Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help-Hijack this- ot sure which files to delete


  • Please log in to reply
1 reply to this topic

#1 Avnerson

Avnerson

  • Members
  • 0 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 23 July 2005 - 01:29 PM

Hi,
I really need help with this. I'm not exactly which files I need to delete when using the hijack.
If anyone can take a lood and advise, It would be very helpful
I've ncluded the log below.

Thanks
Avner

Logfile of HijackThis v1.99.1
Scan saved at 2:07:15 PM, on 7/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\EPOAgent\naimas32.exe
C:\Program Files\Linksys\Wireless-B
USB Network Adapter\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\crwp32.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\AIM\aim.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
C:\PROGRA~1\MSNGAM~1\zone.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\TopText\mmod.exe
C:\PROGRA~1\TopText\wo.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\EILON&~1\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\slgst.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\slgst.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\slgst.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\slgst.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\slgst.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.royalsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\slgst.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\slgst.dll/sp.html#93256
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = WWW.NRG.CO.IL
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = WWW.NRG.CO.IL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 12.242.21.8:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 12.242.21.8;<local>
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\
O2 - BHO: Class - {04E19B1B-1EAE-FFA4-6D31-B92152BEDCC9} - C:\WINDOWS\system32\apikr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {0DFBCB63-C236-4AA8-9785-4DB42DA67929} - C:\WINDOWS\appgv32.dll (file missing)
O2 - BHO: Class - {26E902A0-CEDD-955D-4562-FC8012F9AFA9} - C:\WINDOWS\mstv.dll
O2 - BHO: Class - {2B10E407-F479-FA19-B410-850E464CC0B9} - C:\WINDOWS\system32\d3ze.dll (file missing)
O2 - BHO: Class - {2C3AC6BD-184A-72AA-AA76-FD625963E408} - C:\WINDOWS\system32\appqn.dll
O2 - BHO: Class - {2CEBB91F-EABF-58A6-AA19-3091211BC15C} - C:\WINDOWS\system32\ipqt.dll
O2 - BHO: Class - {35E2B57B-1674-3E68-49B5-4429B27E63B9} - C:\WINDOWS\system32\ipue.dll (file missing)
O2 - BHO: Class - {3EB3C3B8-C6A3-A391-CE99-432056782D22} - C:\WINDOWS\system32\apiym.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: Class - {57F26F3C-EAC4-2E5A-C232-B0372CADD7B7} - C:\WINDOWS\winlj32.dll
O2 - BHO: Class - {66E15164-CE35-BE75-12D4-6F95339B9EDB} - C:\WINDOWS\mfcii32.dll (file missing)
O2 - BHO: Class - {70337B1D-11EA-9346-27AA-F77086D05C11} - C:\WINDOWS\syszv32.dll
O2 - BHO: Class - {7B5897CE-01D2-D7AF-61DB-36843E94F97E} - C:\WINDOWS\crxd32.dll (file missing)
O2 - BHO: Class - {86CC8D04-6990-3461-CA24-AF770BA94E40} - C:\WINDOWS\mfcof32.dll
O2 - BHO: Class - {99078794-6831-1765-763B-9566D3697899} - C:\WINDOWS\nttd.dll
O2 - BHO: Class - {9B4C92B4-9D54-68D0-1895-BE29FEDCB788} - C:\WINDOWS\system32\atloz.dll (file missing)
O2 - BHO: Class - {9E394F5F-BB60-E2B1-4D4B-08C63F49D782} - C:\WINDOWS\apilk.dll
O2 - BHO: Class - {A3AE7E28-5A26-913E-3E28-ABCC687B6BC9} - C:\WINDOWS\system32\apiom.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {B4818A00-3F49-E55B-35AC-96779152E22A} - C:\WINDOWS\system32\winms32.dll
O2 - BHO: Class - {C436CBC1-830F-15E4-B4E2-9CB792F1F829} - C:\WINDOWS\netok.dll
O2 - BHO: Class - {D249D817-722E-0E58-A372-0C213DCEDBA7} - C:\WINDOWS\atlmy.dll
O2 - BHO: Class - {FA239BAA-E441-30B6-0ABB-3EAAF567B877} - C:\WINDOWS\winop.dll (file missing)
O2 - BHO: Class - {FEF0E647-5524-FA9E-07CF-AF79EE6770A0} - C:\WINDOWS\system32\apicb32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [addwj.exe] C:\WINDOWS\addwj.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [appkj.exe] C:\WINDOWS\appkj.exe
O4 - HKLM\..\Run: [crwp32.exe] C:\WINDOWS\crwp32.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\RunOnce: [crot.exe] C:\WINDOWS\system32\crot.exe
O4 - HKLM\..\RunOnce: [mfcba32.exe] C:\WINDOWS\system32\mfcba32.exe
O4 - HKLM\..\RunOnce: [apilf.exe] C:\WINDOWS\apilf.exe
O4 - HKLM\..\RunOnce: [appao32.exe] C:\WINDOWS\appao32.exe
O4 - HKLM\..\RunOnce: [addvb.exe] C:\WINDOWS\addvb.exe
O4 - HKLM\..\RunOnce: [crhi32.exe] C:\WINDOWS\system32\crhi32.exe
O4 - HKLM\..\RunOnce: [mfcoy32.exe] C:\WINDOWS\mfcoy32.exe
O4 - HKLM\..\RunOnce: [sdkhn.exe] C:\WINDOWS\system32\sdkhn.exe
O4 - HKLM\..\RunOnce: [d3mr.exe] C:\WINDOWS\system32\d3mr.exe
O4 - HKLM\..\RunOnce: [appew.exe] C:\WINDOWS\system32\appew.exe
O4 - HKLM\..\RunOnce: [ipqe.exe] C:\WINDOWS\system32\ipqe.exe
O4 - HKLM\..\RunOnce: [javasv.exe] C:\WINDOWS\system32\javasv.exe
O4 - HKLM\..\RunOnce: [ipjo32.exe] C:\WINDOWS\ipjo32.exe
O4 - HKLM\..\RunOnce: [syspe.exe] C:\WINDOWS\syspe.exe
O4 - HKLM\..\RunOnce: [netdb32.exe] C:\WINDOWS\netdb32.exe
O4 - HKLM\..\RunOnce: [ipkk32.exe] C:\WINDOWS\system32\ipkk32.exe
O4 - HKLM\..\RunOnce: [atloi.exe] C:\WINDOWS\system32\atloi.exe
O4 - HKLM\..\RunOnce: [addqe.exe] C:\WINDOWS\system32\addqe.exe
O4 - HKLM\..\RunOnce: [atlqr.exe] C:\WINDOWS\atlqr.exe
O4 - HKLM\..\RunOnce: [iecq.exe] C:\WINDOWS\iecq.exe
O4 - HKLM\..\RunOnce: [sysjy.exe] C:\WINDOWS\system32\sysjy.exe
O4 - HKLM\..\RunOnce: [appsn.exe] C:\WINDOWS\appsn.exe
O4 - HKLM\..\RunOnce: [apivi32.exe] C:\WINDOWS\apivi32.exe
O4 - HKLM\..\RunOnce: [nthf.exe] C:\WINDOWS\system32\nthf.exe
O4 - HKLM\..\RunOnce: [winkx32.exe] C:\WINDOWS\system32\winkx32.exe
O4 - HKLM\..\RunOnce: [javage32.exe] C:\WINDOWS\system32\javage32.exe
O4 - HKLM\..\RunOnce: [addjm.exe] C:\WINDOWS\system32\addjm.exe
O4 - HKLM\..\RunOnce: [javaao32.exe] C:\WINDOWS\system32\javaao32.exe
O4 - HKLM\..\RunOnce: [mstp.exe] C:\WINDOWS\system32\mstp.exe
O4 - HKLM\..\RunOnce: [sdkfo32.exe] C:\WINDOWS\system32\sdkfo32.exe
O4 - HKLM\..\RunOnce: [javamw32.exe] C:\WINDOWS\javamw32.exe
O4 - HKLM\..\RunOnce: [iepk32.exe] C:\WINDOWS\iepk32.exe
O4 - HKLM\..\RunOnce: [sdkyr32.exe] C:\WINDOWS\sdkyr32.exe
O4 - HKLM\..\RunOnce: [apper.exe] C:\WINDOWS\system32\apper.exe
O4 - HKLM\..\RunOnce: [sysrw.exe] C:\WINDOWS\system32\sysrw.exe
O4 - HKLM\..\RunOnce: [apprr32.exe] C:\WINDOWS\apprr32.exe
O4 - HKLM\..\RunOnce: [addur.exe] C:\WINDOWS\addur.exe
O4 - HKLM\..\RunOnce: [ipgw.exe] C:\WINDOWS\system32\ipgw.exe
O4 - HKLM\..\RunOnce: [applf32.exe] C:\WINDOWS\applf32.exe
O4 - HKLM\..\RunOnce: [javajd.exe] C:\WINDOWS\javajd.exe
O4 - HKLM\..\RunOnce: [appuo.exe] C:\WINDOWS\system32\appuo.exe
O4 - HKLM\..\RunOnce: [sdkre.exe] C:\WINDOWS\system32\sdkre.exe
O4 - HKLM\..\RunOnce: [mfctb32.exe] C:\WINDOWS\mfctb32.exe
O4 - HKLM\..\RunOnce: [msfs.exe] C:\WINDOWS\msfs.exe
O4 - HKLM\..\RunOnce: [sysdw32.exe] C:\WINDOWS\sysdw32.exe
O4 - HKLM\..\RunOnce: [apiew.exe] C:\WINDOWS\system32\apiew.exe
O4 - HKLM\..\RunOnce: [javash32.exe] C:\WINDOWS\system32\javash32.exe
O4 - HKLM\..\RunOnce: [msvk.exe] C:\WINDOWS\msvk.exe
O4 - HKLM\..\RunOnce: [netbn.exe] C:\WINDOWS\netbn.exe
O4 - HKLM\..\RunOnce: [mssn32.exe] C:\WINDOWS\system32\mssn32.exe
O4 - HKLM\..\RunOnce: [mfclv32.exe] C:\WINDOWS\system32\mfclv32.exe
O4 - HKLM\..\RunOnce: [mfcmb.exe] C:\WINDOWS\mfcmb.exe
O4 - HKLM\..\RunOnce: [ipuu32.exe] C:\WINDOWS\system32\ipuu32.exe
O4 - HKLM\..\RunOnce: [ipme.exe] C:\WINDOWS\ipme.exe
O4 - HKLM\..\RunOnce: [syseg.exe] C:\WINDOWS\system32\syseg.exe
O4 - HKLM\..\RunOnce: [syswq32.exe] C:\WINDOWS\system32\syswq32.exe
O4 - HKLM\..\RunOnce: [sysci32.exe] C:\WINDOWS\system32\sysci32.exe
O4 - HKLM\..\RunOnce: [sdkui.exe] C:\WINDOWS\system32\sdkui.exe
O4 - HKLM\..\RunOnce: [d3fr32.exe] C:\WINDOWS\d3fr32.exe
O4 - HKLM\..\RunOnce: [ienn.exe] C:\WINDOWS\system32\ienn.exe
O4 - HKLM\..\RunOnce: [msje.exe] C:\WINDOWS\system32\msje.exe
O4 - HKLM\..\RunOnce: [ntsl.exe] C:\WINDOWS\system32\ntsl.exe
O4 - HKLM\..\RunOnce: [d3um.exe] C:\WINDOWS\system32\d3um.exe
O4 - HKLM\..\RunOnce: [d3km32.exe] C:\WINDOWS\d3km32.exe
O4 - HKLM\..\RunOnce: [mfcyj32.exe] C:\WINDOWS\mfcyj32.exe
O4 - HKLM\..\RunOnce: [ipka32.exe] C:\WINDOWS\ipka32.exe
O4 - HKLM\..\RunOnce: [netxt.exe] C:\WINDOWS\system32\netxt.exe
O4 - HKLM\..\RunOnce: [mfcod32.exe] C:\WINDOWS\mfcod32.exe
O4 - HKLM\..\RunOnce: [crsn.exe] C:\WINDOWS\system32\crsn.exe
O4 - HKLM\..\RunOnce: [mssv32.exe] C:\WINDOWS\system32\mssv32.exe
O4 - HKLM\..\RunOnce: [ipht32.exe] C:\WINDOWS\ipht32.exe
O4 - HKLM\..\RunOnce: [mfcax32.exe] C:\WINDOWS\mfcax32.exe
O4 - HKLM\..\RunOnce: [apihx32.exe] C:\WINDOWS\system32\apihx32.exe
O4 - HKLM\..\RunOnce: [crln32.exe] C:\WINDOWS\system32\crln32.exe
O4 - HKLM\..\RunOnce: [apipu32.exe] C:\WINDOWS\system32\apipu32.exe
O4 - HKLM\..\RunOnce: [mfcwm32.exe] C:\WINDOWS\system32\mfcwm32.exe
O4 - HKLM\..\RunOnce: [atlgr.exe] C:\WINDOWS\atlgr.exe
O4 - HKLM\..\RunOnce: [mfcqg.exe] C:\WINDOWS\system32\mfcqg.exe
O4 - HKLM\..\RunOnce: [msjb32.exe] C:\WINDOWS\system32\msjb32.exe
O4 - HKLM\..\RunOnce: [cror32.exe] C:\WINDOWS\system32\cror32.exe
O4 - HKLM\..\RunOnce: [sdkaj32.exe] C:\WINDOWS\sdkaj32.exe
O4 - HKLM\..\RunOnce: [cryl32.exe] C:\WINDOWS\system32\cryl32.exe
O4 - HKLM\..\RunOnce: [ieut32.exe] C:\WINDOWS\ieut32.exe
O4 - HKLM\..\RunOnce: [mshf.exe] C:\WINDOWS\mshf.exe
O4 - HKLM\..\RunOnce: [addhb.exe] C:\WINDOWS\addhb.exe
O4 - HKLM\..\RunOnce: [appzd.exe] C:\WINDOWS\system32\appzd.exe
O4 - HKLM\..\RunOnce: [crdw32.exe] C:\WINDOWS\crdw32.exe
O4 - HKLM\..\RunOnce: [d3ve32.exe] C:\WINDOWS\system32\d3ve32.exe
O4 - HKLM\..\RunOnce: [crcy.exe] C:\WINDOWS\crcy.exe
O4 - HKLM\..\RunOnce: [javasz.exe] C:\WINDOWS\system32\javasz.exe
O4 - HKLM\..\RunOnce: [addzl32.exe] C:\WINDOWS\addzl32.exe
O4 - HKLM\..\RunOnce: [ipyx.exe] C:\WINDOWS\ipyx.exe
O4 - HKLM\..\RunOnce: [mses32.exe] C:\WINDOWS\mses32.exe
O4 - HKLM\..\RunOnce: [netil.exe] C:\WINDOWS\system32\netil.exe
O4 - HKLM\..\RunOnce: [winzu.exe] C:\WINDOWS\winzu.exe
O4 - HKLM\..\RunOnce: [ntrd32.exe] C:\WINDOWS\ntrd32.exe
O4 - HKLM\..\RunOnce: [atlcv.exe] C:\WINDOWS\atlcv.exe
O4 - HKLM\..\RunOnce: [apiou.exe] C:\WINDOWS\system32\apiou.exe
O4 - HKLM\..\RunOnce: [apibf.exe] C:\WINDOWS\system32\apibf.exe
O4 - HKLM\..\RunOnce: [sysyj32.exe] C:\WINDOWS\sysyj32.exe
O4 - HKLM\..\RunOnce: [apppr32.exe] C:\WINDOWS\apppr32.exe
O4 - HKLM\..\RunOnce: [addso.exe] C:\WINDOWS\system32\addso.exe
O4 - HKLM\..\RunOnce: [crzq.exe] C:\WINDOWS\system32\crzq.exe
O4 - HKLM\..\RunOnce: [javauh.exe] C:\WINDOWS\system32\javauh.exe
O4 - HKLM\..\RunOnce: [crxb.exe] C:\WINDOWS\system32\crxb.exe
O4 - HKLM\..\RunOnce: [crzg.exe] C:\WINDOWS\system32\crzg.exe
O4 - HKLM\..\RunOnce: [appjr32.exe] C:\WINDOWS\appjr32.exe
O4 - HKLM\..\RunOnce: [iekz32.exe] C:\WINDOWS\system32\iekz32.exe
O4 - HKLM\..\RunOnce: [atlil.exe] C:\WINDOWS\atlil.exe
O4 - HKLM\..\RunOnce: [netsp32.exe] C:\WINDOWS\netsp32.exe
O4 - HKLM\..\RunOnce: [atlba32.exe] C:\WINDOWS\atlba32.exe
O4 - HKLM\..\RunOnce: [javady32.exe] C:\WINDOWS\system32\javady32.exe
O4 - HKLM\..\RunOnce: [winwc.exe] C:\WINDOWS\system32\winwc.exe
O4 - HKLM\..\RunOnce: [winom32.exe] C:\WINDOWS\winom32.exe
O4 - HKLM\..\RunOnce: [d3rd32.exe] C:\WINDOWS\system32\d3rd32.exe
O4 - HKLM\..\RunOnce: [windj.exe] C:\WINDOWS\system32\windj.exe
O4 - HKLM\..\RunOnce: [sdkai32.exe] C:\WINDOWS\system32\sdkai32.exe
O4 - HKLM\..\RunOnce: [apimc.exe] C:\WINDOWS\system32\apimc.exe
O4 - HKLM\..\RunOnce: [appfe32.exe] C:\WINDOWS\appfe32.exe
O4 - HKLM\..\RunOnce: [msxa.exe] C:\WINDOWS\system32\msxa.exe
O4 - HKLM\..\RunOnce: [atlwt.exe] C:\WINDOWS\atlwt.exe
O4 - HKLM\..\RunOnce: [iect.exe] C:\WINDOWS\system32\iect.exe
O4 - HKLM\..\RunOnce: [addox.exe] C:\WINDOWS\addox.exe
O4 - HKLM\..\RunOnce: [nttq.exe] C:\WINDOWS\nttq.exe
O4 - HKLM\..\RunOnce: [d3oy32.exe] C:\WINDOWS\d3oy32.exe
O4 - HKLM\..\RunOnce: [addli.exe] C:\WINDOWS\system32\addli.exe
O4 - HKLM\..\RunOnce: [mstr.exe] C:\WINDOWS\system32\mstr.exe
O4 - HKLM\..\RunOnce: [adduu32.exe] C:\WINDOWS\system32\adduu32.exe
O4 - HKLM\..\RunOnce: [addoh.exe] C:\WINDOWS\system32\addoh.exe
O4 - HKLM\..\RunOnce: [netjo.exe] C:\WINDOWS\system32\netjo.exe
O4 - HKLM\..\RunOnce: [netir32.exe] C:\WINDOWS\netir32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [appvu32.exe] C:\WINDOWS\appvu32.exe
O4 - HKLM\..\RunOnce: [ippc.exe] C:\WINDOWS\ippc.exe
O4 - HKLM\..\RunOnce: [d3qx32.exe] C:\WINDOWS\system32\d3qx32.exe
O4 - HKLM\..\RunOnce: [ieqs.exe] C:\WINDOWS\ieqs.exe
O4 - HKLM\..\RunOnce: [ipwr32.exe] C:\WINDOWS\ipwr32.exe
O4 - HKLM\..\RunOnce: [crqt.exe] C:\WINDOWS\crqt.exe
O4 - HKLM\..\RunOnce: [wintx32.exe] C:\WINDOWS\system32\wintx32.exe
O4 - HKLM\..\RunOnce: [mfcnp.exe] C:\WINDOWS\system32\mfcnp.exe
O4 - HKLM\..\RunOnce: [appkr.exe] C:\WINDOWS\system32\appkr.exe
O4 - HKLM\..\RunOnce: [netky.exe] C:\WINDOWS\netky.exe
O4 - HKLM\..\RunOnce: [ipec32.exe] C:\WINDOWS\system32\ipec32.exe
O4 - HKLM\..\RunOnce: [ntxn32.exe] C:\WINDOWS\system32\ntxn32.exe
O4 - HKLM\..\RunOnce: [winti32.exe] C:\WINDOWS\system32\winti32.exe
O4 - HKLM\..\RunOnce: [wincd.exe] C:\WINDOWS\wincd.exe
O4 - HKLM\..\RunOnce: [d3hq.exe] C:\WINDOWS\d3hq.exe
O4 - HKLM\..\RunOnce: [msch.exe] C:\WINDOWS\msch.exe
O4 - HKLM\..\RunOnce: [addkz.exe] C:\WINDOWS\addkz.exe
O4 - HKLM\..\RunOnce: [mslg32.exe] C:\WINDOWS\mslg32.exe
O4 - HKLM\..\RunOnce: [msov32.exe] C:\WINDOWS\msov32.exe
O4 - HKLM\..\RunOnce: [winlj32.exe] C:\WINDOWS\winlj32.exe
O4 - HKLM\..\RunOnce: [syssw.exe] C:\WINDOWS\syssw.exe
O4 - HKLM\..\RunOnce: [nthw32.exe] C:\WINDOWS\system32\nthw32.exe
O4 - HKLM\..\RunOnce: [addfu.exe] C:\WINDOWS\system32\addfu.exe
O4 - HKLM\..\RunOnce: [sdkiu32.exe] C:\WINDOWS\system32\sdkiu32.exe
O4 - HKLM\..\RunOnce: [apipb.exe] C:\WINDOWS\system32\apipb.exe
O4 - HKLM\..\RunOnce: [mfcrz32.exe] C:\WINDOWS\mfcrz32.exe
O4 - HKLM\..\RunOnce: [syspb.exe] C:\WINDOWS\system32\syspb.exe
O4 - HKLM\..\RunOnce: [appfp32.exe] C:\WINDOWS\appfp32.exe
O4 - HKLM\..\RunOnce: [apikd32.exe] C:\WINDOWS\system32\apikd32.exe
O4 - HKLM\..\RunOnce: [netti.exe] C:\WINDOWS\system32\netti.exe
O4 - HKLM\..\RunOnce: [apiqn.exe] C:\WINDOWS\apiqn.exe
O4 - HKLM\..\RunOnce: [appbi.exe] C:\WINDOWS\system32\appbi.exe
O4 - HKLM\..\RunOnce: [appwz.exe] C:\WINDOWS\appwz.exe
O4 - HKLM\..\RunOnce: [ietw.exe] C:\WINDOWS\ietw.exe
O4 - HKLM\..\RunOnce: [crqa32.exe] C:\WINDOWS\system32\crqa32.exe
O4 - HKLM\..\RunOnce: [apinh.exe] C:\WINDOWS\apinh.exe
O4 - HKLM\..\RunOnce: [ipnu32.exe] C:\WINDOWS\system32\ipnu32.exe
O4 - HKLM\..\RunOnce: [ieou.exe] C:\WINDOWS\ieou.exe
O4 - HKLM\..\RunOnce: [mfcen.exe] C:\WINDOWS\system32\mfcen.exe
O4 - HKLM\..\RunOnce: [crou32.exe] C:\WINDOWS\system32\crou32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\TopText\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\TopText\wo.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Wireless-B USB Network Adapter WLAN Monitor.lnk = C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {416792D8-F532-493A-BECC-1C99A1501FF9} (vmLaunch Class) - http://media2.comcast.net/anon.comcastonli...vmLauncher2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O19 - User stylesheet: (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NAI ePolicy Orchestrator Agent (NAIMAGENT32) - Network Associates, Inc. - C:\EPOAgent\naimas32.exe
O23 - Service: NICSer_WUSB11 - Unknown owner - C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe

BC AdBot (Login to Remove)

 


#2 viccy

viccy

    Malware Exterminator


  • Security Colleague
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:09:39 AM

Posted 24 July 2005 - 10:35 PM

Welcome to the forum.

Please do this.
Click My Computer, then C:\
In the menu bar, choose File, New, Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis" by right clicking on the folder name and choose "rename". Now you have C:\HJT\ folder.

Download Hijack This
Put your HijackThis.exe in the file you just created, and double click to run it, and hit "Do a system Scan and save log". A separate window will come up in notepad with the log. Press Ctrl-A to Select All, and copy its contents into your reply. Most of what it lists will be harmless or even essential, don't fix anything yet.

I suggest you remove NewDotNet unless you deliberately installed it. It is extremely dubious and commercially sponsored:

First, please open Add/Remove programs and uninstall New.Net or NewDotNet from there if listed. If it is not listed, follow these instructions:

· From a computer that has Internet access, click on the following link:
http://www.new.net/support/uninstall6_76.exe.
· Download and save uninstall6_76.exe to Local Disc C
· Click on Start.
· Click on Run.
· In the Open window type, C:\uninstall6_76.exe.
· Click on the OK button.
· After removal, you may be prompted to reboot. Please reboot if not prompted

Next,
  • Right-click on the Microsoft Anti-Spyware tray icon by your clock (it's the one with the red and yellow bulls-eye).
  • Click on "Security Agents Status".
  • Click on "Disable real-time protection".
Next, open Microsoft Anti-Spyware.
  • Click on the Options menu, then Settings.
  • Select "Real Time Protection" from the left column.
  • Uncheck "Enable (MSAS) Security Agents" and "Enable real-time spyware threat protection".
  • Click the Save button.
Finally, Right-click on the MSAS tray icon, select "Shutdown Microsoft Antispyware", and click "Yes" in the dialog that comes up.


Please do this all in one go, you may want to print this out.

Go to Start > Run and type in Services.msc then click OK

Click the Extended tab.

Scroll down until you find Network Security Service
Click once on the service to highlight it.

Click Stop

Right-Click on the service.

Click on 'Properties'

Select the 'General' tab

Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box

From the drop-down menu, click on 'Disabled'

Click the 'Apply' tab, then click 'OK'

(You may just need to disable it, if it is not running)


Boot in Safe Mode (Restart your computer, and begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.)

Run About:Buster while you are in Safe Mode.
Instructions.
Hit Ok on the first prompt, Start on the second. Then Ok to start the removal. A log will start to form. After the program runs, save the log somewhere.
Run CWShredder (still in safe mode)
Click on 'Fix' and let it fix anything it finds, then exit.

Restart in normal mode, scan again with HiJackThis (all browsers/windows closed) and put a check in the box next to the following items;

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\slgst.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\slgst.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\slgst.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\slgst.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\slgst.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.royalsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\slgst.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\slgst.dll/sp.html#93256
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = WWW.NRG.CO.IL
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = WWW.NRG.CO.IL
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {04E19B1B-1EAE-FFA4-6D31-B92152BEDCC9} - C:\WINDOWS\system32\apikr.dll (file missing)
O2 - BHO: Class - {0DFBCB63-C236-4AA8-9785-4DB42DA67929} - C:\WINDOWS\appgv32.dll (file missing)
O2 - BHO: Class - {26E902A0-CEDD-955D-4562-FC8012F9AFA9} - C:\WINDOWS\mstv.dll
O2 - BHO: Class - {2B10E407-F479-FA19-B410-850E464CC0B9} - C:\WINDOWS\system32\d3ze.dll (file missing)
O2 - BHO: Class - {2C3AC6BD-184A-72AA-AA76-FD625963E408} - C:\WINDOWS\system32\appqn.dll
O2 - BHO: Class - {2CEBB91F-EABF-58A6-AA19-3091211BC15C} - C:\WINDOWS\system32\ipqt.dll
O2 - BHO: Class - {35E2B57B-1674-3E68-49B5-4429B27E63B9} - C:\WINDOWS\system32\ipue.dll (file missing)
O2 - BHO: Class - {3EB3C3B8-C6A3-A391-CE99-432056782D22} - C:\WINDOWS\system32\apiym.dll
O2 - BHO: Class - {57F26F3C-EAC4-2E5A-C232-B0372CADD7B7} - C:\WINDOWS\winlj32.dll
O2 - BHO: Class - {66E15164-CE35-BE75-12D4-6F95339B9EDB} - C:\WINDOWS\mfcii32.dll (file missing)
O2 - BHO: Class - {70337B1D-11EA-9346-27AA-F77086D05C11} - C:\WINDOWS\syszv32.dll
O2 - BHO: Class - {7B5897CE-01D2-D7AF-61DB-36843E94F97E} - C:\WINDOWS\crxd32.dll (file missing)
O2 - BHO: Class - {86CC8D04-6990-3461-CA24-AF770BA94E40} - C:\WINDOWS\mfcof32.dll
O2 - BHO: Class - {99078794-6831-1765-763B-9566D3697899} - C:\WINDOWS\nttd.dll
O2 - BHO: Class - {9B4C92B4-9D54-68D0-1895-BE29FEDCB788} - C:\WINDOWS\system32\atloz.dll (file missing)
O2 - BHO: Class - {9E394F5F-BB60-E2B1-4D4B-08C63F49D782} - C:\WINDOWS\apilk.dll
O2 - BHO: Class - {A3AE7E28-5A26-913E-3E28-ABCC687B6BC9} - C:\WINDOWS\system32\apiom.dll
O2 - BHO: Class - {B4818A00-3F49-E55B-35AC-96779152E22A} - C:\WINDOWS\system32\winms32.dll
O2 - BHO: Class - {C436CBC1-830F-15E4-B4E2-9CB792F1F829} - C:\WINDOWS\netok.dll
O2 - BHO: Class - {D249D817-722E-0E58-A372-0C213DCEDBA7} - C:\WINDOWS\atlmy.dll
O2 - BHO: Class - {FA239BAA-E441-30B6-0ABB-3EAAF567B877} - C:\WINDOWS\winop.dll (file missing)
O2 - BHO: Class - {FEF0E647-5524-FA9E-07CF-AF79EE6770A0} -
O4 - HKLM\..\Run: [addwj.exe] C:\WINDOWS\addwj.exe
O4 - HKLM\..\Run: [appkj.exe] C:\WINDOWS\appkj.exe
O4 - HKLM\..\Run: [crwp32.exe] C:\WINDOWS\crwp32.exe
O4 - HKLM\..\RunOnce: [crot.exe] C:\WINDOWS\system32\crot.exe
O4 - HKLM\..\RunOnce: [mfcba32.exe] C:\WINDOWS\system32\mfcba32.exe
O4 - HKLM\..\RunOnce: [apilf.exe] C:\WINDOWS\apilf.exe
O4 - HKLM\..\RunOnce: [appao32.exe] C:\WINDOWS\appao32.exe
O4 - HKLM\..\RunOnce: [addvb.exe] C:\WINDOWS\addvb.exe
O4 - HKLM\..\RunOnce: [crhi32.exe] C:\WINDOWS\system32\crhi32.exe
O4 - HKLM\..\RunOnce: [mfcoy32.exe] C:\WINDOWS\mfcoy32.exe
O4 - HKLM\..\RunOnce: [sdkhn.exe] C:\WINDOWS\system32\sdkhn.exe
O4 - HKLM\..\RunOnce: [d3mr.exe] C:\WINDOWS\system32\d3mr.exe
O4 - HKLM\..\RunOnce: [appew.exe] C:\WINDOWS\system32\appew.exe
O4 - HKLM\..\RunOnce: [ipqe.exe] C:\WINDOWS\system32\ipqe.exe
O4 - HKLM\..\RunOnce: [javasv.exe] C:\WINDOWS\system32\javasv.exe
O4 - HKLM\..\RunOnce: [ipjo32.exe] C:\WINDOWS\ipjo32.exe
O4 - HKLM\..\RunOnce: [syspe.exe] C:\WINDOWS\syspe.exe
O4 - HKLM\..\RunOnce: [netdb32.exe] C:\WINDOWS\netdb32.exe
O4 - HKLM\..\RunOnce: [ipkk32.exe] C:\WINDOWS\system32\ipkk32.exe
O4 - HKLM\..\RunOnce: [atloi.exe] C:\WINDOWS\system32\atloi.exe
O4 - HKLM\..\RunOnce: [addqe.exe] C:\WINDOWS\system32\addqe.exe
O4 - HKLM\..\RunOnce: [atlqr.exe] C:\WINDOWS\atlqr.exe
O4 - HKLM\..\RunOnce: [iecq.exe] C:\WINDOWS\iecq.exe
O4 - HKLM\..\RunOnce: [sysjy.exe] C:\WINDOWS\system32\sysjy.exe
O4 - HKLM\..\RunOnce: [appsn.exe] C:\WINDOWS\appsn.exe
O4 - HKLM\..\RunOnce: [apivi32.exe] C:\WINDOWS\apivi32.exe
O4 - HKLM\..\RunOnce: [nthf.exe] C:\WINDOWS\system32\nthf.exe
O4 - HKLM\..\RunOnce: [winkx32.exe] C:\WINDOWS\system32\winkx32.exe
O4 - HKLM\..\RunOnce: [javage32.exe] C:\WINDOWS\system32\javage32.exe
O4 - HKLM\..\RunOnce: [addjm.exe] C:\WINDOWS\system32\addjm.exe
O4 - HKLM\..\RunOnce: [javaao32.exe] C:\WINDOWS\system32\javaao32.exe
O4 - HKLM\..\RunOnce: [mstp.exe] C:\WINDOWS\system32\mstp.exe
O4 - HKLM\..\RunOnce: [sdkfo32.exe] C:\WINDOWS\system32\sdkfo32.exe
O4 - HKLM\..\RunOnce: [javamw32.exe] C:\WINDOWS\javamw32.exe
O4 - HKLM\..\RunOnce: [iepk32.exe] C:\WINDOWS\iepk32.exe
O4 - HKLM\..\RunOnce: [sdkyr32.exe] C:\WINDOWS\sdkyr32.exe
O4 - HKLM\..\RunOnce: [apper.exe] C:\WINDOWS\system32\apper.exe
O4 - HKLM\..\RunOnce: [sysrw.exe] C:\WINDOWS\system32\sysrw.exe
O4 - HKLM\..\RunOnce: [apprr32.exe] C:\WINDOWS\apprr32.exe
O4 - HKLM\..\RunOnce: [addur.exe] C:\WINDOWS\addur.exe
O4 - HKLM\..\RunOnce: [ipgw.exe] C:\WINDOWS\system32\ipgw.exe
O4 - HKLM\..\RunOnce: [applf32.exe] C:\WINDOWS\applf32.exe
O4 - HKLM\..\RunOnce: [javajd.exe] C:\WINDOWS\javajd.exe
O4 - HKLM\..\RunOnce: [appuo.exe] C:\WINDOWS\system32\appuo.exe
O4 - HKLM\..\RunOnce: [sdkre.exe] C:\WINDOWS\system32\sdkre.exe
O4 - HKLM\..\RunOnce: [mfctb32.exe] C:\WINDOWS\mfctb32.exe
O4 - HKLM\..\RunOnce: [msfs.exe] C:\WINDOWS\msfs.exe
O4 - HKLM\..\RunOnce: [sysdw32.exe] C:\WINDOWS\sysdw32.exe
O4 - HKLM\..\RunOnce: [apiew.exe] C:\WINDOWS\system32\apiew.exe
O4 - HKLM\..\RunOnce: [javash32.exe] C:\WINDOWS\system32\javash32.exe
O4 - HKLM\..\RunOnce: [msvk.exe] C:\WINDOWS\msvk.exe
O4 - HKLM\..\RunOnce: [netbn.exe] C:\WINDOWS\netbn.exe
O4 - HKLM\..\RunOnce: [mssn32.exe] C:\WINDOWS\system32\mssn32.exe
O4 - HKLM\..\RunOnce: [mfclv32.exe] C:\WINDOWS\system32\mfclv32.exe
O4 - HKLM\..\RunOnce: [mfcmb.exe] C:\WINDOWS\mfcmb.exe
O4 - HKLM\..\RunOnce: [ipuu32.exe] C:\WINDOWS\system32\ipuu32.exe
O4 - HKLM\..\RunOnce: [ipme.exe] C:\WINDOWS\ipme.exe
O4 - HKLM\..\RunOnce: [syseg.exe] C:\WINDOWS\system32\syseg.exe
O4 - HKLM\..\RunOnce: [syswq32.exe] C:\WINDOWS\system32\syswq32.exe
O4 - HKLM\..\RunOnce: [sysci32.exe] C:\WINDOWS\system32\sysci32.exe
O4 - HKLM\..\RunOnce: [sdkui.exe] C:\WINDOWS\system32\sdkui.exe
O4 - HKLM\..\RunOnce: [d3fr32.exe] C:\WINDOWS\d3fr32.exe
O4 - HKLM\..\RunOnce: [ienn.exe] C:\WINDOWS\system32\ienn.exe
O4 - HKLM\..\RunOnce: [msje.exe] C:\WINDOWS\system32\msje.exe
O4 - HKLM\..\RunOnce: [ntsl.exe] C:\WINDOWS\system32\ntsl.exe
O4 - HKLM\..\RunOnce: [d3um.exe] C:\WINDOWS\system32\d3um.exe
O4 - HKLM\..\RunOnce: [d3km32.exe] C:\WINDOWS\d3km32.exe
O4 - HKLM\..\RunOnce: [mfcyj32.exe] C:\WINDOWS\mfcyj32.exe
O4 - HKLM\..\RunOnce: [ipka32.exe] C:\WINDOWS\ipka32.exe
O4 - HKLM\..\RunOnce: [netxt.exe] C:\WINDOWS\system32\netxt.exe
O4 - HKLM\..\RunOnce: [mfcod32.exe] C:\WINDOWS\mfcod32.exe
O4 - HKLM\..\RunOnce: [crsn.exe] C:\WINDOWS\system32\crsn.exe
O4 - HKLM\..\RunOnce: [mssv32.exe] C:\WINDOWS\system32\mssv32.exe
O4 - HKLM\..\RunOnce: [ipht32.exe] C:\WINDOWS\ipht32.exe
O4 - HKLM\..\RunOnce: [mfcax32.exe] C:\WINDOWS\mfcax32.exe
O4 - HKLM\..\RunOnce: [apihx32.exe] C:\WINDOWS\system32\apihx32.exe
O4 - HKLM\..\RunOnce: [crln32.exe] C:\WINDOWS\system32\crln32.exe
O4 - HKLM\..\RunOnce: [apipu32.exe] C:\WINDOWS\system32\apipu32.exe
O4 - HKLM\..\RunOnce: [mfcwm32.exe] C:\WINDOWS\system32\mfcwm32.exe
O4 - HKLM\..\RunOnce: [atlgr.exe] C:\WINDOWS\atlgr.exe
O4 - HKLM\..\RunOnce: [mfcqg.exe] C:\WINDOWS\system32\mfcqg.exe
O4 - HKLM\..\RunOnce: [msjb32.exe] C:\WINDOWS\system32\msjb32.exe
O4 - HKLM\..\RunOnce: [cror32.exe] C:\WINDOWS\system32\cror32.exe
O4 - HKLM\..\RunOnce: [sdkaj32.exe] C:\WINDOWS\sdkaj32.exe
O4 - HKLM\..\RunOnce: [cryl32.exe] C:\WINDOWS\system32\cryl32.exe
O4 - HKLM\..\RunOnce: [ieut32.exe] C:\WINDOWS\ieut32.exe
O4 - HKLM\..\RunOnce: [mshf.exe] C:\WINDOWS\mshf.exe
O4 - HKLM\..\RunOnce: [addhb.exe] C:\WINDOWS\addhb.exe
O4 - HKLM\..\RunOnce: [appzd.exe] C:\WINDOWS\system32\appzd.exe
O4 - HKLM\..\RunOnce: [crdw32.exe] C:\WINDOWS\crdw32.exe
O4 - HKLM\..\RunOnce: [d3ve32.exe] C:\WINDOWS\system32\d3ve32.exe
O4 - HKLM\..\RunOnce: [crcy.exe] C:\WINDOWS\crcy.exe
O4 - HKLM\..\RunOnce: [javasz.exe] C:\WINDOWS\system32\javasz.exe
O4 - HKLM\..\RunOnce: [addzl32.exe] C:\WINDOWS\addzl32.exe
O4 - HKLM\..\RunOnce: [ipyx.exe] C:\WINDOWS\ipyx.exe
O4 - HKLM\..\RunOnce: [mses32.exe] C:\WINDOWS\mses32.exe
O4 - HKLM\..\RunOnce: [netil.exe] C:\WINDOWS\system32\netil.exe
O4 - HKLM\..\RunOnce: [winzu.exe] C:\WINDOWS\winzu.exe
O4 - HKLM\..\RunOnce: [ntrd32.exe] C:\WINDOWS\ntrd32.exe
O4 - HKLM\..\RunOnce: [atlcv.exe] C:\WINDOWS\atlcv.exe
O4 - HKLM\..\RunOnce: [apiou.exe] C:\WINDOWS\system32\apiou.exe
O4 - HKLM\..\RunOnce: [apibf.exe] C:\WINDOWS\system32\apibf.exe
O4 - HKLM\..\RunOnce: [sysyj32.exe] C:\WINDOWS\sysyj32.exe
O4 - HKLM\..\RunOnce: [apppr32.exe] C:\WINDOWS\apppr32.exe
O4 - HKLM\..\RunOnce: [addso.exe] C:\WINDOWS\system32\addso.exe
O4 - HKLM\..\RunOnce: [crzq.exe] C:\WINDOWS\system32\crzq.exe
O4 - HKLM\..\RunOnce: [javauh.exe] C:\WINDOWS\system32\javauh.exe
O4 - HKLM\..\RunOnce: [crxb.exe] C:\WINDOWS\system32\crxb.exe
O4 - HKLM\..\RunOnce: [crzg.exe] C:\WINDOWS\system32\crzg.exe
O4 - HKLM\..\RunOnce: [appjr32.exe] C:\WINDOWS\appjr32.exe
O4 - HKLM\..\RunOnce: [iekz32.exe] C:\WINDOWS\system32\iekz32.exe
O4 - HKLM\..\RunOnce: [atlil.exe] C:\WINDOWS\atlil.exe
O4 - HKLM\..\RunOnce: [netsp32.exe] C:\WINDOWS\netsp32.exe
O4 - HKLM\..\RunOnce: [atlba32.exe] C:\WINDOWS\atlba32.exe
O4 - HKLM\..\RunOnce: [javady32.exe] C:\WINDOWS\system32\javady32.exe
O4 - HKLM\..\RunOnce: [winwc.exe] C:\WINDOWS\system32\winwc.exe
O4 - HKLM\..\RunOnce: [winom32.exe] C:\WINDOWS\winom32.exe
O4 - HKLM\..\RunOnce: [d3rd32.exe] C:\WINDOWS\system32\d3rd32.exe
O4 - HKLM\..\RunOnce: [windj.exe] C:\WINDOWS\system32\windj.exe
O4 - HKLM\..\RunOnce: [sdkai32.exe] C:\WINDOWS\system32\sdkai32.exe
O4 - HKLM\..\RunOnce: [apimc.exe] C:\WINDOWS\system32\apimc.exe
O4 - HKLM\..\RunOnce: [appfe32.exe] C:\WINDOWS\appfe32.exe
O4 - HKLM\..\RunOnce: [msxa.exe] C:\WINDOWS\system32\msxa.exe
O4 - HKLM\..\RunOnce: [atlwt.exe] C:\WINDOWS\atlwt.exe
O4 - HKLM\..\RunOnce: [iect.exe] C:\WINDOWS\system32\iect.exe
O4 - HKLM\..\RunOnce: [addox.exe] C:\WINDOWS\addox.exe
O4 - HKLM\..\RunOnce: [nttq.exe] C:\WINDOWS\nttq.exe
O4 - HKLM\..\RunOnce: [d3oy32.exe] C:\WINDOWS\d3oy32.exe
O4 - HKLM\..\RunOnce: [addli.exe] C:\WINDOWS\system32\addli.exe
O4 - HKLM\..\RunOnce: [mstr.exe] C:\WINDOWS\system32\mstr.exe
O4 - HKLM\..\RunOnce: [adduu32.exe] C:\WINDOWS\system32\adduu32.exe
O4 - HKLM\..\RunOnce: [addoh.exe] C:\WINDOWS\system32\addoh.exe
O4 - HKLM\..\RunOnce: [netjo.exe] C:\WINDOWS\system32\netjo.exe
O4 - HKLM\..\RunOnce: [netir32.exe] C:\WINDOWS\netir32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [appvu32.exe] C:\WINDOWS\appvu32.exe
O4 - HKLM\..\RunOnce: [ippc.exe] C:\WINDOWS\ippc.exe
O4 - HKLM\..\RunOnce: [d3qx32.exe] C:\WINDOWS\system32\d3qx32.exe
O4 - HKLM\..\RunOnce: [ieqs.exe] C:\WINDOWS\ieqs.exe
O4 - HKLM\..\RunOnce: [ipwr32.exe] C:\WINDOWS\ipwr32.exe
O4 - HKLM\..\RunOnce: [crqt.exe] C:\WINDOWS\crqt.exe
O4 - HKLM\..\RunOnce: [wintx32.exe] C:\WINDOWS\system32\wintx32.exe
O4 - HKLM\..\RunOnce: [mfcnp.exe] C:\WINDOWS\system32\mfcnp.exe
O4 - HKLM\..\RunOnce: [appkr.exe] C:\WINDOWS\system32\appkr.exe
O4 - HKLM\..\RunOnce: [netky.exe] C:\WINDOWS\netky.exe
O4 - HKLM\..\RunOnce: [ipec32.exe] C:\WINDOWS\system32\ipec32.exe
O4 - HKLM\..\RunOnce: [ntxn32.exe] C:\WINDOWS\system32\ntxn32.exe
O4 - HKLM\..\RunOnce: [winti32.exe] C:\WINDOWS\system32\winti32.exe
O4 - HKLM\..\RunOnce: [wincd.exe] C:\WINDOWS\wincd.exe
O4 - HKLM\..\RunOnce: [d3hq.exe] C:\WINDOWS\d3hq.exe
O4 - HKLM\..\RunOnce: [msch.exe] C:\WINDOWS\msch.exe
O4 - HKLM\..\RunOnce: [addkz.exe] C:\WINDOWS\addkz.exe
O4 - HKLM\..\RunOnce: [mslg32.exe] C:\WINDOWS\mslg32.exe
O4 - HKLM\..\RunOnce: [msov32.exe] C:\WINDOWS\msov32.exe
O4 - HKLM\..\RunOnce: [winlj32.exe] C:\WINDOWS\winlj32.exe
O4 - HKLM\..\RunOnce: [syssw.exe] C:\WINDOWS\syssw.exe
O4 - HKLM\..\RunOnce: [nthw32.exe] C:\WINDOWS\system32\nthw32.exe
O4 - HKLM\..\RunOnce: [addfu.exe] C:\WINDOWS\system32\addfu.exe
O4 - HKLM\..\RunOnce: [sdkiu32.exe] C:\WINDOWS\system32\sdkiu32.exe
O4 - HKLM\..\RunOnce: [apipb.exe] C:\WINDOWS\system32\apipb.exe
O4 - HKLM\..\RunOnce: [mfcrz32.exe] C:\WINDOWS\mfcrz32.exe
O4 - HKLM\..\RunOnce: [syspb.exe] C:\WINDOWS\system32\syspb.exe
O4 - HKLM\..\RunOnce: [appfp32.exe] C:\WINDOWS\appfp32.exe
O4 - HKLM\..\RunOnce: [apikd32.exe] C:\WINDOWS\system32\apikd32.exe
O4 - HKLM\..\RunOnce: [netti.exe] C:\WINDOWS\system32\netti.exe
O4 - HKLM\..\RunOnce: [apiqn.exe] C:\WINDOWS\apiqn.exe
O4 - HKLM\..\RunOnce: [appbi.exe] C:\WINDOWS\system32\appbi.exe
O4 - HKLM\..\RunOnce: [appwz.exe] C:\WINDOWS\appwz.exe
O4 - HKLM\..\RunOnce: [ietw.exe] C:\WINDOWS\ietw.exe
O4 - HKLM\..\RunOnce: [crqa32.exe] C:\WINDOWS\system32\crqa32.exe
O4 - HKLM\..\RunOnce: [apinh.exe] C:\WINDOWS\apinh.exe
O4 - HKLM\..\RunOnce: [ipnu32.exe] C:\WINDOWS\system32\ipnu32.exe
O4 - HKLM\..\RunOnce: [ieou.exe] C:\WINDOWS\ieou.exe
O4 - HKLM\..\RunOnce: [mfcen.exe] C:\WINDOWS\system32\mfcen.exe
O4 - HKLM\..\RunOnce: [crou32.exe] C:\WINDOWS\system32\crou32.exe
O4 - HKCU\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\TopText\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\TopText\wo.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -


Close all browsers and windows, click on ‘fix selected’ and allow HJT to fix these entries.

Delete these files (if present) NOT THE FOLDERS

C:\WINDOWS\system32\apicb32.dll
C:\WINDOWS\addwj.exe
C:\WINDOWS\appkj.exe
C:\WINDOWS\crwp32.exe
C:\WINDOWS\system32\crot.exe
C:\WINDOWS\system32\mfcba32.exe
C:\WINDOWS\apilf.exe
OC:\WINDOWS\appao32.exe
C:\WINDOWS\addvb.exe
C:\WINDOWS\system32\crhi32.exe
C:\WINDOWS\mfcoy32.exe
C:\WINDOWS\system32\sdkhn.exe
C:\WINDOWS\system32\d3mr.exe
C:\WINDOWS\system32\appew.exe
C:\WINDOWS\system32\ipqe.exe
C:\WINDOWS\system32\javasv.exe
C:\WINDOWS\ipjo32.exe
C:\WINDOWS\syspe.exe
C:\WINDOWS\netdb32.exe
C:\WINDOWS\system32\ipkk32.exe
C:\WINDOWS\system32\atloi.exe
C:\WINDOWS\system32\addqe.exe
C:\WINDOWS\atlqr.exe
C:\WINDOWS\iecq.exe
C:\WINDOWS\system32\sysjy.exe
C:\WINDOWS\appsn.exe
C:\WINDOWS\apivi32.exe
C:\WINDOWS\system32\nthf.exe
C:\WINDOWS\system32\winkx32.exe
C:\WINDOWS\system32\javage32.exe
C:\WINDOWS\system32\addjm.exe
C:\WINDOWS\system32\javaao32.exe
C:\WINDOWS\system32\mstp.exe
C:\WINDOWS\system32\sdkfo32.exe
C:\WINDOWS\javamw32.exe
C:\WINDOWS\iepk32.exe
C:\WINDOWS\sdkyr32.exe
C:\WINDOWS\system32\apper.exe
C:\WINDOWS\system32\sysrw.exe
C:\WINDOWS\apprr32.exe
C:\WINDOWS\addur.exe
C:\WINDOWS\system32\ipgw.exe
C:\WINDOWS\applf32.exe
C:\WINDOWS\javajd.exe
C:\WINDOWS\system32\appuo.exe
C:\WINDOWS\system32\sdkre.exe
C:\WINDOWS\mfctb32.exe
C:\WINDOWS\msfs.exe
C:\WINDOWS\sysdw32.exe
C:\WINDOWS\system32\apiew.exe
C:\WINDOWS\system32\javash32.exe
C:\WINDOWS\msvk.exe
C:\WINDOWS\netbn.exe
C:\WINDOWS\system32\mssn32.exe
C:\WINDOWS\system32\mfclv32.exe
C:\WINDOWS\mfcmb.exe
C:\WINDOWS\system32\ipuu32.exe
C:\WINDOWS\ipme.exe
C:\WINDOWS\system32\syseg.exe
C:\WINDOWS\system32\syswq32.exe
C:\WINDOWS\system32\sysci32.exe
C:\WINDOWS\system32\sdkui.exe
C:\WINDOWS\d3fr32.exe
C:\WINDOWS\system32\ienn.exe
C:\WINDOWS\system32\msje.exe
C:\WINDOWS\system32\ntsl.exe
C:\WINDOWS\system32\d3um.exe
C:\WINDOWS\d3km32.exe
C:\WINDOWS\mfcyj32.exe
C:\WINDOWS\ipka32.exe
C:\WINDOWS\system32\netxt.exe
C:\WINDOWS\mfcod32.exe
C:\WINDOWS\system32\crsn.exe
C:\WINDOWS\system32\mssv32.exe
C:\WINDOWS\ipht32.exe
C:\WINDOWS\mfcax32.exe
C:\WINDOWS\system32\apihx32.exe
C:\WINDOWS\system32\apipu32.exe
C:\WINDOWS\system32\mfcwm32.exe
C:\WINDOWS\atlgr.exe
C:\WINDOWS\system32\mfcqg.exe
C:\WINDOWS\system32\msjb32.exe
C:\WINDOWS\system32\cror32.exe
C:\WINDOWS\sdkaj32.exe
C:\WINDOWS\system32\cryl32.exe
C:\WINDOWS\ieut32.exe
C:\WINDOWS\mshf.exe
C:\WINDOWS\addhb.exe
C:\WINDOWS\system32\appzd.exe
C:\WINDOWS\crdw32.exe
C:\WINDOWS\system32\d3ve32.exe
C:\WINDOWS\crcy.exe
C:\WINDOWS\system32\javasz.exe
C:\WINDOWS\addzl32.exe
C:\WINDOWS\ipyx.exe
C:\WINDOWS\mses32.exe
C:\WINDOWS\system32\netil.exe
C:\WINDOWS\winzu.exe
C:\WINDOWS\ntrd32.exe
C:\WINDOWS\atlcv.exe
C:\WINDOWS\system32\apiou.exe
C:\WINDOWS\system32\apibf.exe
C:\WINDOWS\sysyj32.exe
C:\WINDOWS\apppr32.exe
C:\WINDOWS\system32\addso.exe
C:\WINDOWS\system32\crzq.exe
C:\WINDOWS\system32\javauh.exe
C:\WINDOWS\system32\crxb.exe
C:\WINDOWS\system32\crzg.exe
C:\WINDOWS\appjr32.exe
C:\WINDOWS\system32\iekz32.exe
C:\WINDOWS\atlil.exe
C:\WINDOWS\netsp32.exe
C:\WINDOWS\atlba32.exe
C:\WINDOWS\system32\javady32.exe
C:\WINDOWS\system32\winwc.exe
C:\WINDOWS\winom32.exe
C:\WINDOWS\system32\d3rd32.exe
C:\WINDOWS\system32\windj.exe
C:\WINDOWS\system32\sdkai32.exe
C:\WINDOWS\system32\apimc.exe
C:\WINDOWS\appfe32.exe
C:\WINDOWS\system32\msxa.exe
C:\WINDOWS\atlwt.exe
C:\WINDOWS\system32\iect.exe
C:\WINDOWS\addox.exe
C:\WINDOWS\nttq.exe
C:\WINDOWS\d3oy32.exe
C:\WINDOWS\system32\addli.exe
C:\WINDOWS\system32\mstr.exe
C:\WINDOWS\system32\adduu32.exe
C:\WINDOWS\system32\addoh.exe
C:\WINDOWS\system32\netjo.exe
C:\WINDOWS\netir32.exe
C:\WINDOWS\system32\netfl.exe
C:\WINDOWS\appvu32.exe
C:\WINDOWS\ippc.exe
C:\WINDOWS\system32\d3qx32.exe
C:\WINDOWS\ieqs.exe
C:\WINDOWS\ipwr32.exe
C:\WINDOWS\crqt.exe
C:\WINDOWS\system32\wintx32.exe
C:\WINDOWS\system32\mfcnp.exe
C:\WINDOWS\system32\appkr.exe
C:\WINDOWS\netky.exe
C:\WINDOWS\system32\ipec32.exe
C:\WINDOWS\system32\ntxn32.exe
C:\WINDOWS\system32\winti32.exe
C:\WINDOWS\wincd.exe
C:\WINDOWS\d3hq.exe
C:\WINDOWS\msch.exe
C:\WINDOWS\addkz.exe
C:\WINDOWS\mslg32.exe
C:\WINDOWS\msov32.exe
C:\WINDOWS\winlj32.exe
C:\WINDOWS\syssw.exe
C:\WINDOWS\system32\nthw32.exe
C:\WINDOWS\system32\addfu.exe
C:\WINDOWS\system32\sdkiu32.exe
C:\WINDOWS\system32\apipb.exe
C:\WINDOWS\mfcrz32.exe
C:\WINDOWS\system32\syspb.exe
C:\WINDOWS\appfp32.exe
C:\WINDOWS\system32\apikd32.exe
C:\WINDOWS\system32\netti.exe
C:\WINDOWS\apiqn.exe
C:\WINDOWS\appwz.exe
C:\WINDOWS\ietw.exe
C:\WINDOWS\system32\crqa32.exe
C:\WINDOWS\apinh.exe
C:\WINDOWS\system32\ipnu32.exe
C:\WINDOWS\ieou.exe
C:\WINDOWS\system32\mfcen.exe
C:\WINDOWS\system32\crou32.exe
C:\WINDOWS\System32\tss.exe
C:\PROGRA~1\TopText\mmod.exe
C:\PROGRA~1\TopText\wo.exe

Restart.


Open AdAware, use the 'Check for Updates' option and install any updates, run a full system scan and follow the prompts to remove anything it finds, then exit.
Open Spybot, check for and install any updates, run a full scan and fix any items flagged in red, then exit.

Download: Clear the Cache (freeware)
http://www.majorgeeks.com/download4191.html
Once installed, run CCleaner click the Windows [tab]
Select the following:
Posted Image
Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then [b]Exit


Restart.

Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread, along with the About:Buster log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users