Hijack This log - what to delete?

Discussion in 'Computer Support' started by Jeanette, Jul 29, 2004.

  1. Jeanette

    Jeanette Guest

    Hi,
    I am trying to figure out what is going on on my brothers computer.
    It is a fairly new Dell Dimension 4600 - but takes FOREVER to log into
    each profile, IE is virtually unusuable, can't visit any search site
    and just about any other site I try is blocked as well. Netscape
    still remains useable. Downloaded Google Toolbar and that got rid of
    lots of porn pop ups, but we've still got lots of spyware, etc messing
    things up. Have Spy-Bot and Ad-aware and am running them a few times
    a day (keeps finding new things). Just downloaded Hijack This - but
    have to admit I have no idea what needs to say and what should go.
    Already fixed a few obvious URL redirections, but they keep coming
    back. I've copied over the log file and would really appreciate the
    help.

    Also, are there any other programs I should download for this problem
    - and how often should I run them? Is there any way to keep this from
    happeneing, we've never had this problem on our home computer.

    Thanks so much
    Jeanette

    Logfile of HijackThis v1.98.0
    Scan saved at 10:58:02 AM, on 29/07/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\appln.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\mfcvi.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\addwg.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\My Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://213.159.117.134/index.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    res://C:\WINDOWS\eluix.dll/sp.html#22776
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://213.159.117.134/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://213.159.117.134/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    = res://C:\WINDOWS\eluix.dll/sp.html#22776
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    res://C:\WINDOWS\eluix.dll/sp.html#22776
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://213.159.117.134/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    http://213.159.117.134/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    http://213.159.117.134/index.php
    R3 - Default URLSearchHook is missing
    N3 - Netscape 7: user_pref("browser.startup.homepage",
    "http://my.netscape.com/index2.psp"); (C:\Documents and
    Settings\Doreen\Application
    Data\Mozilla\Profiles\default\byezdowj.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine",
    "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
    (C:\Documents and Settings\Doreen\Application
    Data\Mozilla\Profiles\default\byezdowj.slt\prefs.js)
    O2 - BHO: (no name) - {118BA3A3-204B-60CC-DF7A-B655B766277D} -
    C:\WINDOWS\system32\addgr.dll
    O2 - BHO: Google Toolbar Helper -
    {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
    files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus -
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
    AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
    C:\Program Files\MSN Toolbar\01.01.1721.0\en-ca\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
    c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec
    Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe
    O4 - HKLM\..\Run: [addwg.exe] C:\WINDOWS\system32\addwg.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunOnce: [mfcvi.exe] C:\WINDOWS\mfcvi.exe
    O4 - HKLM\..\RunOnce: [sdkff32.exe] C:\WINDOWS\system32\sdkff32.exe
    O4 - HKLM\..\RunOnce: [msxq32.exe] C:\WINDOWS\msxq32.exe
    O4 - HKLM\..\RunOnce: [d3mi.exe] C:\WINDOWS\d3mi.exe
    O4 - HKLM\..\RunOnce: [appfe32.exe] C:\WINDOWS\system32\appfe32.exe
    O4 - HKLM\..\RunOnce: [javaeg.exe] C:\WINDOWS\system32\javaeg.exe
    O4 - HKLM\..\RunOnce: [crjx.exe] C:\WINDOWS\system32\crjx.exe
    O4 - HKLM\..\RunOnce: [javahn.exe] C:\WINDOWS\javahn.exe
    O4 - HKLM\..\RunOnce: [addhy32.exe] C:\WINDOWS\addhy32.exe
    O4 - HKLM\..\RunOnce: [addfo.exe] C:\WINDOWS\system32\addfo.exe
    O4 - HKLM\..\RunOnce: [atlnm32.exe] C:\WINDOWS\system32\atlnm32.exe
    O4 - HKLM\..\RunOnce: [ntzj32.exe] C:\WINDOWS\system32\ntzj32.exe
    O4 - HKLM\..\RunOnce: [ntrr32.exe] C:\WINDOWS\system32\ntrr32.exe
    O4 - HKLM\..\RunOnce: [mskn32.exe] C:\WINDOWS\mskn32.exe
    O4 - HKLM\..\RunOnce: [netxc.exe] C:\WINDOWS\system32\netxc.exe
    O4 - HKLM\..\RunOnce: [crpd.exe] C:\WINDOWS\system32\crpd.exe
    O4 - HKLM\..\RunOnce: [crmu.exe] C:\WINDOWS\system32\crmu.exe
    O4 - HKLM\..\RunOnce: [apphd32.exe] C:\WINDOWS\apphd32.exe
    O4 - HKLM\..\RunOnce: [sdkgr32.exe] C:\WINDOWS\sdkgr32.exe
    O4 - HKLM\..\RunOnce: [ntpz32.exe] C:\WINDOWS\ntpz32.exe
    O4 - HKLM\..\RunOnce: [sdksb.exe] C:\WINDOWS\system32\sdksb.exe
    O4 - HKLM\..\RunOnce: [sysgv.exe] C:\WINDOWS\system32\sysgv.exe
    O4 - HKLM\..\RunOnce: [atlul32.exe] C:\WINDOWS\atlul32.exe
    O4 - HKLM\..\RunOnce: [iexi32.exe] C:\WINDOWS\system32\iexi32.exe
    O4 - HKLM\..\RunOnce: [crid.exe] C:\WINDOWS\crid.exe
    O4 - HKLM\..\RunOnce: [sdkal.exe] C:\WINDOWS\sdkal.exe
    O4 - HKLM\..\RunOnce: [mscn.exe] C:\WINDOWS\mscn.exe
    O4 - HKLM\..\RunOnce: [msae.exe] C:\WINDOWS\system32\msae.exe
    O4 - HKLM\..\RunOnce: [mfcbw.exe] C:\WINDOWS\mfcbw.exe
    O4 - HKLM\..\RunOnce: [appgs.exe] C:\WINDOWS\appgs.exe
    O4 - HKLM\..\RunOnce: [netpc32.exe] C:\WINDOWS\system32\netpc32.exe
    O4 - HKLM\..\RunOnce: [javaue32.exe] C:\WINDOWS\system32\javaue32.exe
    O4 - HKLM\..\RunOnce: [javaok32.exe] C:\WINDOWS\javaok32.exe
    O4 - HKLM\..\RunOnce: [mfcai.exe] C:\WINDOWS\system32\mfcai.exe
    O4 - HKLM\..\RunOnce: [atlpn32.exe] C:\WINDOWS\system32\atlpn32.exe
    O4 - HKLM\..\RunOnce: [mshk.exe] C:\WINDOWS\mshk.exe
    O4 - HKLM\..\RunOnce: [winrx32.exe] C:\WINDOWS\winrx32.exe
    O4 - HKLM\..\RunOnce: [javath32.exe] C:\WINDOWS\system32\javath32.exe
    O4 - HKLM\..\RunOnce: [syskh32.exe] C:\WINDOWS\system32\syskh32.exe
    O4 - HKLM\..\RunOnce: [atlde.exe] C:\WINDOWS\system32\atlde.exe
    O4 - HKLM\..\RunOnce: [nethf32.exe] C:\WINDOWS\nethf32.exe
    O4 - HKLM\..\RunOnce: [appoy.exe] C:\WINDOWS\system32\appoy.exe
    O4 - HKLM\..\RunOnce: [winhq.exe] C:\WINDOWS\system32\winhq.exe
    O4 - HKLM\..\RunOnce: [mfcsz32.exe] C:\WINDOWS\system32\mfcsz32.exe
    O4 - HKLM\..\RunOnce: [appra.exe] C:\WINDOWS\system32\appra.exe
    O4 - HKLM\..\RunOnce: [crep.exe] C:\WINDOWS\crep.exe
    O4 - HKLM\..\RunOnce: [mfcow32.exe] C:\WINDOWS\mfcow32.exe
    O4 - HKLM\..\RunOnce: [addsa.exe] C:\WINDOWS\addsa.exe
    O4 - HKLM\..\RunOnce: [apiyg32.exe] C:\WINDOWS\system32\apiyg32.exe
    O4 - HKLM\..\RunOnce: [ipgz32.exe] C:\WINDOWS\system32\ipgz32.exe
    O4 - HKLM\..\RunOnce: [mswh32.exe] C:\WINDOWS\system32\mswh32.exe
    O4 - HKLM\..\RunOnce: [crpz32.exe] C:\WINDOWS\system32\crpz32.exe
    O4 - HKLM\..\RunOnce: [d3kg.exe] C:\WINDOWS\d3kg.exe
    O4 - HKLM\..\RunOnce: [msta.exe] C:\WINDOWS\system32\msta.exe
    O4 - HKLM\..\RunOnce: [d3ff.exe] C:\WINDOWS\system32\d3ff.exe
    O4 - HKLM\..\RunOnce: [addyc.exe] C:\WINDOWS\addyc.exe
    O4 - HKLM\..\RunOnce: [sdkbz32.exe] C:\WINDOWS\sdkbz32.exe
    O4 - HKLM\..\RunOnce: [msgr32.exe] C:\WINDOWS\system32\msgr32.exe
    O4 - HKLM\..\RunOnce: [addeq32.exe] C:\WINDOWS\addeq32.exe
    O4 - HKLM\..\RunOnce: [atljf32.exe] C:\WINDOWS\system32\atljf32.exe
    O4 - HKLM\..\RunOnce: [appdk32.exe] C:\WINDOWS\system32\appdk32.exe
    O4 - HKLM\..\RunOnce: [winwk32.exe] C:\WINDOWS\system32\winwk32.exe
    O4 - HKLM\..\RunOnce: [ieft.exe] C:\WINDOWS\system32\ieft.exe
    O4 - HKLM\..\RunOnce: [ntef.exe] C:\WINDOWS\ntef.exe
    O4 - HKLM\..\RunOnce: [appds.exe] C:\WINDOWS\appds.exe
    O4 - HKLM\..\RunOnce: [mfccu32.exe] C:\WINDOWS\system32\mfccu32.exe
    O4 - HKLM\..\RunOnce: [syszx.exe] C:\WINDOWS\syszx.exe
    O4 - HKLM\..\RunOnce: [atlby.exe] C:\WINDOWS\atlby.exe
    O4 - HKLM\..\RunOnce: [apphy32.exe] C:\WINDOWS\apphy32.exe
    O4 - HKLM\..\RunOnce: [apiep32.exe] C:\WINDOWS\system32\apiep32.exe
    O4 - HKLM\..\RunOnce: [javaal32.exe] C:\WINDOWS\system32\javaal32.exe
    O4 - HKLM\..\RunOnce: [nethb32.exe] C:\WINDOWS\nethb32.exe
    O4 - HKLM\..\RunOnce: [cray32.exe] C:\WINDOWS\system32\cray32.exe
    O4 - HKLM\..\RunOnce: [apifs.exe] C:\WINDOWS\apifs.exe
    O4 - HKLM\..\RunOnce: [atlhs32.exe] C:\WINDOWS\system32\atlhs32.exe
    O4 - HKLM\..\RunOnce: [crbe32.exe] C:\WINDOWS\crbe32.exe
    O4 - HKLM\..\RunOnce: [mshg32.exe] C:\WINDOWS\system32\mshg32.exe
    O4 - HKLM\..\RunOnce: [msks.exe] C:\WINDOWS\msks.exe
    O4 - HKLM\..\RunOnce: [ipgl32.exe] C:\WINDOWS\ipgl32.exe
    O4 - HKLM\..\RunOnce: [addex32.exe] C:\WINDOWS\addex32.exe
    O4 - HKLM\..\RunOnce: [atlvu32.exe] C:\WINDOWS\system32\atlvu32.exe
    O4 - HKLM\..\RunOnce: [winqn32.exe] C:\WINDOWS\system32\winqn32.exe
    O4 - HKLM\..\RunOnce: [msgn32.exe] C:\WINDOWS\msgn32.exe
    O4 - HKLM\..\RunOnce: [appln.exe] C:\WINDOWS\appln.exe
    O4 - HKLM\..\RunOnce: [atlyq.exe] C:\WINDOWS\atlyq.exe
    O4 - HKLM\..\RunOnce: [apicx32.exe] C:\WINDOWS\apicx32.exe
    O4 - HKLM\..\RunOnce: [crms32.exe] C:\WINDOWS\system32\crms32.exe
    O4 - HKLM\..\RunOnce: [wincq32.exe] C:\WINDOWS\system32\wincq32.exe
    O4 - HKLM\..\RunOnce: [d3qf32.exe] C:\WINDOWS\d3qf32.exe
    O4 - HKLM\..\RunOnce: [mslk.exe] C:\WINDOWS\mslk.exe
    O4 - HKLM\..\RunOnce: [netfy.exe] C:\WINDOWS\netfy.exe
    O4 - HKLM\..\RunOnce: [apipu32.exe] C:\WINDOWS\system32\apipu32.exe
    O4 - HKLM\..\RunOnce: [mfcvt32.exe] C:\WINDOWS\mfcvt32.exe
    O4 - HKLM\..\RunOnce: [atlcg.exe] C:\WINDOWS\atlcg.exe
    O4 - HKLM\..\RunOnce: [ipte32.exe] C:\WINDOWS\ipte32.exe
    O4 - HKLM\..\RunOnce: [iekd.exe] C:\WINDOWS\system32\iekd.exe
    O4 - HKLM\..\RunOnce: [appoe.exe] C:\WINDOWS\system32\appoe.exe
    O4 - HKLM\..\RunOnce: [winmm32.exe] C:\WINDOWS\winmm32.exe
    O4 - HKLM\..\RunOnce: [apiwi.exe] C:\WINDOWS\system32\apiwi.exe
    O4 - HKLM\..\RunOnce: [mfcuh.exe] C:\WINDOWS\mfcuh.exe
    O4 - HKLM\..\RunOnce: [netjr32.exe] C:\WINDOWS\netjr32.exe
    O4 - HKLM\..\RunOnce: [appoa32.exe] C:\WINDOWS\system32\appoa32.exe
    O4 - HKLM\..\RunOnce: [javajr32.exe] C:\WINDOWS\javajr32.exe
    O4 - HKLM\..\RunOnce: [appjt32.exe] C:\WINDOWS\appjt32.exe
    O4 - HKLM\..\RunOnce: [netlr.exe] C:\WINDOWS\system32\netlr.exe
    O4 - HKLM\..\RunOnce: [msij.exe] C:\WINDOWS\system32\msij.exe
    O4 - HKLM\..\RunOnce: [javapz.exe] C:\WINDOWS\system32\javapz.exe
    O4 - HKLM\..\RunOnce: [mfcom.exe] C:\WINDOWS\system32\mfcom.exe
    O4 - HKLM\..\RunOnce: [addgf32.exe] C:\WINDOWS\addgf32.exe
    O4 - HKLM\..\RunOnce: [netwx32.exe] C:\WINDOWS\system32\netwx32.exe
    O4 - HKLM\..\RunOnce: [ieky.exe] C:\WINDOWS\ieky.exe
    O4 - HKLM\..\RunOnce: [winmp.exe] C:\WINDOWS\system32\winmp.exe
    O4 - HKLM\..\RunOnce: [msdq32.exe] C:\WINDOWS\system32\msdq32.exe
    O4 - HKLM\..\RunOnce: [atltf32.exe] C:\WINDOWS\atltf32.exe
    O4 - HKLM\..\RunOnce: [sdker.exe] C:\WINDOWS\system32\sdker.exe
    O4 - HKLM\..\RunOnce: [msyh32.exe] C:\WINDOWS\system32\msyh32.exe
    O4 - HKLM\..\RunOnce: [ntbe32.exe] C:\WINDOWS\ntbe32.exe
    O4 - HKLM\..\RunOnce: [atlpz32.exe] C:\WINDOWS\system32\atlpz32.exe
    O4 - HKLM\..\RunOnce: [appsl32.exe] C:\WINDOWS\system32\appsl32.exe
    O4 - HKLM\..\RunOnce: [apide.exe] C:\WINDOWS\apide.exe
    O4 - HKLM\..\RunOnce: [mssj32.exe] C:\WINDOWS\system32\mssj32.exe
    O4 - HKLM\..\RunOnce: [appny32.exe] C:\WINDOWS\system32\appny32.exe
    O4 - HKLM\..\RunOnce: [addpj.exe] C:\WINDOWS\addpj.exe
    O4 - HKLM\..\RunOnce: [ipzg.exe] C:\WINDOWS\ipzg.exe
    O4 - HKLM\..\RunOnce: [apppo.exe] C:\WINDOWS\system32\apppo.exe
    O4 - HKLM\..\RunOnce: [javaqp32.exe] C:\WINDOWS\system32\javaqp32.exe
    O4 - HKLM\..\RunOnce: [sdksi32.exe] C:\WINDOWS\sdksi32.exe
    O4 - HKLM\..\RunOnce: [applf32.exe] C:\WINDOWS\system32\applf32.exe
    O4 - HKLM\..\RunOnce: [netlw32.exe] C:\WINDOWS\netlw32.exe
    O4 - HKLM\..\RunOnce: [msyt.exe] C:\WINDOWS\system32\msyt.exe
    O4 - HKLM\..\RunOnce: [crnt32.exe] C:\WINDOWS\system32\crnt32.exe
    O4 - HKLM\..\RunOnce: [appyt32.exe] C:\WINDOWS\system32\appyt32.exe
    O4 - HKLM\..\RunOnce: [iprq32.exe] C:\WINDOWS\system32\iprq32.exe
    O4 - HKLM\..\RunOnce: [addui.exe] C:\WINDOWS\system32\addui.exe
    O4 - HKLM\..\RunOnce: [atloa.exe] C:\WINDOWS\system32\atloa.exe
    O4 - HKLM\..\RunOnce: [sdkkj.exe] C:\WINDOWS\sdkkj.exe
    O4 - HKLM\..\RunOnce: [mspj.exe] C:\WINDOWS\system32\mspj.exe
    O4 - HKLM\..\RunOnce: [netst32.exe] C:\WINDOWS\system32\netst32.exe
    O4 - HKLM\..\RunOnce: [sysap32.exe] C:\WINDOWS\sysap32.exe
    O4 - HKLM\..\RunOnce: [msoq32.exe] C:\WINDOWS\system32\msoq32.exe
    O4 - HKLM\..\RunOnce: [iemk32.exe] C:\WINDOWS\system32\iemk32.exe
    O4 - HKLM\..\RunOnce: [ntlx32.exe] C:\WINDOWS\ntlx32.exe
    O4 - HKLM\..\RunOnce: [ipfh.exe] C:\WINDOWS\system32\ipfh.exe
    O4 - HKLM\..\RunOnce: [mfcwr32.exe] C:\WINDOWS\system32\mfcwr32.exe
    O4 - HKLM\..\RunOnce: [ipls.exe] C:\WINDOWS\system32\ipls.exe
    O4 - HKLM\..\RunOnce: [netwv.exe] C:\WINDOWS\netwv.exe
    O4 - HKLM\..\RunOnce: [syswv32.exe] C:\WINDOWS\system32\syswv32.exe
    O4 - HKLM\..\RunOnce: [javadd32.exe] C:\WINDOWS\system32\javadd32.exe
    O4 - HKLM\..\RunOnce: [appsa.exe] C:\WINDOWS\system32\appsa.exe
    O4 - HKLM\..\RunOnce: [addhv32.exe] C:\WINDOWS\addhv32.exe
    O4 - HKLM\..\RunOnce: [apilh.exe] C:\WINDOWS\system32\apilh.exe
    O4 - HKLM\..\RunOnce: [iezd.exe] C:\WINDOWS\iezd.exe
    O4 - HKLM\..\RunOnce: [sdkqy.exe] C:\WINDOWS\sdkqy.exe
    O4 - HKLM\..\RunOnce: [mfcbx.exe] C:\WINDOWS\mfcbx.exe
    O4 - HKLM\..\RunOnce: [apity32.exe] C:\WINDOWS\apity32.exe
    O4 - HKLM\..\RunOnce: [ntfv.exe] C:\WINDOWS\system32\ntfv.exe
    O4 - HKLM\..\RunOnce: [msnk32.exe] C:\WINDOWS\system32\msnk32.exe
    O4 - HKLM\..\RunOnce: [msem32.exe] C:\WINDOWS\system32\msem32.exe
    O4 - HKLM\..\RunOnce: [sysko.exe] C:\WINDOWS\system32\sysko.exe
    O4 - HKLM\..\RunOnce: [atlbv32.exe] C:\WINDOWS\system32\atlbv32.exe
    O4 - HKLM\..\RunOnce: [msgs32.exe] C:\WINDOWS\system32\msgs32.exe
    O4 - HKLM\..\RunOnce: [appfj.exe] C:\WINDOWS\system32\appfj.exe
    O4 - HKLM\..\RunOnce: [ipdg.exe] C:\WINDOWS\ipdg.exe
    O4 - HKLM\..\RunOnce: [sysqx32.exe] C:\WINDOWS\sysqx32.exe
    O4 - HKLM\..\RunOnce: [wintk.exe] C:\WINDOWS\system32\wintk.exe
    O4 - HKLM\..\RunOnce: [atlpk.exe] C:\WINDOWS\system32\atlpk.exe
    O4 - HKLM\..\RunOnce: [nttr32.exe] C:\WINDOWS\system32\nttr32.exe
    O4 - HKLM\..\RunOnce: [cruv.exe] C:\WINDOWS\cruv.exe
    O4 - HKLM\..\RunOnce: [iplq.exe] C:\WINDOWS\iplq.exe
    O4 - HKLM\..\RunOnce: [ieyw.exe] C:\WINDOWS\system32\ieyw.exe
    O4 - HKLM\..\RunOnce: [ntbp32.exe] C:\WINDOWS\system32\ntbp32.exe
    O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
    O4 - HKLM\..\RunOnce: [atlzo.exe] C:\WINDOWS\system32\atlzo.exe
    O4 - HKLM\..\RunOnce: [javakd.exe] C:\WINDOWS\javakd.exe
    O4 - HKLM\..\RunOnce: [sdkcm.exe] C:\WINDOWS\sdkcm.exe
    O4 - HKLM\..\RunOnce: [winal.exe] C:\WINDOWS\system32\winal.exe
    O4 - HKLM\..\RunOnce: [ipsz.exe] C:\WINDOWS\system32\ipsz.exe
    O4 - HKLM\..\RunOnce: [ieiu.exe] C:\WINDOWS\system32\ieiu.exe
    O4 - HKLM\..\RunOnce: [appnt.exe] C:\WINDOWS\appnt.exe
    O4 - HKLM\..\RunOnce: [addwu.exe] C:\WINDOWS\system32\addwu.exe
    O4 - HKLM\..\RunOnce: [wincn32.exe] C:\WINDOWS\wincn32.exe
    O4 - HKLM\..\RunOnce: [ieob.exe] C:\WINDOWS\system32\ieob.exe
    O4 - HKLM\..\RunOnce: [appsi32.exe] C:\WINDOWS\system32\appsi32.exe
    O4 - HKLM\..\RunOnce: [crqc.exe] C:\WINDOWS\system32\crqc.exe
    O4 - HKLM\..\RunOnce: [appls.exe] C:\WINDOWS\appls.exe
    O4 - HKLM\..\RunOnce: [netjq.exe] C:\WINDOWS\netjq.exe
    O4 - HKLM\..\RunOnce: [d3kf.exe] C:\WINDOWS\system32\d3kf.exe
    O4 - HKLM\..\RunOnce: [apiat32.exe] C:\WINDOWS\system32\apiat32.exe
    O4 - HKLM\..\RunOnce: [javakt.exe] C:\WINDOWS\javakt.exe
    O4 - HKLM\..\RunOnce: [winla.exe] C:\WINDOWS\system32\winla.exe
    O4 - HKLM\..\RunOnce: [cryo32.exe] C:\WINDOWS\system32\cryo32.exe
    O4 - HKLM\..\RunOnce: [ntlh.exe] C:\WINDOWS\ntlh.exe
    O4 - HKLM\..\RunOnce: [iptv32.exe] C:\WINDOWS\iptv32.exe
    O4 - HKLM\..\RunOnce: [ieyt.exe] C:\WINDOWS\ieyt.exe
    O4 - HKLM\..\RunOnce: [netsn.exe] C:\WINDOWS\system32\netsn.exe
    O4 - HKLM\..\RunOnce: [winjs.exe] C:\WINDOWS\system32\winjs.exe
    O4 - HKLM\..\RunOnce: [mfcjx.exe] C:\WINDOWS\mfcjx.exe
    O4 - HKLM\..\RunOnce: [addts32.exe] C:\WINDOWS\system32\addts32.exe
    O4 - HKLM\..\RunOnce: [sysch32.exe] C:\WINDOWS\system32\sysch32.exe
    O4 - HKLM\..\RunOnce: [ntzf32.exe] C:\WINDOWS\ntzf32.exe
    O4 - HKLM\..\RunOnce: [ntyz.exe] C:\WINDOWS\ntyz.exe
    O4 - HKLM\..\RunOnce: [ipid32.exe] C:\WINDOWS\system32\ipid32.exe
    O4 - HKLM\..\RunOnce: [crmw32.exe] C:\WINDOWS\crmw32.exe
    O4 - HKLM\..\RunOnce: [apifq32.exe] C:\WINDOWS\system32\apifq32.exe
    O4 - HKLM\..\RunOnce: [ntls.exe] C:\WINDOWS\ntls.exe
    O4 - HKLM\..\RunOnce: [sysgb32.exe] C:\WINDOWS\system32\sysgb32.exe
    O4 - HKLM\..\RunOnce: [winft.exe] C:\WINDOWS\system32\winft.exe
    O4 - HKLM\..\RunOnce: [ieoo.exe] C:\WINDOWS\ieoo.exe
    O4 - HKLM\..\RunOnce: [d3fg32.exe] C:\WINDOWS\system32\d3fg32.exe
    O4 - HKLM\..\RunOnce: [javadk.exe] C:\WINDOWS\system32\javadk.exe
    O4 - HKLM\..\RunOnce: [mfcai32.exe] C:\WINDOWS\mfcai32.exe
    O4 - HKLM\..\RunOnce: [netuk.exe] C:\WINDOWS\system32\netuk.exe
    O4 - HKLM\..\RunOnce: [ntfd.exe] C:\WINDOWS\system32\ntfd.exe
    O4 - HKLM\..\RunOnce: [appwo.exe] C:\WINDOWS\system32\appwo.exe
    O4 - HKLM\..\RunOnce: [crhc.exe] C:\WINDOWS\crhc.exe
    O4 - HKLM\..\RunOnce: [javafs32.exe] C:\WINDOWS\javafs32.exe
    O4 - HKLM\..\RunOnce: [apiku32.exe] C:\WINDOWS\system32\apiku32.exe
    O4 - HKLM\..\RunOnce: [ntbh32.exe] C:\WINDOWS\system32\ntbh32.exe
    O4 - HKLM\..\RunOnce: [nthv32.exe] C:\WINDOWS\system32\nthv32.exe
    O4 - HKLM\..\RunOnce: [mfcfj32.exe] C:\WINDOWS\mfcfj32.exe
    O4 - HKLM\..\RunOnce: [appgj.exe] C:\WINDOWS\system32\appgj.exe
    O4 - HKLM\..\RunOnce: [ntbx32.exe] C:\WINDOWS\system32\ntbx32.exe
    O4 - HKLM\..\RunOnce: [netaw.exe] C:\WINDOWS\netaw.exe
    O4 - HKLM\..\RunOnce: [ipjk.exe] C:\WINDOWS\ipjk.exe
    O4 - HKLM\..\RunOnce: [netqe32.exe] C:\WINDOWS\netqe32.exe
    O4 - HKLM\..\RunOnce: [iezv32.exe] C:\WINDOWS\iezv32.exe
    O4 - HKLM\..\RunOnce: [addyk32.exe] C:\WINDOWS\system32\addyk32.exe
    O4 - HKLM\..\RunOnce: [iecw.exe] C:\WINDOWS\iecw.exe
    O4 - HKLM\..\RunOnce: [sdkot.exe] C:\WINDOWS\sdkot.exe
    O4 - HKLM\..\RunOnce: [msql.exe] C:\WINDOWS\system32\msql.exe
    O4 - HKLM\..\RunOnce: [crth.exe] C:\WINDOWS\crth.exe
    O4 - HKLM\..\RunOnce: [sdknh.exe] C:\WINDOWS\sdknh.exe
    O4 - HKLM\..\RunOnce: [apiyd.exe] C:\WINDOWS\system32\apiyd.exe
    O4 - HKLM\..\RunOnce: [netcy32.exe] C:\WINDOWS\netcy32.exe
    O4 - HKLM\..\RunOnce: [addnp.exe] C:\WINDOWS\system32\addnp.exe
    O4 - HKLM\..\RunOnce: [netxo32.exe] C:\WINDOWS\netxo32.exe
    O4 - HKLM\..\RunOnce: [mfcdb32.exe] C:\WINDOWS\system32\mfcdb32.exe
    O4 - HKLM\..\RunOnce: [iebi.exe] C:\WINDOWS\iebi.exe
    O4 - HKLM\..\RunOnce: [mfczd.exe] C:\WINDOWS\system32\mfczd.exe
    O4 - HKLM\..\RunOnce: [atlns.exe] C:\WINDOWS\atlns.exe
    O4 - HKLM\..\RunOnce: [ipby32.exe] C:\WINDOWS\system32\ipby32.exe
    O4 - HKLM\..\RunOnce: [javazh.exe] C:\WINDOWS\system32\javazh.exe
    O4 - HKLM\..\RunOnce: [ipnm.exe] C:\WINDOWS\ipnm.exe
    O4 - HKLM\..\RunOnce: [appnc.exe] C:\WINDOWS\appnc.exe
    O4 - HKLM\..\RunOnce: [crkb.exe] C:\WINDOWS\crkb.exe
    O4 - HKLM\..\RunOnce: [sysai.exe] C:\WINDOWS\sysai.exe
    O4 - HKLM\..\RunOnce: [ntxg.exe] C:\WINDOWS\system32\ntxg.exe
    O4 - HKLM\..\RunOnce: [apicm.exe] C:\WINDOWS\apicm.exe
    O4 - HKLM\..\RunOnce: [msit32.exe] C:\WINDOWS\system32\msit32.exe
    O4 - HKLM\..\RunOnce: [mfcgc32.exe] C:\WINDOWS\mfcgc32.exe
    O4 - HKLM\..\RunOnce: [apigq.exe] C:\WINDOWS\apigq.exe
    O4 - HKLM\..\RunOnce: [ntmf32.exe] C:\WINDOWS\ntmf32.exe
    O4 - HKLM\..\RunOnce: [sdkuq.exe] C:\WINDOWS\sdkuq.exe
    O4 - HKLM\..\RunOnce: [ipgq32.exe] C:\WINDOWS\system32\ipgq32.exe
    O4 - HKLM\..\RunOnce: [netuz.exe] C:\WINDOWS\netuz.exe
    O4 - HKLM\..\RunOnce: [d3ss.exe] C:\WINDOWS\system32\d3ss.exe
    O4 - HKLM\..\RunOnce: [addke32.exe] C:\WINDOWS\addke32.exe
    O4 - HKLM\..\RunOnce: [windg.exe] C:\WINDOWS\system32\windg.exe
    O4 - HKLM\..\RunOnce: [ntnk32.exe] C:\WINDOWS\system32\ntnk32.exe
    O4 - HKLM\..\RunOnce: [ipwi32.exe] C:\WINDOWS\system32\ipwi32.exe
    O4 - HKLM\..\RunOnce: [javakj32.exe] C:\WINDOWS\system32\javakj32.exe
    O4 - HKLM\..\RunOnce: [atlne32.exe] C:\WINDOWS\system32\atlne32.exe
    O4 - HKLM\..\RunOnce: [atlba.exe] C:\WINDOWS\system32\atlba.exe
    O4 - HKLM\..\RunOnce: [addpr.exe] C:\WINDOWS\addpr.exe
    O4 - HKLM\..\RunOnce: [crtx32.exe] C:\WINDOWS\crtx32.exe
    O4 - HKLM\..\RunOnce: [msrx32.exe] C:\WINDOWS\msrx32.exe
    O4 - HKLM\..\RunOnce: [atldn.exe] C:\WINDOWS\system32\atldn.exe
    O4 - HKLM\..\RunOnce: [ntwj.exe] C:\WINDOWS\ntwj.exe
    O4 - HKLM\..\RunOnce: [syscl32.exe] C:\WINDOWS\syscl32.exe
    O4 - HKLM\..\RunOnce: [apisi.exe] C:\WINDOWS\apisi.exe
    O4 - HKLM\..\RunOnce: [javaeo.exe] C:\WINDOWS\javaeo.exe
    O4 - HKLM\..\RunOnce: [javacp32.exe] C:\WINDOWS\system32\javacp32.exe
    O4 - HKLM\..\RunOnce: [javaiv32.exe] C:\WINDOWS\system32\javaiv32.exe
    O4 - HKLM\..\RunOnce: [atlgm.exe] C:\WINDOWS\system32\atlgm.exe
    O4 - HKLM\..\RunOnce: [msoo32.exe] C:\WINDOWS\system32\msoo32.exe
    O4 - HKLM\..\RunOnce: [appiw32.exe] C:\WINDOWS\system32\appiw32.exe
    O4 - HKLM\..\RunOnce: [appbc.exe] C:\WINDOWS\system32\appbc.exe
    O4 - HKLM\..\RunOnce: [mszm32.exe] C:\WINDOWS\mszm32.exe
    O4 - HKLM\..\RunOnce: [d3vg32.exe] C:\WINDOWS\system32\d3vg32.exe
    O4 - HKLM\..\RunOnce: [crhg.exe] C:\WINDOWS\system32\crhg.exe
    O4 - HKLM\..\RunOnce: [atlmf32.exe] C:\WINDOWS\system32\atlmf32.exe
    O4 - HKLM\..\RunOnce: [netzb32.exe] C:\WINDOWS\system32\netzb32.exe
    O4 - HKLM\..\RunOnce: [javatw32.exe] C:\WINDOWS\system32\javatw32.exe
    O4 - HKLM\..\RunOnce: [mssv32.exe] C:\WINDOWS\system32\mssv32.exe
    O4 - HKLM\..\RunOnce: [appyr.exe] C:\WINDOWS\system32\appyr.exe
    O4 - HKLM\..\RunOnce: [iehm32.exe] C:\WINDOWS\system32\iehm32.exe
    O4 - HKLM\..\RunOnce: [neter32.exe] C:\WINDOWS\neter32.exe
    O4 - HKLM\..\RunOnce: [mfcwn.exe] C:\WINDOWS\system32\mfcwn.exe
    O4 - HKLM\..\RunOnce: [sdkmn32.exe] C:\WINDOWS\sdkmn32.exe
    O4 - HKLM\..\RunOnce: [appjl32.exe] C:\WINDOWS\appjl32.exe
    O4 - HKLM\..\RunOnce: [javaer32.exe] C:\WINDOWS\system32\javaer32.exe
    O4 - HKLM\..\RunOnce: [sysqm32.exe] C:\WINDOWS\system32\sysqm32.exe
    O4 - HKLM\..\RunOnce: [mfcua.exe] C:\WINDOWS\system32\mfcua.exe
    O4 - HKLM\..\RunOnce: [netjv.exe] C:\WINDOWS\netjv.exe
    O4 - HKLM\..\RunOnce: [syssz.exe] C:\WINDOWS\syssz.exe
    O4 - HKLM\..\RunOnce: [atlao32.exe] C:\WINDOWS\atlao32.exe
    O4 - HKLM\..\RunOnce: [msee32.exe] C:\WINDOWS\system32\msee32.exe
    O4 - HKLM\..\RunOnce: [javato.exe] C:\WINDOWS\javato.exe
    O4 - HKLM\..\RunOnce: [crbm32.exe] C:\WINDOWS\system32\crbm32.exe
    O4 - HKLM\..\RunOnce: [netim32.exe] C:\WINDOWS\netim32.exe
    O4 - HKLM\..\RunOnce: [msqp32.exe] C:\WINDOWS\msqp32.exe
    O4 - HKLM\..\RunOnce: [javael.exe] C:\WINDOWS\javael.exe
    O4 - HKLM\..\RunOnce: [mfcmw32.exe] C:\WINDOWS\mfcmw32.exe
    O4 - HKLM\..\RunOnce: [mstq32.exe] C:\WINDOWS\mstq32.exe
    O4 - HKLM\..\RunOnce: [winjy.exe] C:\WINDOWS\winjy.exe
    O4 - HKLM\..\RunOnce: [iely32.exe] C:\WINDOWS\iely32.exe
    O4 - HKLM\..\RunOnce: [apimq.exe] C:\WINDOWS\system32\apimq.exe
    O4 - HKLM\..\RunOnce: [atlqa32.exe] C:\WINDOWS\atlqa32.exe
    O4 - HKLM\..\RunOnce: [appdr32.exe] C:\WINDOWS\appdr32.exe
    O4 - HKLM\..\RunOnce: [netyr.exe] C:\WINDOWS\netyr.exe
    O4 - HKLM\..\RunOnce: [mszv.exe] C:\WINDOWS\system32\mszv.exe
    O4 - HKLM\..\RunOnce: [mshs.exe] C:\WINDOWS\mshs.exe
    O4 - HKLM\..\RunOnce: [atluz.exe] C:\WINDOWS\atluz.exe
    O4 - HKLM\..\RunOnce: [sdkzn.exe] C:\WINDOWS\system32\sdkzn.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program
    Files\Google\googletoolbar.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program
    Files\Google\googletoolbar.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page -
    res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program
    Files\Google\googletoolbar.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English -
    res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
    - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O13 - DefaultPrefix:
    O13 - WWW Prefix:
    O13 - Home Prefix: http://nkvd.us/1525/
    O13 - Mosaic Prefix: http://nkvd.us/1525/
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
    Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
    Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
    http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    http://software-dl.real.com/102c8f8ff1f0d4a75f01/netzip/RdxIE601.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
    http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
    (MessengerStatsClient Class) -
    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF}
    (MediaTicketsInstaller Control) -
    http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
    http://install.wildtangent.com/bgn/partners/shockwave/stx/install.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
    4.5) - http://chat.msn.com/bin/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B83157E1-841B-4659-9447-7B2D8038B586}:
    NameServer = 198.164.30.2 198.164.4.2
    O21 - SSODL: System - {A1A3CE61-D455-48DF-9214-C2B72484DE3A} -
    C:\WINDOWS\system32\system32.dll
     
    Jeanette, Jul 29, 2004
    #1
    1. Advertisements

  2. For your last question; yes, it is possible to prevent this, but a lot of
    the methodology requires discipline on the part of the operator. Don't
    install every slick gadget that the marketers insist will "improve" your
    Internet experience; more often then not it only improves their marketing
    experience; at no small cost to your convenience.

    For your next to the last question; if proper discipline is applied, "Hijack
    This" once, for a baseline report on a new install, and that should be it.
    Run it after any significant change in software to grab a new baseline
    snapshot. If you practice good discipline, you shouldn't need to run it as a
    troubleshooter; but if you do encounter a problem, you can run it and check
    the log against your baseline log.

    As for the log, itself, it is really busy, and I don't have a lot of
    experience at HJT. One item did stand out, though, and should be too
    difficult to deal with. Unless your brother really needs to play with the
    games, and other goodies offered by WildTangent, dump it. It should be
    available for removal using "Add/Remove Programs". After running that, you
    just delete the folders, then run Ad Aware to handle any residual
    components. Ad Aware does identify WildTangent files. They are a data miner,
    as well as a game provider. Unless you don't mind marketers mining your
    data, it is useless fluff; but it is not malware, or harmful, if your
    brother really likes playing those online games.

    Frankly, I don't care for anything to do with RealPlayer, either, but it is
    like WildTangent. Straightforward removal, but if your brother likes what it
    does, it isn't nasty, or malware.

    Others are less well known to me, and I can't say one way or the other. I'd
    start with a small subset of that rather lengthy list of applications; say,
    this part:
    I'd start with a Google search on each of the application names. Hopefully,
    you can see a pattern in my choices. One of those file names should give you
    a Google hit, and you can take it from there. Hopefully (again!), some of
    those hits will lead you to information about the other items in that list.
    It is now wonder that computer is so cranky; it is trying to load too much
    stuff.

    With the exception of the Google, Yahoo!, or MSN toolbar, you really don't
    need anything else; and I used the Yahoo! BHO so infrequently that I finally
    removed it. No BHOs here; just a well secured browser and a hosts file which
    redirects advertising trackers to localhost. And, as nearly as I can tell,
    MSIE6, with the latest patches, can be made reasonably secure, though I
    prefer Mozilla 1.7.1 for real security. Use the zones. Put that small
    handful of sites you would really trust to run scripts into the "Trusted
    sites" zone, and set the "Internet" zone to the highest level of security;
    that will tame DestructiveX (okay, MSFT calls it, "ActiveX"; but if you know
    how remote sites can use it to abuse your system, you know why I call it,
    "DestructiveX"!)

    I thought there were HJT forums at the site where you downloaded it; have
    you posted your log there?
     
    Norman Miller, Jul 29, 2004
    #2
    1. Advertisements

  3. Jeanette

    JamesBenson Guest

    Hi, all the entries with the name run or run once mean that each time your
    pc start's then all these entries will be run, with my pc there is nothing
    in the run once section and only a few in the run section, this should give
    you an idea what should be there, virtually nothing, which is why it is
    unusable, do a clean install of your OS with trusted CD's if you have them
    and be careful what you click yes to, sound's like most programs installed
    third party spyware/adware along with them without you knowing. Be careful
    of free program's


     
    JamesBenson, Jul 30, 2004
    #3
  4. Jeanette

    °Mike° Guest

    You have been Hijacked by CoolWebSearch.
    ------------------------------------------


    Before you proceed, make sure that you have
    SpyBot S&D installed, AND Ad-Aware installed.

    Be sure to download and install the Ad-Aware
    VX2 cleaner plug-in
    http://www.lavasoftusa.com/software/plugins/vx2cleaner.shtml

    Download SpHjfix fix.
    http://www.trojaner-info.de/cgi-bin/download.cgi?file=sphjfix

    Download AboutBuster
    http://tools.zerosrealm.com/AboutBuster.zip

    Download CWShredder
    http://www.spywareinfo.com/~merijn/cwschronicles.html


    Boot into Safe Mode once that's done. As soon as you
    have booted into Safe Mode, empty your TEMP folder,
    your Temporary Internet Files (including Offline Content),
    and your IE History.

    Continued inline....



    DO THIS IN SAFE MODE
    =================

    DISCONNECT FROM THE NET
    =====================

    CLOSE ALL OTHER APPLICATIONS EXCEPT HJT
    ==================================

    End Task the above three processes (CTRL+ALT+DEL).
    Delete the appln.exe, mfcvi.exe and addwg.exe files,
    and empty the recycle bin.

    Have HijackThis fix the above entries.

    Have HijackThis fix the above entries.
    Delete the eluix.dll file, and remove it from the recycle bin.

    Have HijackThis fix the above entry.

    Have HijackThis fix the above entry.
    Delete the addgr.dll file and empty the recycle bin.

    Have HijackThis fix the above entries.
    You should have already End Tasked the above processes,
    and deleted the files.

    Have HijackThis fix ALL of the above 04 - "RunOnce" entries.
    Go into the Windows and the Windows\System32 folder,
    and delete EACH AND EVERY ONE of the above files.
    Empty the recycle bin.

    Have HijackThis fix the above four entries.

    Have HijackThis fix ALL of your 016 - DPF entries.

    Unless the above IPs (University of New Brunswick) are from
    your network or ISP, have HijackThis fix the above.

    Have HijackThis fix the above.
    Delete the system32.dll file and empty the recycle bin.


    Open your registry editor (Start / Run / Regedit) to:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    If you see an entry named '__NS_Service_3' delete it.

    Still in the registry, navigate to:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
    If you see an entry named 'LEGACY___NS_Service_3' delete it.

    Close your registry editor.

    Do NOT reconnect; do NOT reboot into normal mode, yet.

    Run SpyBot S&D (full scan)

    Run Ad-Aware (full scan)

    Run the Ad-Aware VX2 cleaner plug-in.

    Run the SpHjfix.

    Run CWShredder

    Run AboutBuster

    Re-run HijackThis and rescan.


    If SpyBot S&D and/or Ad-Aware do not run in Safe
    Mode, leave those steps until last and run them
    in normal mode, BEFORE YOU CONNECT.
     
    °Mike°, Jul 30, 2004
    #4
  5. Jeanette

    °Mike° Guest

    More totally useless advice -- there is absolutely NO need
    for a clean install.


     
    °Mike°, Jul 30, 2004
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.