\appnc.exe O4 - HKLM\..\RunOnce: [crkb.exe] C:\WINDOWS\crkb.exe O4 - HKLM\..\RunOnce: [sysai.exe] C:\WINDOWS\sysai.exe O4 - HKLM\..\RunOnce: [ntxg.exe] C:\WINDOWS\system32\ntxg.exe O4 - HKLM\..\RunOnce: [apicm.exe] C:\WINDOWS\apicm.exe O4 - HKLM\..\RunOnce: [msit32.exe] C:\WINDOWS\system32\msit32.exe O4 - HKLM\..\RunOnce: [mfcgc32.exe] C:\WINDOWS\mfcgc32.exe O4 - HKLM\..\RunOnce: [apigq.exe] C:\WINDOWS\apigq.exe O4 - HKLM\..\RunOnce: [ntmf32.exe] C:\WINDOWS\ntmf32.exe O4 - HKLM\..\RunOnce: [sdkuq.exe] C:\WINDOWS\sdkuq.exe O4 - HKLM\..\RunOnce: [ipgq32.exe] C:\WINDOWS\system32\ipgq32.exe O4 - HKLM\..\RunOnce: [netuz.exe] C:\WINDOWS\netuz.exe O4 - HKLM\..\RunOnce: [d3ss.exe] C:\WINDOWS\system32\d3ss.exe O4 - HKLM\..\RunOnce: [addke32.exe] C:\WINDOWS\addke32.exe O4 - HKLM\..\RunOnce: [windg.exe] C:\WINDOWS\system32\windg.exe O4 - HKLM\..\RunOnce: [ntnk32.exe] C:\WINDOWS\system32\ntnk32.exe O4 - HKLM\..\RunOnce: [ipwi32.exe] C:\WINDOWS\system32\ipwi32.exe O4 - HKLM\..\RunOnce: [javakj32.exe] C:\WINDOWS\system32\javakj32.exe O4 - HKLM\..\RunOnce: [atlne32.exe] C:\WINDOWS\system32\atlne32.exe O4 - HKLM\..\RunOnce: [atlba.exe] C:\WINDOWS\system32\atlba.exe O4 - HKLM\..\RunOnce: [addpr.exe] C:\WINDOWS\addpr.exe O4 - HKLM\..\RunOnce: [crtx32.exe] C:\WINDOWS\crtx32.exe O4 - HKLM\..\RunOnce: [msrx32.exe] C:\WINDOWS\msrx32.exe O4 - HKLM\..\RunOnce: [atldn.exe] C:\WINDOWS\system32\atldn.exe O4 - HKLM\..\RunOnce: [ntwj.exe] C:\WINDOWS\ntwj.exe O4 - HKLM\..\RunOnce: [syscl32.exe] C:\WINDOWS\syscl32.exe O4 - HKLM\..\RunOnce: [apisi.exe] C:\WINDOWS\apisi.exe O4 - HKLM\..\RunOnce: [javaeo.exe] C:\WINDOWS\javaeo.exe O4 - HKLM\..\RunOnce: [javacp32.exe] C:\WINDOWS\system32\javacp32.exe O4 - HKLM\..\RunOnce: [javaiv32.exe] C:\WINDOWS\system32\javaiv32.exe O4 - HKLM\..\RunOnce: [atlgm.exe] C:\WINDOWS\system32\atlgm.exe O4 - HKLM\..\RunOnce: [msoo32.exe] C:\WINDOWS\system32\msoo32.exe O4 - HKLM\..\RunOnce: [appiw32.exe] C:\WINDOWS\system32\appiw32.exe O4 - HKLM\..\RunOnce: [appbc.exe] C:\WINDOWS\system32\appbc.exe O4 - HKLM\..\RunOnce: [mszm32.exe] C:\WINDOWS\mszm32.exe O4 - HKLM\..\RunOnce: [d3vg32.exe] C:\WINDOWS\system32\d3vg32.exe O4 - HKLM\..\RunOnce: [crhg.exe] C:\WINDOWS\system32\crhg.exe O4 - HKLM\..\RunOnce: [atlmf32.exe] C:\WINDOWS\system32\atlmf32.exe O4 - HKLM\..\RunOnce: [netzb32.exe] C:\WINDOWS\system32\netzb32.exe O4 - HKLM\..\RunOnce: [javatw32.exe] C:\WINDOWS\system32\javatw32.exe O4 - HKLM\..\RunOnce: [mssv32.exe] C:\WINDOWS\system32\mssv32.exe O4 - HKLM\..\RunOnce: [appyr.exe] C:\WINDOWS\system32\appyr.exe O4 - HKLM\..\RunOnce: [iehm32.exe] C:\WINDOWS\system32\iehm32.exe O4 - HKLM\..\RunOnce: [neter32.exe] C:\WINDOWS\neter32.exe O4 - HKLM\..\RunOnce: [mfcwn.exe] C:\WINDOWS\system32\mfcwn.exe O4 - HKLM\..\RunOnce: [sdkmn32.exe] C:\WINDOWS\sdkmn32.exe O4 - HKLM\..\RunOnce: [appjl32.exe] C:\WINDOWS\appjl32.exe O4 - HKLM\..\RunOnce: [javaer32.exe] C:\WINDOWS\system32\javaer32.exe O4 - HKLM\..\RunOnce: [sysqm32.exe] C:\WINDOWS\system32\sysqm32.exe O4 - HKLM\..\RunOnce: [mfcua.exe] C:\WINDOWS\system32\mfcua.exe O4 - HKLM\..\RunOnce: [netjv.exe] C:\WINDOWS\netjv.exe O4 - HKLM\..\RunOnce: [syssz.exe] C:\WINDOWS\syssz.exe O4 - HKLM\..\RunOnce: [atlao32.exe] C:\WINDOWS\atlao32.exe O4 - HKLM\..\RunOnce: [msee32.exe] C:\WINDOWS\system32\msee32.exe O4 - HKLM\..\RunOnce: [javato.exe] C:\WINDOWS\javato.exe O4 - HKLM\..\RunOnce: [crbm32.exe] C:\WINDOWS\system32\crbm32.exe O4 - HKLM\..\RunOnce: [netim32.exe] C:\WINDOWS\netim32.exe O4 - HKLM\..\RunOnce: [msqp32.exe] C:\WINDOWS\msqp32.exe O4 - HKLM\..\RunOnce: [javael.exe] C:\WINDOWS\javael.exe O4 - HKLM\..\RunOnce: [mfcmw32.exe] C:\WINDOWS\mfcmw32.exe O4 - HKLM\..\RunOnce: [mstq32.exe] C:\WINDOWS\mstq32.exe O4 - HKLM\..\RunOnce: [winjy.exe] C:\WINDOWS\winjy.exe O4 - HKLM\..\RunOnce: [iely32.exe] C:\WINDOWS\iely32.exe O4 - HKLM\..\RunOnce: [apimq.exe] C:\WINDOWS\system32\apimq.exe O4 - HKLM\..\RunOnce: [atlqa32.exe] C:\WINDOWS\atlqa32.exe O4 - HKLM\..\RunOnce: [appdr32.exe] C:\WINDOWS\appdr32.exe O4 - HKLM\..\RunOnce: [netyr.exe] C:\WINDOWS\netyr.exe O4 - HKLM\..\RunOnce: [mszv.exe] C:\WINDOWS\system32\mszv.exe O4 - HKLM\..\RunOnce: [mshs.exe] C:\WINDOWS\mshs.exe O4 - HKLM\..\RunOnce: [atluz.exe] C:\WINDOWS\atluz.exe O4 - HKLM\..\RunOnce: [sdkzn.exe] C:\WINDOWS\system32\sdkzn.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O13 - DefaultPrefix: O13 - WWW Prefix: O13 - Home Prefix: http://%6E%6B%76%64%2E%75%73/1525/ O13 - Mosaic Prefix: http://%6E%6B%76%64%2E%75%73/1525/ O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/102c8f8f...p/RdxIE601.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...tx/install.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B83157E1-841B-4659-9447-7B2D8038B586}: NameServer = 198.164.30.2 198.164.4.2 O21 - SSODL: System - {A1A3CE61-D455-48DF-9214-C2B72484DE3A} - C:\WINDOWS\system32\system32.dll |
|
|
|
|
|||
|
|||
| Jeanette |
|
|
|
| |
|
Norman Miller
Guest
Posts: n/a
|
In article < >, Jeanette
says... > I am trying to figure out what is going on on my brothers computer. > It is a fairly new Dell Dimension 4600 - but takes FOREVER to log into > each profile, IE is virtually unusuable, can't visit any search site > and just about any other site I try is blocked as well. Netscape > still remains useable. Downloaded Google Toolbar and that got rid of > lots of porn pop ups, but we've still got lots of spyware, etc messing > things up. Have Spy-Bot and Ad-aware and am running them a few times > a day (keeps finding new things). Just downloaded Hijack This - but > have to admit I have no idea what needs to say and what should go. > Already fixed a few obvious URL redirections, but they keep coming > back. I've copied over the log file and would really appreciate the > help. > Also, are there any other programs I should download for this problem > - and how often should I run them? Is there any way to keep this from > happeneing, we've never had this problem on our home computer. For your last question; yes, it is possible to prevent this, but a lot of the methodology requires discipline on the part of the operator. Don't install every slick gadget that the marketers insist will "improve" your Internet experience; more often then not it only improves their marketing experience; at no small cost to your convenience. For your next to the last question; if proper discipline is applied, "Hijack This" once, for a baseline report on a new install, and that should be it. Run it after any significant change in software to grab a new baseline snapshot. If you practice good discipline, you shouldn't need to run it as a troubleshooter; but if you do encounter a problem, you can run it and check the log against your baseline log. As for the log, itself, it is really busy, and I don't have a lot of experience at HJT. One item did stand out, though, and should be too difficult to deal with. Unless your brother really needs to play with the games, and other goodies offered by WildTangent, dump it. It should be available for removal using "Add/Remove Programs". After running that, you just delete the folders, then run Ad Aware to handle any residual components. Ad Aware does identify WildTangent files. They are a data miner, as well as a game provider. Unless you don't mind marketers mining your data, it is useless fluff; but it is not malware, or harmful, if your brother really likes playing those online games. Frankly, I don't care for anything to do with RealPlayer, either, but it is like WildTangent. Straightforward removal, but if your brother likes what it does, it isn't nasty, or malware. Others are less well known to me, and I can't say one way or the other. I'd start with a small subset of that rather lengthy list of applications; say, this part: > O4 - HKLM\..\RunOnce: [appnc.exe] C:\WINDOWS\appnc.exe > O4 - HKLM\..\RunOnce: [crkb.exe] C:\WINDOWS\crkb.exe > O4 - HKLM\..\RunOnce: [ntxg.exe] C:\WINDOWS\system32\ntxg.exe > O4 - HKLM\..\RunOnce: [apicm.exe] C:\WINDOWS\apicm.exe > O4 - HKLM\..\RunOnce: [msit32.exe] C:\WINDOWS\system32\msit32.exe > O4 - HKLM\..\RunOnce: [apigq.exe] C:\WINDOWS\apigq.exe > O4 - HKLM\..\RunOnce: [ntmf32.exe] C:\WINDOWS\ntmf32.exe > O4 - HKLM\..\RunOnce: [sdkuq.exe] C:\WINDOWS\sdkuq.exe > O4 - HKLM\..\RunOnce: [ipgq32.exe] C:\WINDOWS\system32\ipgq32.exe > O4 - HKLM\..\RunOnce: [netuz.exe] C:\WINDOWS\netuz.exe > O4 - HKLM\..\RunOnce: [addke32.exe] C:\WINDOWS\addke32.exe > O4 - HKLM\..\RunOnce: [windg.exe] C:\WINDOWS\system32\windg.exe > O4 - HKLM\..\RunOnce: [ntnk32.exe] C:\WINDOWS\system32\ntnk32.exe > O4 - HKLM\..\RunOnce: [ipwi32.exe] C:\WINDOWS\system32\ipwi32.exe > O4 - HKLM\..\RunOnce: [atlne32.exe] C:\WINDOWS\system32\atlne32.exe > O4 - HKLM\..\RunOnce: [crtx32.exe] C:\WINDOWS\crtx32.exe > O4 - HKLM\..\RunOnce: [msrx32.exe] C:\WINDOWS\msrx32.exe > O4 - HKLM\..\RunOnce: [ntwj.exe] C:\WINDOWS\ntwj.exe > O4 - HKLM\..\RunOnce: [msoo32.exe] C:\WINDOWS\system32\msoo32.exe > O4 - HKLM\..\RunOnce: [mszm32.exe] C:\WINDOWS\mszm32.exe > O4 - HKLM\..\RunOnce: [d3vg32.exe] C:\WINDOWS\system32\d3vg32.exe > O4 - HKLM\..\RunOnce: [crhg.exe] C:\WINDOWS\system32\crhg.exe > O4 - HKLM\..\RunOnce: [atlmf32.exe] C:\WINDOWS\system32\atlmf32.exe > O4 - HKLM\..\RunOnce: [netzb32.exe] C:\WINDOWS\system32\netzb32.exe I'd start with a Google search on each of the application names. Hopefully, you can see a pattern in my choices. One of those file names should give you a Google hit, and you can take it from there. Hopefully (again!), some of those hits will lead you to information about the other items in that list. It is now wonder that computer is so cranky; it is trying to load too much stuff. With the exception of the Google, Yahoo!, or MSN toolbar, you really don't need anything else; and I used the Yahoo! BHO so infrequently that I finally removed it. No BHOs here; just a well secured browser and a hosts file which redirects advertising trackers to localhost. And, as nearly as I can tell, MSIE6, with the latest patches, can be made reasonably secure, though I prefer Mozilla 1.7.1 for real security. Use the zones. Put that small handful of sites you would really trust to run scripts into the "Trusted sites" zone, and set the "Internet" zone to the highest level of security; that will tame DestructiveX (okay, MSFT calls it, "ActiveX"; but if you know how remote sites can use it to abuse your system, you know why I call it, "DestructiveX"!) I thought there were HJT forums at the site where you downloaded it; have you posted your log there? -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint |
|
|
|
|
|||
|
|
|||
| Norman Miller |
|
|
|
| |
|
JamesBenson
Guest
Posts: n/a
|
Hi, all the entries with the name run or run once mean that each time your
pc start's then all these entries will be run, with my pc there is nothing in the run once section and only a few in the run section, this should give you an idea what should be there, virtually nothing, which is why it is unusable, do a clean install of your OS with trusted CD's if you have them and be careful what you click yes to, sound's like most programs installed third party spyware/adware along with them without you knowing. Be careful of free program's "Norman Miller" <> wrote in message news:. net... > In article < >, Jeanette > says... > > > I am trying to figure out what is going on on my brothers computer. > > It is a fairly new Dell Dimension 4600 - but takes FOREVER to log into > > each profile, IE is virtually unusuable, can't visit any search site > > and just about any other site I try is blocked as well. Netscape > > still remains useable. Downloaded Google Toolbar and that got rid of > > lots of porn pop ups, but we've still got lots of spyware, etc messing > > things up. Have Spy-Bot and Ad-aware and am running them a few times > > a day (keeps finding new things). Just downloaded Hijack This - but > > have to admit I have no idea what needs to say and what should go. > > Already fixed a few obvious URL redirections, but they keep coming > > back. I've copied over the log file and would really appreciate the > > help. > > > Also, are there any other programs I should download for this problem > > - and how often should I run them? Is there any way to keep this from > > happeneing, we've never had this problem on our home computer. > > For your last question; yes, it is possible to prevent this, but a lot of > the methodology requires discipline on the part of the operator. Don't > install every slick gadget that the marketers insist will "improve" your > Internet experience; more often then not it only improves their marketing > experience; at no small cost to your convenience. > > For your next to the last question; if proper discipline is applied, "Hijack > This" once, for a baseline report on a new install, and that should be it. > Run it after any significant change in software to grab a new baseline > snapshot. If you practice good discipline, you shouldn't need to run it as a > troubleshooter; but if you do encounter a problem, you can run it and check > the log against your baseline log. > > As for the log, itself, it is really busy, and I don't have a lot of > experience at HJT. One item did stand out, though, and should be too > difficult to deal with. Unless your brother really needs to play with the > games, and other goodies offered by WildTangent, dump it. It should be > available for removal using "Add/Remove Programs". After running that, you > just delete the folders, then run Ad Aware to handle any residual > components. Ad Aware does identify WildTangent files. They are a data miner, > as well as a game provider. Unless you don't mind marketers mining your > data, it is useless fluff; but it is not malware, or harmful, if your > brother really likes playing those online games. > > Frankly, I don't care for anything to do with RealPlayer, either, but it is > like WildTangent. Straightforward removal, but if your brother likes what it > does, it isn't nasty, or malware. > > Others are less well known to me, and I can't say one way or the other. I'd > start with a small subset of that rather lengthy list of applications; say, > this part: > > > O4 - HKLM\..\RunOnce: [appnc.exe] C:\WINDOWS\appnc.exe > > O4 - HKLM\..\RunOnce: [crkb.exe] C:\WINDOWS\crkb.exe > > O4 - HKLM\..\RunOnce: [ntxg.exe] C:\WINDOWS\system32\ntxg.exe > > O4 - HKLM\..\RunOnce: [apicm.exe] C:\WINDOWS\apicm.exe > > O4 - HKLM\..\RunOnce: [msit32.exe] C:\WINDOWS\system32\msit32.exe > > O4 - HKLM\..\RunOnce: [apigq.exe] C:\WINDOWS\apigq.exe > > O4 - HKLM\..\RunOnce: [ntmf32.exe] C:\WINDOWS\ntmf32.exe > > O4 - HKLM\..\RunOnce: [sdkuq.exe] C:\WINDOWS\sdkuq.exe > > O4 - HKLM\..\RunOnce: [ipgq32.exe] C:\WINDOWS\system32\ipgq32.exe > > O4 - HKLM\..\RunOnce: [netuz.exe] C:\WINDOWS\netuz.exe > > O4 - HKLM\..\RunOnce: [addke32.exe] C:\WINDOWS\addke32.exe > > O4 - HKLM\..\RunOnce: [windg.exe] C:\WINDOWS\system32\windg.exe > > O4 - HKLM\..\RunOnce: [ntnk32.exe] C:\WINDOWS\system32\ntnk32.exe > > O4 - HKLM\..\RunOnce: [ipwi32.exe] C:\WINDOWS\system32\ipwi32.exe > > O4 - HKLM\..\RunOnce: [atlne32.exe] C:\WINDOWS\system32\atlne32.exe > > O4 - HKLM\..\RunOnce: [crtx32.exe] C:\WINDOWS\crtx32.exe > > O4 - HKLM\..\RunOnce: [msrx32.exe] C:\WINDOWS\msrx32.exe > > O4 - HKLM\..\RunOnce: [ntwj.exe] C:\WINDOWS\ntwj.exe > > O4 - HKLM\..\RunOnce: [msoo32.exe] C:\WINDOWS\system32\msoo32.exe > > O4 - HKLM\..\RunOnce: [mszm32.exe] C:\WINDOWS\mszm32.exe > > O4 - HKLM\..\RunOnce: [d3vg32.exe] C:\WINDOWS\system32\d3vg32.exe > > O4 - HKLM\..\RunOnce: [crhg.exe] C:\WINDOWS\system32\crhg.exe > > O4 - HKLM\..\RunOnce: [atlmf32.exe] C:\WINDOWS\system32\atlmf32.exe > > O4 - HKLM\..\RunOnce: [netzb32.exe] C:\WINDOWS\system32\netzb32.exe > > I'd start with a Google search on each of the application names. Hopefully, > you can see a pattern in my choices. One of those file names should give you > a Google hit, and you can take it from there. Hopefully (again!), some of > those hits will lead you to information about the other items in that list. > It is now wonder that computer is so cranky; it is trying to load too much > stuff. > > With the exception of the Google, Yahoo!, or MSN toolbar, you really don't > need anything else; and I used the Yahoo! BHO so infrequently that I finally > removed it. No BHOs here; just a well secured browser and a hosts file which > redirects advertising trackers to localhost. And, as nearly as I can tell, > MSIE6, with the latest patches, can be made reasonably secure, though I > prefer Mozilla 1.7.1 for real security. Use the zones. Put that small > handful of sites you would really trust to run scripts into the "Trusted > sites" zone, and set the "Internet" zone to the highest level of security; > that will tame DestructiveX (okay, MSFT calls it, "ActiveX"; but if you know > how remote sites can use it to abuse your system, you know why I call it, > "DestructiveX"!) > > I thought there were HJT forums at the site where you downloaded it; have > you posted your log there? > > -- > Norman > ~Win dain a lotica, En vai tu ri, Si lo ta > ~Fin dein a loluca, En dragu a sei lain > ~Vi fa-ru les shutai am, En riga-lint |
|
|
|
|
|||
|
|
|||
| JamesBenson |
|
°Mike°
Guest
Posts: n/a
|
You have been Hijacked by CoolWebSearch.
------------------------------------------ Before you proceed, make sure that you have SpyBot S&D installed, AND Ad-Aware installed. Be sure to download and install the Ad-Aware VX2 cleaner plug-in http://www.lavasoftusa.com/software/...2cleaner.shtml Download SpHjfix fix. http://www.trojaner-info.de/cgi-bin/...i?file=sphjfix Download AboutBuster http://tools.zerosrealm.com/AboutBuster.zip Download CWShredder http://www.spywareinfo.com/~merijn/cwschronicles.html Boot into Safe Mode once that's done. As soon as you have booted into Safe Mode, empty your TEMP folder, your Temporary Internet Files (including Offline Content), and your IE History. Continued inline.... On 29 Jul 2004 08:07:16 -0700, in < > Jeanette scrawled: >Hi, >I am trying to figure out what is going on on my brothers computer. >It is a fairly new Dell Dimension 4600 - but takes FOREVER to log into >each profile, IE is virtually unusuable, can't visit any search site >and just about any other site I try is blocked as well. Netscape >still remains useable. Downloaded Google Toolbar and that got rid of >lots of porn pop ups, but we've still got lots of spyware, etc messing >things up. Have Spy-Bot and Ad-aware and am running them a few times >a day (keeps finding new things). Just downloaded Hijack This - but >have to admit I have no idea what needs to say and what should go. >Already fixed a few obvious URL redirections, but they keep coming >back. I've copied over the log file and would really appreciate the >help. > >Also, are there any other programs I should download for this problem >- and how often should I run them? Is there any way to keep this from >happeneing, we've never had this problem on our home computer. > >Thanks so much >Jeanette > >Logfile of HijackThis v1.98.0 >Scan saved at 10:58:02 AM, on 29/07/2004 >Platform: Windows XP SP1 (WinNT 5.01.2600) >MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) DO THIS IN SAFE MODE ================= DISCONNECT FROM THE NET ===================== CLOSE ALL OTHER APPLICATIONS EXCEPT HJT ================================== >Running processes: >C:\WINDOWS\appln.exe >C:\WINDOWS\mfcvi.exe >C:\WINDOWS\system32\addwg.exe End Task the above three processes (CTRL+ALT+DEL). Delete the appln.exe, mfcvi.exe and addwg.exe files, and empty the recycle bin. >R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = >http://213.159.117.134/index.php >R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = >http://213.159.117.134/index.php >R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = >http://213.159.117.134/index.php >R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = >http://213.159.117.134/index.php >R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = >http://213.159.117.134/index.php >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = >http://213.159.117.134/index.php Have HijackThis fix the above entries. >R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = >res://C:\WINDOWS\eluix.dll/sp.html#22776 >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL >= res://C:\WINDOWS\eluix.dll/sp.html#22776 >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = >res://C:\WINDOWS\eluix.dll/sp.html#22776 Have HijackThis fix the above entries. Delete the eluix.dll file, and remove it from the recycle bin. >R3 - Default URLSearchHook is missing Have HijackThis fix the above entry. >O2 - BHO: (no name) - {118BA3A3-204B-60CC-DF7A-B655B766277D} - >C:\WINDOWS\system32\addgr.dll Have HijackThis fix the above entry. Delete the addgr.dll file and empty the recycle bin. >O4 - HKLM\..\Run: [addwg.exe] C:\WINDOWS\system32\addwg.exe >O4 - HKLM\..\RunOnce: [mfcvi.exe] C:\WINDOWS\mfcvi.exe >O4 - HKLM\..\RunOnce: [appln.exe] C:\WINDOWS\appln.exe Have HijackThis fix the above entries. You should have already End Tasked the above processes, and deleted the files. >O4 - HKLM\..\RunOnce: [sdkff32.exe] C:\WINDOWS\system32\sdkff32.exe >O4 - HKLM\..\RunOnce: [msxq32.exe] C:\WINDOWS\msxq32.exe >O4 - HKLM\..\RunOnce: [d3mi.exe] C:\WINDOWS\d3mi.exe >O4 - HKLM\..\RunOnce: [appfe32.exe] C:\WINDOWS\system32\appfe32.exe >O4 - HKLM\..\RunOnce: [javaeg.exe] C:\WINDOWS\system32\javaeg.exe >O4 - HKLM\..\RunOnce: [crjx.exe] C:\WINDOWS\system32\crjx.exe >O4 - HKLM\..\RunOnce: [javahn.exe] C:\WINDOWS\javahn.exe >O4 - HKLM\..\RunOnce: [addhy32.exe] C:\WINDOWS\addhy32.exe >O4 - HKLM\..\RunOnce: [addfo.exe] C:\WINDOWS\system32\addfo.exe >O4 - HKLM\..\RunOnce: [atlnm32.exe] C:\WINDOWS\system32\atlnm32.exe >O4 - HKLM\..\RunOnce: [ntzj32.exe] C:\WINDOWS\system32\ntzj32.exe >O4 - HKLM\..\RunOnce: [ntrr32.exe] C:\WINDOWS\system32\ntrr32.exe >O4 - HKLM\..\RunOnce: [mskn32.exe] C:\WINDOWS\mskn32.exe >O4 - HKLM\..\RunOnce: [netxc.exe] C:\WINDOWS\system32\netxc.exe >O4 - HKLM\..\RunOnce: [crpd.exe] C:\WINDOWS\system32\crpd.exe >O4 - HKLM\..\RunOnce: [crmu.exe] C:\WINDOWS\system32\crmu.exe >O4 - HKLM\..\RunOnce: [apphd32.exe] C:\WINDOWS\apphd32.exe >O4 - HKLM\..\RunOnce: [sdkgr32.exe] C:\WINDOWS\sdkgr32.exe >O4 - HKLM\..\RunOnce: [ntpz32.exe] C:\WINDOWS\ntpz32.exe >O4 - HKLM\..\RunOnce: [sdksb.exe] C:\WINDOWS\system32\sdksb.exe >O4 - HKLM\..\RunOnce: [sysgv.exe] C:\WINDOWS\system32\sysgv.exe >O4 - HKLM\..\RunOnce: [atlul32.exe] C:\WINDOWS\atlul32.exe >O4 - HKLM\..\RunOnce: [iexi32.exe] C:\WINDOWS\system32\iexi32.exe >O4 - HKLM\..\RunOnce: [crid.exe] C:\WINDOWS\crid.exe >O4 - HKLM\..\RunOnce: [sdkal.exe] C:\WINDOWS\sdkal.exe >O4 - HKLM\..\RunOnce: [mscn.exe] C:\WINDOWS\mscn.exe >O4 - HKLM\..\RunOnce: [msae.exe] C:\WINDOWS\system32\msae.exe >O4 - HKLM\..\RunOnce: [mfcbw.exe] C:\WINDOWS\mfcbw.exe >O4 - HKLM\..\RunOnce: [appgs.exe] C:\WINDOWS\appgs.exe >O4 - HKLM\..\RunOnce: [netpc32.exe] C:\WINDOWS\system32\netpc32.exe >O4 - HKLM\..\RunOnce: [javaue32.exe] C:\WINDOWS\system32\javaue32.exe >O4 - HKLM\..\RunOnce: [javaok32.exe] C:\WINDOWS\javaok32.exe >O4 - HKLM\..\RunOnce: [mfcai.exe] C:\WINDOWS\system32\mfcai.exe >O4 - HKLM\..\RunOnce: [atlpn32.exe] C:\WINDOWS\system32\atlpn32.exe >O4 - HKLM\..\RunOnce: [mshk.exe] C:\WINDOWS\mshk.exe >O4 - HKLM\..\RunOnce: [winrx32.exe] C:\WINDOWS\winrx32.exe >O4 - HKLM\..\RunOnce: [javath32.exe] C:\WINDOWS\system32\javath32.exe >O4 - HKLM\..\RunOnce: [syskh32.exe] C:\WINDOWS\system32\syskh32.exe >O4 - HKLM\..\RunOnce: [atlde.exe] C:\WINDOWS\system32\atlde.exe >O4 - HKLM\..\RunOnce: [nethf32.exe] C:\WINDOWS\nethf32.exe >O4 - HKLM\..\RunOnce: [appoy.exe] C:\WINDOWS\system32\appoy.exe >O4 - HKLM\..\RunOnce: [winhq.exe] C:\WINDOWS\system32\winhq.exe >O4 - HKLM\..\RunOnce: [mfcsz32.exe] C:\WINDOWS\system32\mfcsz32.exe >O4 - HKLM\..\RunOnce: [appra.exe] C:\WINDOWS\system32\appra.exe >O4 - HKLM\..\RunOnce: [crep.exe] C:\WINDOWS\crep.exe >O4 - HKLM\..\RunOnce: [mfcow32.exe] C:\WINDOWS\mfcow32.exe >O4 - HKLM\..\RunOnce: [addsa.exe] C:\WINDOWS\addsa.exe >O4 - HKLM\..\RunOnce: [apiyg32.exe] C:\WINDOWS\system32\apiyg32.exe >O4 - HKLM\..\RunOnce: [ipgz32.exe] C:\WINDOWS\system32\ipgz32.exe >O4 - HKLM\..\RunOnce: [mswh32.exe] C:\WINDOWS\system32\mswh32.exe >O4 - HKLM\..\RunOnce: [crpz32.exe] C:\WINDOWS\system32\crpz32.exe >O4 - HKLM\..\RunOnce: [d3kg.exe] C:\WINDOWS\d3kg.exe >O4 - HKLM\..\RunOnce: [msta.exe] C:\WINDOWS\system32\msta.exe >O4 - HKLM\..\RunOnce: [d3ff.exe] C:\WINDOWS\system32\d3ff.exe >O4 - HKLM\..\RunOnce: [addyc.exe] C:\WINDOWS\addyc.exe >O4 - HKLM\..\RunOnce: [sdkbz32.exe] C:\WINDOWS\sdkbz32.exe >O4 - HKLM\..\RunOnce: [msgr32.exe] C:\WINDOWS\system32\msgr32.exe >O4 - HKLM\..\RunOnce: [addeq32.exe] C:\WINDOWS\addeq32.exe >O4 - HKLM\..\RunOnce: [atljf32.exe] C:\WINDOWS\system32\atljf32.exe >O4 - HKLM\..\RunOnce: [appdk32.exe] C:\WINDOWS\system32\appdk32.exe >O4 - HKLM\..\RunOnce: [winwk32.exe] C:\WINDOWS\system32\winwk32.exe >O4 - HKLM\..\RunOnce: [ieft.exe] C:\WINDOWS\system32\ieft.exe >O4 - HKLM\..\RunOnce: [ntef.exe] C:\WINDOWS\ntef.exe >O4 - HKLM\..\RunOnce: [appds.exe] C:\WINDOWS\appds.exe >O4 - HKLM\..\RunOnce: [mfccu32.exe] C:\WINDOWS\system32\mfccu32.exe >O4 - HKLM\..\RunOnce: [syszx.exe] C:\WINDOWS\syszx.exe >O4 - HKLM\..\RunOnce: [atlby.exe] C:\WINDOWS\atlby.exe >O4 - HKLM\..\RunOnce: [apphy32.exe] C:\WINDOWS\apphy32.exe >O4 - HKLM\..\RunOnce: [apiep32.exe] C:\WINDOWS\system32\apiep32.exe >O4 - HKLM\..\RunOnce: [javaal32.exe] C:\WINDOWS\system32\javaal32.exe >O4 - HKLM\..\RunOnce: [nethb32.exe] C:\WINDOWS\nethb32.exe >O4 - HKLM\..\RunOnce: [cray32.exe] C:\WINDOWS\system32\cray32.exe >O4 - HKLM\..\RunOnce: [apifs.exe] C:\WINDOWS\apifs.exe >O4 - HKLM\..\RunOnce: [atlhs32.exe] C:\WINDOWS\system32\atlhs32.exe >O4 - HKLM\..\RunOnce: [crbe32.exe] C:\WINDOWS\crbe32.exe >O4 - HKLM\..\RunOnce: [mshg32.exe] C:\WINDOWS\system32\mshg32.exe >O4 - HKLM\..\RunOnce: [msks.exe] C:\WINDOWS\msks.exe >O4 - HKLM\..\RunOnce: [ipgl32.exe] C:\WINDOWS\ipgl32.exe >O4 - HKLM\..\RunOnce: [addex32.exe] C:\WINDOWS\addex32.exe >O4 - HKLM\..\RunOnce: [atlvu32.exe] C:\WINDOWS\system32\atlvu32.exe >O4 - HKLM\..\RunOnce: [winqn32.exe] C:\WINDOWS\system32\winqn32.exe >O4 - HKLM\..\RunOnce: [msgn32.exe] C:\WINDOWS\msgn32.exe >O4 - HKLM\..\RunOnce: [atlyq.exe] C:\WINDOWS\atlyq.exe >O4 - HKLM\..\RunOnce: [apicx32.exe] C:\WINDOWS\apicx32.exe >O4 - HKLM\..\RunOnce: [crms32.exe] C:\WINDOWS\system32\crms32.exe >O4 - HKLM\..\RunOnce: [wincq32.exe] C:\WINDOWS\system32\wincq32.exe >O4 - HKLM\..\RunOnce: [d3qf32.exe] C:\WINDOWS\d3qf32.exe >O4 - HKLM\..\RunOnce: [mslk.exe] C:\WINDOWS\mslk.exe >O4 - HKLM\..\RunOnce: [netfy.exe] C:\WINDOWS\netfy.exe >O4 - HKLM\..\RunOnce: [apipu32.exe] C:\WINDOWS\system32\apipu32.exe >O4 - HKLM\..\RunOnce: [mfcvt32.exe] C:\WINDOWS\mfcvt32.exe >O4 - HKLM\..\RunOnce: [atlcg.exe] C:\WINDOWS\atlcg.exe >O4 - HKLM\..\RunOnce: [ipte32.exe] C:\WINDOWS\ipte32.exe >O4 - HKLM\..\RunOnce: [iekd.exe] C:\WINDOWS\system32\iekd.exe >O4 - HKLM\..\RunOnce: [appoe.exe] C:\WINDOWS\system32\appoe.exe >O4 - HKLM\..\RunOnce: [winmm32.exe] C:\WINDOWS\winmm32.exe >O4 - HKLM\..\RunOnce: [apiwi.exe] C:\WINDOWS\system32\apiwi.exe >O4 - HKLM\..\RunOnce: [mfcuh.exe] C:\WINDOWS\mfcuh.exe >O4 - HKLM\..\RunOnce: [netjr32.exe] C:\WINDOWS\netjr32.exe >O4 - HKLM\..\RunOnce: [appoa32.exe] C:\WINDOWS\system32\appoa32.exe >O4 - HKLM\..\RunOnce: [javajr32.exe] C:\WINDOWS\javajr32.exe >O4 - HKLM\..\RunOnce: [appjt32.exe] C:\WINDOWS\appjt32.exe >O4 - HKLM\..\RunOnce: [netlr.exe] C:\WINDOWS\system32\netlr.exe >O4 - HKLM\..\RunOnce: [msij.exe] C:\WINDOWS\system32\msij.exe >O4 - HKLM\..\RunOnce: [javapz.exe] C:\WINDOWS\system32\javapz.exe >O4 - HKLM\..\RunOnce: [mfcom.exe] C:\WINDOWS\system32\mfcom.exe >O4 - HKLM\..\RunOnce: [addgf32.exe] C:\WINDOWS\addgf32.exe >O4 - HKLM\..\RunOnce: [netwx32.exe] C:\WINDOWS\system32\netwx32.exe >O4 - HKLM\..\RunOnce: [ieky.exe] C:\WINDOWS\ieky.exe >O4 - HKLM\..\RunOnce: [winmp.exe] C:\WINDOWS\system32\winmp.exe >O4 - HKLM\..\RunOnce: [msdq32.exe] C:\WINDOWS\system32\msdq32.exe >O4 - HKLM\..\RunOnce: [atltf32.exe] C:\WINDOWS\atltf32.exe >O4 - HKLM\..\RunOnce: [sdker.exe] C:\WINDOWS\system32\sdker.exe >O4 - HKLM\..\RunOnce: [msyh32.exe] C:\WINDOWS\system32\msyh32.exe >O4 - HKLM\..\RunOnce: [ntbe32.exe] C:\WINDOWS\ntbe32.exe >O4 - HKLM\..\RunOnce: [atlpz32.exe] C:\WINDOWS\system32\atlpz32.exe >O4 - HKLM\..\RunOnce: [appsl32.exe] C:\WINDOWS\system32\appsl32.exe >O4 - HKLM\..\RunOnce: [apide.exe] C:\WINDOWS\apide.exe >O4 - HKLM\..\RunOnce: [mssj32.exe] C:\WINDOWS\system32\mssj32.exe >O4 - HKLM\..\RunOnce: [appny32.exe] C:\WINDOWS\system32\appny32.exe >O4 - HKLM\..\RunOnce: [addpj.exe] C:\WINDOWS\addpj.exe >O4 - HKLM\..\RunOnce: [ipzg.exe] C:\WINDOWS\ipzg.exe >O4 - HKLM\..\RunOnce: [apppo.exe] C:\WINDOWS\system32\apppo.exe >O4 - HKLM\..\RunOnce: [javaqp32.exe] C:\WINDOWS\system32\javaqp32.exe >O4 - HKLM\..\RunOnce: [sdksi32.exe] C:\WINDOWS\sdksi32.exe >O4 - HKLM\..\RunOnce: [applf32.exe] C:\WINDOWS\system32\applf32.exe >O4 - HKLM\..\RunOnce: [netlw32.exe] C:\WINDOWS\netlw32.exe >O4 - HKLM\..\RunOnce: [msyt.exe] C:\WINDOWS\system32\msyt.exe >O4 - HKLM\..\RunOnce: [crnt32.exe] C:\WINDOWS\system32\crnt32.exe >O4 - HKLM\..\RunOnce: [appyt32.exe] C:\WINDOWS\system32\appyt32.exe >O4 - HKLM\..\RunOnce: [iprq32.exe] C:\WINDOWS\system32\iprq32.exe >O4 - HKLM\..\RunOnce: [addui.exe] C:\WINDOWS\system32\addui.exe >O4 - HKLM\..\RunOnce: [atloa.exe] C:\WINDOWS\system32\atloa.exe >O4 - HKLM\..\RunOnce: [sdkkj.exe] C:\WINDOWS\sdkkj.exe >O4 - HKLM\..\RunOnce: [mspj.exe] C:\WINDOWS\system32\mspj.exe >O4 - HKLM\..\RunOnce: [netst32.exe] C:\WINDOWS\system32\netst32.exe >O4 - HKLM\..\RunOnce: [sysap32.exe] C:\WINDOWS\sysap32.exe >O4 - HKLM\..\RunOnce: [msoq32.exe] C:\WINDOWS\system32\msoq32.exe >O4 - HKLM\..\RunOnce: [iemk32.exe] C:\WINDOWS\system32\iemk32.exe >O4 - HKLM\..\RunOnce: [ntlx32.exe] C:\WINDOWS\ntlx32.exe >O4 - HKLM\..\RunOnce: [ipfh.exe] C:\WINDOWS\system32\ipfh.exe >O4 - HKLM\..\RunOnce: [mfcwr32.exe] C:\WINDOWS\system32\mfcwr32.exe >O4 - HKLM\..\RunOnce: [ipls.exe] C:\WINDOWS\system32\ipls.exe >O4 - HKLM\..\RunOnce: [netwv.exe] C:\WINDOWS\netwv.exe >O4 - HKLM\..\RunOnce: [syswv32.exe] C:\WINDOWS\system32\syswv32.exe >O4 - HKLM\..\RunOnce: [javadd32.exe] C:\WINDOWS\system32\javadd32.exe >O4 - HKLM\..\RunOnce: [appsa.exe] C:\WINDOWS\system32\appsa.exe >O4 - HKLM\..\RunOnce: [addhv32.exe] C:\WINDOWS\addhv32.exe >O4 - HKLM\..\RunOnce: [apilh.exe] C:\WINDOWS\system32\apilh.exe >O4 - HKLM\..\RunOnce: [iezd.exe] C:\WINDOWS\iezd.exe >O4 - HKLM\..\RunOnce: [sdkqy.exe] C:\WINDOWS\sdkqy.exe >O4 - HKLM\..\RunOnce: [mfcbx.exe] C:\WINDOWS\mfcbx.exe >O4 - HKLM\..\RunOnce: [apity32.exe] C:\WINDOWS\apity32.exe >O4 - HKLM\..\RunOnce: [ntfv.exe] C:\WINDOWS\system32\ntfv.exe >O4 - HKLM\..\RunOnce: [msnk32.exe] C:\WINDOWS\system32\msnk32.exe >O4 - HKLM\..\RunOnce: [msem32.exe] C:\WINDOWS\system32\msem32.exe >O4 - HKLM\..\RunOnce: [sysko.exe] C:\WINDOWS\system32\sysko.exe >O4 - HKLM\..\RunOnce: [atlbv32.exe] C:\WINDOWS\system32\atlbv32.exe >O4 - HKLM\..\RunOnce: [msgs32.exe] C:\WINDOWS\system32\msgs32.exe >O4 - HKLM\..\RunOnce: [appfj.exe] C:\WINDOWS\system32\appfj.exe >O4 - HKLM\..\RunOnce: [ipdg.exe] C:\WINDOWS\ipdg.exe >O4 - HKLM\..\RunOnce: [sysqx32.exe] C:\WINDOWS\sysqx32.exe >O4 - HKLM\..\RunOnce: [wintk.exe] C:\WINDOWS\system32\wintk.exe >O4 - HKLM\..\RunOnce: [atlpk.exe] C:\WINDOWS\system32\atlpk.exe >O4 - HKLM\..\RunOnce: [nttr32.exe] C:\WINDOWS\system32\nttr32.exe >O4 - HKLM\..\RunOnce: [cruv.exe] C:\WINDOWS\cruv.exe >O4 - HKLM\..\RunOnce: [iplq.exe] C:\WINDOWS\iplq.exe >O4 - HKLM\..\RunOnce: [ieyw.exe] C:\WINDOWS\system32\ieyw.exe >O4 - HKLM\..\RunOnce: [ntbp32.exe] C:\WINDOWS\system32\ntbp32.exe >O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe >O4 - HKLM\..\RunOnce: [atlzo.exe] C:\WINDOWS\system32\atlzo.exe >O4 - HKLM\..\RunOnce: [javakd.exe] C:\WINDOWS\javakd.exe >O4 - HKLM\..\RunOnce: [sdkcm.exe] C:\WINDOWS\sdkcm.exe >O4 - HKLM\..\RunOnce: [winal.exe] C:\WINDOWS\system32\winal.exe >O4 - HKLM\..\RunOnce: [ipsz.exe] C:\WINDOWS\system32\ipsz.exe >O4 - HKLM\..\RunOnce: [ieiu.exe] C:\WINDOWS\system32\ieiu.exe >O4 - HKLM\..\RunOnce: [appnt.exe] C:\WINDOWS\appnt.exe >O4 - HKLM\..\RunOnce: [addwu.exe] C:\WINDOWS\system32\addwu.exe >O4 - HKLM\..\RunOnce: [wincn32.exe] C:\WINDOWS\wincn32.exe >O4 - HKLM\..\RunOnce: [ieob.exe] C:\WINDOWS\system32\ieob.exe >O4 - HKLM\..\RunOnce: [appsi32.exe] C:\WINDOWS\system32\appsi32.exe >O4 - HKLM\..\RunOnce: [crqc.exe] C:\WINDOWS\system32\crqc.exe >O4 - HKLM\..\RunOnce: [appls.exe] C:\WINDOWS\appls.exe >O4 - HKLM\..\RunOnce: [netjq.exe] C:\WINDOWS\netjq.exe >O4 - HKLM\..\RunOnce: [d3kf.exe] C:\WINDOWS\system32\d3kf.exe >O4 - HKLM\..\RunOnce: [apiat32.exe] C:\WINDOWS\system32\apiat32.exe >O4 - HKLM\..\RunOnce: [javakt.exe] C:\WINDOWS\javakt.exe >O4 - HKLM\..\RunOnce: [winla.exe] C:\WINDOWS\system32\winla.exe >O4 - HKLM\..\RunOnce: [cryo32.exe] C:\WINDOWS\system32\cryo32.exe >O4 - HKLM\..\RunOnce: [ntlh.exe] C:\WINDOWS\ntlh.exe >O4 - HKLM\..\RunOnce: [iptv32.exe] C:\WINDOWS\iptv32.exe >O4 - HKLM\..\RunOnce: [ieyt.exe] C:\WINDOWS\ieyt.exe >O4 - HKLM\..\RunOnce: [netsn.exe] C:\WINDOWS\system32\netsn.exe >O4 - HKLM\..\RunOnce: [winjs.exe] C:\WINDOWS\system32\winjs.exe >O4 - HKLM\..\RunOnce: [mfcjx.exe] C:\WINDOWS\mfcjx.exe >O4 - HKLM\..\RunOnce: [addts32.exe] C:\WINDOWS\system32\addts32.exe >O4 - HKLM\..\RunOnce: [sysch32.exe] C:\WINDOWS\system32\sysch32.exe >O4 - HKLM\..\RunOnce: [ntzf32.exe] C:\WINDOWS\ntzf32.exe >O4 - HKLM\..\RunOnce: [ntyz.exe] C:\WINDOWS\ntyz.exe >O4 - HKLM\..\RunOnce: [ipid32.exe] C:\WINDOWS\system32\ipid32.exe >O4 - HKLM\..\RunOnce: [crmw32.exe] C:\WINDOWS\crmw32.exe >O4 - HKLM\..\RunOnce: [apifq32.exe] C:\WINDOWS\system32\apifq32.exe >O4 - HKLM\..\RunOnce: [ntls.exe] C:\WINDOWS\ntls.exe >O4 - HKLM\..\RunOnce: [sysgb32.exe] C:\WINDOWS\system32\sysgb32.exe >O4 - HKLM\..\RunOnce: [winft.exe] C:\WINDOWS\system32\winft.exe >O4 - HKLM\..\RunOnce: [ieoo.exe] C:\WINDOWS\ieoo.exe >O4 - HKLM\..\RunOnce: [d3fg32.exe] C:\WINDOWS\system32\d3fg32.exe >O4 - HKLM\..\RunOnce: [javadk.exe] C:\WINDOWS\system32\javadk.exe >O4 - HKLM\..\RunOnce: [mfcai32.exe] C:\WINDOWS\mfcai32.exe >O4 - HKLM\..\RunOnce: [netuk.exe] C:\WINDOWS\system32\netuk.exe >O4 - HKLM\..\RunOnce: [ntfd.exe] C:\WINDOWS\system32\ntfd.exe >O4 - HKLM\..\RunOnce: [appwo.exe] C:\WINDOWS\system32\appwo.exe >O4 - HKLM\..\RunOnce: [crhc.exe] C:\WINDOWS\crhc.exe >O4 - HKLM\..\RunOnce: [javafs32.exe] C:\WINDOWS\javafs32.exe >O4 - HKLM\..\RunOnce: [apiku32.exe] C:\WINDOWS\system32\apiku32.exe >O4 - HKLM\..\RunOnce: [ntbh32.exe] C:\WINDOWS\system32\ntbh32.exe >O4 - HKLM\..\RunOnce: [nthv32.exe] C:\WINDOWS\system32\nthv32.exe >O4 - HKLM\..\RunOnce: [mfcfj32.exe] C:\WINDOWS\mfcfj32.exe >O4 - HKLM\..\RunOnce: [appgj.exe] C:\WINDOWS\system32\appgj.exe >O4 - HKLM\..\RunOnce: [ntbx32.exe] C:\WINDOWS\system32\ntbx32.exe >O4 - HKLM\..\RunOnce: [netaw.exe] C:\WINDOWS\netaw.exe >O4 - HKLM\..\RunOnce: [ipjk.exe] C:\WINDOWS\ipjk.exe >O4 - HKLM\..\RunOnce: [netqe32.exe] C:\WINDOWS\netqe32.exe >O4 - HKLM\..\RunOnce: [iezv32.exe] C:\WINDOWS\iezv32.exe >O4 - HKLM\..\RunOnce: [addyk32.exe] C:\WINDOWS\system32\addyk32.exe >O4 - HKLM\..\RunOnce: [iecw.exe] C:\WINDOWS\iecw.exe >O4 - HKLM\..\RunOnce: [sdkot.exe] C:\WINDOWS\sdkot.exe >O4 - HKLM\..\RunOnce: [msql.exe] C:\WINDOWS\system32\msql.exe >O4 - HKLM\..\RunOnce: [crth.exe] C:\WINDOWS\crth.exe >O4 - HKLM\..\RunOnce: [sdknh.exe] C:\WINDOWS\sdknh.exe >O4 - HKLM\..\RunOnce: [apiyd.exe] C:\WINDOWS\system32\apiyd.exe >O4 - HKLM\..\RunOnce: [netcy32.exe] C:\WINDOWS\netcy32.exe >O4 - HKLM\..\RunOnce: [addnp.exe] C:\WINDOWS\system32\addnp.exe >O4 - HKLM\..\RunOnce: [netxo32.exe] C:\WINDOWS\netxo32.exe >O4 - HKLM\..\RunOnce: [mfcdb32.exe] C:\WINDOWS\system32\mfcdb32.exe >O4 - HKLM\..\RunOnce: [iebi.exe] C:\WINDOWS\iebi.exe >O4 - HKLM\..\RunOnce: [mfczd.exe] C:\WINDOWS\system32\mfczd.exe >O4 - HKLM\..\RunOnce: [atlns.exe] C:\WINDOWS\atlns.exe >O4 - HKLM\..\RunOnce: [ipby32.exe] C:\WINDOWS\system32\ipby32.exe >O4 - HKLM\..\RunOnce: [javazh.exe] C:\WINDOWS\system32\javazh.exe >O4 - HKLM\..\RunOnce: [ipnm.exe] C:\WINDOWS\ipnm.exe >O4 - HKLM\..\RunOnce: [appnc.exe] C:\WINDOWS\appnc.exe >O4 - HKLM\..\RunOnce: [crkb.exe] C:\WINDOWS\crkb.exe >O4 - HKLM\..\RunOnce: [sysai.exe] C:\WINDOWS\sysai.exe >O4 - HKLM\..\RunOnce: [ntxg.exe] C:\WINDOWS\system32\ntxg.exe >O4 - HKLM\..\RunOnce: [apicm.exe] C:\WINDOWS\apicm.exe >O4 - HKLM\..\RunOnce: [msit32.exe] C:\WINDOWS\system32\msit32.exe >O4 - HKLM\..\RunOnce: [mfcgc32.exe] C:\WINDOWS\mfcgc32.exe >O4 - HKLM\..\RunOnce: [apigq.exe] C:\WINDOWS\apigq.exe >O4 - HKLM\..\RunOnce: [ntmf32.exe] C:\WINDOWS\ntmf32.exe >O4 - HKLM\..\RunOnce: [sdkuq.exe] C:\WINDOWS\sdkuq.exe >O4 - HKLM\..\RunOnce: [ipgq32.exe] C:\WINDOWS\system32\ipgq32.exe >O4 - HKLM\..\RunOnce: [netuz.exe] C:\WINDOWS\netuz.exe >O4 - HKLM\..\RunOnce: [d3ss.exe] C:\WINDOWS\system32\d3ss.exe >O4 - HKLM\..\RunOnce: [addke32.exe] C:\WINDOWS\addke32.exe >O4 - HKLM\..\RunOnce: [windg.exe] C:\WINDOWS\system32\windg.exe >O4 - HKLM\..\RunOnce: [ntnk32.exe] C:\WINDOWS\system32\ntnk32.exe >O4 - HKLM\..\RunOnce: [ipwi32.exe] C:\WINDOWS\system32\ipwi32.exe >O4 - HKLM\..\RunOnce: [javakj32.exe] C:\WINDOWS\system32\javakj32.exe >O4 - HKLM\..\RunOnce: [atlne32.exe] C:\WINDOWS\system32\atlne32.exe >O4 - HKLM\..\RunOnce: [atlba.exe] C:\WINDOWS\system32\atlba.exe >O4 - HKLM\..\RunOnce: [addpr.exe] C:\WINDOWS\addpr.exe >O4 - HKLM\..\RunOnce: [crtx32.exe] C:\WINDOWS\crtx32.exe >O4 - HKLM\..\RunOnce: [msrx32.exe] C:\WINDOWS\msrx32.exe >O4 - HKLM\..\RunOnce: [atldn.exe] C:\WINDOWS\system32\atldn.exe >O4 - HKLM\..\RunOnce: [ntwj.exe] C:\WINDOWS\ntwj.exe >O4 - HKLM\..\RunOnce: [syscl32.exe] C:\WINDOWS\syscl32.exe >O4 - HKLM\..\RunOnce: [apisi.exe] C:\WINDOWS\apisi.exe >O4 - HKLM\..\RunOnce: [javaeo.exe] C:\WINDOWS\javaeo.exe >O4 - HKLM\..\RunOnce: [javacp32.exe] C:\WINDOWS\system32\javacp32.exe >O4 - HKLM\..\RunOnce: [javaiv32.exe] C:\WINDOWS\system32\javaiv32.exe >O4 - HKLM\..\RunOnce: [atlgm.exe] C:\WINDOWS\system32\atlgm.exe >O4 - HKLM\..\RunOnce: [msoo32.exe] C:\WINDOWS\system32\msoo32.exe >O4 - HKLM\..\RunOnce: [appiw32.exe] C:\WINDOWS\system32\appiw32.exe >O4 - HKLM\..\RunOnce: [appbc.exe] C:\WINDOWS\system32\appbc.exe >O4 - HKLM\..\RunOnce: [mszm32.exe] C:\WINDOWS\mszm32.exe >O4 - HKLM\..\RunOnce: [d3vg32.exe] C:\WINDOWS\system32\d3vg32.exe >O4 - HKLM\..\RunOnce: [crhg.exe] C:\WINDOWS\system32\crhg.exe >O4 - HKLM\..\RunOnce: [atlmf32.exe] C:\WINDOWS\system32\atlmf32.exe >O4 - HKLM\..\RunOnce: [netzb32.exe] C:\WINDOWS\system32\netzb32.exe >O4 - HKLM\..\RunOnce: [javatw32.exe] C:\WINDOWS\system32\javatw32.exe >O4 - HKLM\..\RunOnce: [mssv32.exe] C:\WINDOWS\system32\mssv32.exe >O4 - HKLM\..\RunOnce: [appyr.exe] C:\WINDOWS\system32\appyr.exe >O4 - HKLM\..\RunOnce: [iehm32.exe] C:\WINDOWS\system32\iehm32.exe >O4 - HKLM\..\RunOnce: [neter32.exe] C:\WINDOWS\neter32.exe >O4 - HKLM\..\RunOnce: [mfcwn.exe] C:\WINDOWS\system32\mfcwn.exe >O4 - HKLM\..\RunOnce: [sdkmn32.exe] C:\WINDOWS\sdkmn32.exe >O4 - HKLM\..\RunOnce: [appjl32.exe] C:\WINDOWS\appjl32.exe >O4 - HKLM\..\RunOnce: [javaer32.exe] C:\WINDOWS\system32\javaer32.exe >O4 - HKLM\..\RunOnce: [sysqm32.exe] C:\WINDOWS\system32\sysqm32.exe >O4 - HKLM\..\RunOnce: [mfcua.exe] C:\WINDOWS\system32\mfcua.exe >O4 - HKLM\..\RunOnce: [netjv.exe] C:\WINDOWS\netjv.exe >O4 - HKLM\..\RunOnce: [syssz.exe] C:\WINDOWS\syssz.exe >O4 - HKLM\..\RunOnce: [atlao32.exe] C:\WINDOWS\atlao32.exe >O4 - HKLM\..\RunOnce: [msee32.exe] C:\WINDOWS\system32\msee32.exe >O4 - HKLM\..\RunOnce: [javato.exe] C:\WINDOWS\javato.exe >O4 - HKLM\..\RunOnce: [crbm32.exe] C:\WINDOWS\system32\crbm32.exe >O4 - HKLM\..\RunOnce: [netim32.exe] C:\WINDOWS\netim32.exe >O4 - HKLM\..\RunOnce: [msqp32.exe] C:\WINDOWS\msqp32.exe >O4 - HKLM\..\RunOnce: [javael.exe] C:\WINDOWS\javael.exe >O4 - HKLM\..\RunOnce: [mfcmw32.exe] C:\WINDOWS\mfcmw32.exe >O4 - HKLM\..\RunOnce: [mstq32.exe] C:\WINDOWS\mstq32.exe >O4 - HKLM\..\RunOnce: [winjy.exe] C:\WINDOWS\winjy.exe >O4 - HKLM\..\RunOnce: [iely32.exe] C:\WINDOWS\iely32.exe >O4 - HKLM\..\RunOnce: [apimq.exe] C:\WINDOWS\system32\apimq.exe >O4 - HKLM\..\RunOnce: [atlqa32.exe] C:\WINDOWS\atlqa32.exe >O4 - HKLM\..\RunOnce: [appdr32.exe] C:\WINDOWS\appdr32.exe >O4 - HKLM\..\RunOnce: [netyr.exe] C:\WINDOWS\netyr.exe >O4 - HKLM\..\RunOnce: [mszv.exe] C:\WINDOWS\system32\mszv.exe >O4 - HKLM\..\RunOnce: [mshs.exe] C:\WINDOWS\mshs.exe >O4 - HKLM\..\RunOnce: [atluz.exe] C:\WINDOWS\atluz.exe >O4 - HKLM\..\RunOnce: [sdkzn.exe] C:\WINDOWS\system32\sdkzn.exe Have HijackThis fix ALL of the above 04 - "RunOnce" entries. Go into the Windows and the Windows\System32 folder, and delete EACH AND EVERY ONE of the above files. Empty the recycle bin. >O13 - DefaultPrefix: >O13 - WWW Prefix: >O13 - Home Prefix: http://%6E%6B%76%64%2E%75%73/1525/ >O13 - Mosaic Prefix: http://%6E%6B%76%64%2E%75%73/1525/ Have HijackThis fix the above four entries. >O16 - DPF: Have HijackThis fix ALL of your 016 - DPF entries. >O17 - HKLM\System\CCS\Services\Tcpip\..\{B83157E1-841B-4659-9447-7B2D8038B586}: >NameServer = 198.164.30.2 198.164.4.2 Unless the above IPs (University of New Brunswick) are from your network or ISP, have HijackThis fix the above. >O21 - SSODL: System - {A1A3CE61-D455-48DF-9214-C2B72484DE3A} - >C:\WINDOWS\system32\system32.dll Have HijackThis fix the above. Delete the system32.dll file and empty the recycle bin. Open your registry editor (Start / Run / Regedit) to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es If you see an entry named '__NS_Service_3' delete it. Still in the registry, navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot If you see an entry named 'LEGACY___NS_Service_3' delete it. Close your registry editor. Do NOT reconnect; do NOT reboot into normal mode, yet. Run SpyBot S&D (full scan) Run Ad-Aware (full scan) Run the Ad-Aware VX2 cleaner plug-in. Run the SpHjfix. Run CWShredder Run AboutBuster Re-run HijackThis and rescan. If SpyBot S&D and/or Ad-Aware do not run in Safe Mode, leave those steps until last and run them in normal mode, BEFORE YOU CONNECT. -- Basic computer maintenance http://uk.geocities.com/personel44/maintenance.html |
|
|
|
|
|||
|
|
|||
| °Mike° |
|
°Mike°
Guest
Posts: n/a
|
More totally useless advice -- there is absolutely NO need
for a clean install. On Fri, 30 Jul 2004 18:48:21 GMT, in <VJwOc.407$> JamesBenson scrawled: >Hi, all the entries with the name run or run once mean that each time your >pc start's then all these entries will be run, with my pc there is nothing >in the run once section and only a few in the run section, this should give >you an idea what should be there, virtually nothing, which is why it is >unusable, do a clean install of your OS with trusted CD's if you have them >and be careful what you click yes to, sound's like most programs installed >third party spyware/adware along with them without you knowing. Be careful >of free program's > > >"Norman Miller" <> wrote in message >news: .net... >> In article < >, Jeanette >> says... >> >> > I am trying to figure out what is going on on my brothers computer. >> > It is a fairly new Dell Dimension 4600 - but takes FOREVER to log into >> > each profile, IE is virtually unusuable, can't visit any search site >> > and just about any other site I try is blocked as well. Netscape >> > still remains useable. Downloaded Google Toolbar and that got rid of >> > lots of porn pop ups, but we've still got lots of spyware, etc messing >> > things up. Have Spy-Bot and Ad-aware and am running them a few times >> > a day (keeps finding new things). Just downloaded Hijack This - but >> > have to admit I have no idea what needs to say and what should go. >> > Already fixed a few obvious URL redirections, but they keep coming >> > back. I've copied over the log file and would really appreciate the >> > help. >> >> > Also, are there any other programs I should download for this problem >> > - and how often should I run them? Is there any way to keep this from >> > happeneing, we've never had this problem on our home computer. >> >> For your last question; yes, it is possible to prevent this, but a lot of >> the methodology requires discipline on the part of the operator. Don't >> install every slick gadget that the marketers insist will "improve" your >> Internet experience; more often then not it only improves their marketing >> experience; at no small cost to your convenience. >> >> For your next to the last question; if proper discipline is applied, >"Hijack >> This" once, for a baseline report on a new install, and that should be it. >> Run it after any significant change in software to grab a new baseline >> snapshot. If you practice good discipline, you shouldn't need to run it as >a >> troubleshooter; but if you do encounter a problem, you can run it and >check >> the log against your baseline log. >> >> As for the log, itself, it is really busy, and I don't have a lot of >> experience at HJT. One item did stand out, though, and should be too >> difficult to deal with. Unless your brother really needs to play with the >> games, and other goodies offered by WildTangent, dump it. It should be >> available for removal using "Add/Remove Programs". After running that, you >> just delete the folders, then run Ad Aware to handle any residual >> components. Ad Aware does identify WildTangent files. They are a data >miner, >> as well as a game provider. Unless you don't mind marketers mining your >> data, it is useless fluff; but it is not malware, or harmful, if your >> brother really likes playing those online games. >> >> Frankly, I don't care for anything to do with RealPlayer, either, but it >is >> like WildTangent. Straightforward removal, but if your brother likes what >it >> does, it isn't nasty, or malware. >> >> Others are less well known to me, and I can't say one way or the other. >I'd >> start with a small subset of that rather lengthy list of applications; >say, >> this part: >> >> > O4 - HKLM\..\RunOnce: [appnc.exe] C:\WINDOWS\appnc.exe >> > O4 - HKLM\..\RunOnce: [crkb.exe] C:\WINDOWS\crkb.exe >> > O4 - HKLM\..\RunOnce: [ntxg.exe] C:\WINDOWS\system32\ntxg.exe >> > O4 - HKLM\..\RunOnce: [apicm.exe] C:\WINDOWS\apicm.exe >> > O4 - HKLM\..\RunOnce: [msit32.exe] C:\WINDOWS\system32\msit32.exe >> > O4 - HKLM\..\RunOnce: [apigq.exe] C:\WINDOWS\apigq.exe >> > O4 - HKLM\..\RunOnce: [ntmf32.exe] C:\WINDOWS\ntmf32.exe >> > O4 - HKLM\..\RunOnce: [sdkuq.exe] C:\WINDOWS\sdkuq.exe >> > O4 - HKLM\..\RunOnce: [ipgq32.exe] C:\WINDOWS\system32\ipgq32.exe >> > O4 - HKLM\..\RunOnce: [netuz.exe] C:\WINDOWS\netuz.exe >> > O4 - HKLM\..\RunOnce: [addke32.exe] C:\WINDOWS\addke32.exe >> > O4 - HKLM\..\RunOnce: [windg.exe] C:\WINDOWS\system32\windg.exe >> > O4 - HKLM\..\RunOnce: [ntnk32.exe] C:\WINDOWS\system32\ntnk32.exe >> > O4 - HKLM\..\RunOnce: [ipwi32.exe] C:\WINDOWS\system32\ipwi32.exe >> > O4 - HKLM\..\RunOnce: [atlne32.exe] C:\WINDOWS\system32\atlne32.exe >> > O4 - HKLM\..\RunOnce: [crtx32.exe] C:\WINDOWS\crtx32.exe >> > O4 - HKLM\..\RunOnce: [msrx32.exe] C:\WINDOWS\msrx32.exe >> > O4 - HKLM\..\RunOnce: [ntwj.exe] C:\WINDOWS\ntwj.exe >> > O4 - HKLM\..\RunOnce: [msoo32.exe] C:\WINDOWS\system32\msoo32.exe >> > O4 - HKLM\..\RunOnce: [mszm32.exe] C:\WINDOWS\mszm32.exe >> > O4 - HKLM\..\RunOnce: [d3vg32.exe] C:\WINDOWS\system32\d3vg32.exe >> > O4 - HKLM\..\RunOnce: [crhg.exe] C:\WINDOWS\system32\crhg.exe >> > O4 - HKLM\..\RunOnce: [atlmf32.exe] C:\WINDOWS\system32\atlmf32.exe >> > O4 - HKLM\..\RunOnce: [netzb32.exe] C:\WINDOWS\system32\netzb32.exe >> >> I'd start with a Google search on each of the application names. >Hopefully, >> you can see a pattern in my choices. One of those file names should give >you >> a Google hit, and you can take it from there. Hopefully (again!), some of >> those hits will lead you to information about the other items in that >list. >> It is now wonder that computer is so cranky; it is trying to load too much >> stuff. >> >> With the exception of the Google, Yahoo!, or MSN toolbar, you really don't >> need anything else; and I used the Yahoo! BHO so infrequently that I >finally >> removed it. No BHOs here; just a well secured browser and a hosts file >which >> redirects advertising trackers to localhost. And, as nearly as I can tell, >> MSIE6, with the latest patches, can be made reasonably secure, though I >> prefer Mozilla 1.7.1 for real security. Use the zones. Put that small >> handful of sites you would really trust to run scripts into the "Trusted >> sites" zone, and set the "Internet" zone to the highest level of security; >> that will tame DestructiveX (okay, MSFT calls it, "ActiveX"; but if you >know >> how remote sites can use it to abuse your system, you know why I call it, >> "DestructiveX"!) >> >> I thought there were HJT forums at the site where you downloaded it; have >> you posted your log there? >> >> -- >> Norman >> ~Win dain a lotica, En vai tu ri, Si lo ta >> ~Fin dein a loluca, En dragu a sei lain >> ~Vi fa-ru les shutai am, En riga-lint > -- Basic computer maintenance http://uk.geocities.com/personel44/maintenance.html |
|
|
|
|
|||
|
|
|||
| °Mike° |
|
|
|
| |
|
| Thread Tools | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| need help reading my hijack this log | woodlandplayer | Computer Support | 6 | 08-20-2004 05:32 AM |
| hijack this log file | Lisa Goodman | Computer Support | 1 | 08-11-2004 01:41 AM |
| Need help on Hijack This log | TyzNanny | Computer Support | 1 | 06-10-2004 10:31 PM |
| Hijack This Log - Please Help | Rich Gabriele | Computer Support | 1 | 05-26-2004 06:19 PM |
| Hijack this log por favor | joevan | Computer Support | 6 | 02-20-2004 07:27 PM |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc..
SEO by vBSEO ©2010, Crawlability, Inc. |
