Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seeking Higher Wisdom


  • This topic is locked This topic is locked
2 replies to this topic

#1 CoreSinns

CoreSinns

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 19 December 2005 - 04:37 PM

Hey, Im doing a check on a customer's computer, and I know that a lot of this stuff is flagged, I just wanted to confirm that I cought everything(which is unlikely, and why I'm asking the experts :).

PS> Love the site, use it all the time. Thanks to you all for donating your time and efforts.


Logfile of HijackThis v1.99.1
Scan saved at 4:27:18 PM, on 12/19/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\ATLYY.EXE
C:\WINDOWS\D3JZ32.EXE
C:\WINDOWS\APPWJ32.EXE
C:\WINDOWS\SDKCU32.EXE
C:\WINDOWS\SYSTEM\JAVATR32.EXE
C:\WINDOWS\SYSTEM\MSGR32.EXE
C:\WINDOWS\SDKBU32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\D3GW.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IELM.EXE
C:\PROGRAM FILES\D-LINK AIRPLUS\AIRPLUS.EXE
C:\WINDOWS\D3JZ32.EXE
C:\WINDOWS\APPWJ32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
A:\HIJACKTHIS1991.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\oarvc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\oarvc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\oarvc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\oarvc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\oarvc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\oarvc.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\oarvc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R3 - Default URLSearchHook is missing
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://google.com"); (C:\Program Files\Netscape\Users\jim\prefs.js)
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\PROGRAM FILES\SUBMIT\SUBMITHOOK.DLL
O2 - BHO: Class - {C2A65EF9-4FC7-5F32-D9C1-09D83012C91D} - C:\WINDOWS\SYSTEM\NTSE.DLL
O2 - BHO: Class - {2127FF53-5214-A977-18E8-9B58B90C486C} - C:\WINDOWS\SYSTEM\CROS32.DLL
O2 - BHO: Class - {8955C38D-4C95-80AA-4D9C-204125ADD200} - C:\WINDOWS\CRFS.DLL
O2 - BHO: Class - {4588D32C-F606-D547-FA25-1F86D0D53C66} - C:\WINDOWS\SYSTEM\IEHV32.DLL
O2 - BHO: Class - {EAE93A50-B566-8AE6-4CF2-7070B758A27C} - C:\WINDOWS\WINXW.DLL
O2 - BHO: Class - {474BC714-CE9E-6D6E-EFD4-FC75E4F9B77C} - C:\WINDOWS\CRPL.DLL
O2 - BHO: Class - {3E6324FC-B7AB-3DED-C91E-FF44C25EDF8F} - C:\WINDOWS\SYSTEM\ATLAY.DLL
O2 - BHO: Class - {26D2DCB8-71C1-252A-D759-F55FEC431202} - C:\WINDOWS\SYSTEM\SDKFV.DLL
O2 - BHO: Class - {0033AAE9-55C7-41F3-F763-32B1DA16BE5C} - C:\WINDOWS\SYSTEM\MFCGP32.DLL
O2 - BHO: Class - {D9CDCA0F-2E12-6320-FED6-8817E123401F} - C:\WINDOWS\SYSTEM\APPEO.DLL
O2 - BHO: Class - {DF681A51-5F05-1F39-036E-D1C704F8F568} - C:\WINDOWS\IPOY32.DLL
O2 - BHO: Class - {6BE5C394-AA25-266E-D794-88256569CD9D} - C:\WINDOWS\D3RO32.DLL
O2 - BHO: Class - {C4843FF7-AE70-BF42-6057-827D9D3007CE} - C:\WINDOWS\APIJI32.DLL
O2 - BHO: Class - {263DE9FD-A5FF-1173-6483-3084AC7F97CC} - C:\WINDOWS\IEIF32.DLL
O2 - BHO: Class - {0D986CF8-2CE9-4F81-C868-236758D1D348} - C:\WINDOWS\SYSTEM\CRYU32.DLL
O2 - BHO: Class - {7AF4AA3B-0ABB-CC5A-EC47-788E8388DEE1} - C:\WINDOWS\SYSTEM\D3JG32.DLL
O2 - BHO: Class - {6516D1D3-6292-4788-0C0D-A114597B3DEF} - C:\WINDOWS\ADDOV32.DLL
O2 - BHO: Class - {008A3C3B-9249-57B4-CBC9-55AB9E690943} - C:\WINDOWS\SYSTEM\ADDCU32.DLL
O2 - BHO: Class - {2F9CF46E-EFF6-35CD-9CDA-BF02ABD0CAF6} - C:\WINDOWS\ATLCI32.DLL
O2 - BHO: Class - {90426D31-0395-9DA8-80E5-E0C2FD2B6F9C} - C:\WINDOWS\SYSTEM\CROV32.DLL
O2 - BHO: Class - {8EFE910F-0591-211F-7401-F737316026EE} - C:\WINDOWS\SYSTEM\JAVARN.DLL
O2 - BHO: Class - {58A38705-CB9F-7B61-F5FA-A70899B04378} - C:\WINDOWS\NTWA.DLL
O2 - BHO: Class - {EE0622B9-E1DD-2901-FB4F-F5C1BFA6825D} - C:\WINDOWS\SYSTEM\WINPI32.DLL
O2 - BHO: Class - {E644B589-2512-8BFF-D131-B550B1DC8F6A} - C:\WINDOWS\SYSTEM\SDKGK.DLL
O2 - BHO: Class - {A652C940-69E4-64E3-7AAF-435391F510CF} - C:\WINDOWS\SYSTEM\ATLJD32.DLL
O2 - BHO: Class - {28794D46-D75B-7CDB-21C3-65E69FD4B409} - C:\WINDOWS\SYSTEM\D3TU32.DLL
O2 - BHO: Class - {31C94FA3-13E4-1D4B-B350-6A09F9B4EDDA} - C:\WINDOWS\SYSVJ.DLL
O2 - BHO: Class - {F82291F5-36E0-4F75-AC50-26ED7715CF32} - C:\WINDOWS\SYSTEM\ADDSI.DLL
O2 - BHO: Class - {2FC5C0C4-3F0A-6E09-E41D-7CD05875884C} - C:\WINDOWS\IPRG32.DLL
O2 - BHO: Class - {01083C96-E7FB-D9DC-2583-A48F318E60CB} - C:\WINDOWS\APIOE.DLL
O2 - BHO: Class - {C8BBF9F2-5F1D-686C-B265-A0082E15F49B} - C:\WINDOWS\JAVAOI32.DLL
O2 - BHO: Class - {934F52F5-7431-6F8D-CF03-508A60646BCC} - C:\WINDOWS\IEFQ.DLL
O2 - BHO: Class - {B6169D6A-232D-595E-E6F2-7792C942DCAB} - C:\WINDOWS\SYSTEM\IESE32.DLL
O2 - BHO: Class - {CBAEF3F4-4602-ADD1-E400-F5E4309098A2} - C:\WINDOWS\APPXZ32.DLL
O2 - BHO: Class - {14A89499-E461-38DD-211A-FDE8764A8C67} - C:\WINDOWS\SYSTEM\D3AL32.DLL
O2 - BHO: Class - {71546271-3F01-C594-3A14-A3F2347D0658} - C:\WINDOWS\SDKHD32.DLL
O2 - BHO: Class - {FF3B84BF-172F-490A-EADC-AFDD0366F962} - C:\WINDOWS\APPJU32.DLL
O2 - BHO: Class - {2292BD18-3B6B-01F7-6D6E-CA1A2CB8FE64} - C:\WINDOWS\NETDR.DLL
O2 - BHO: Class - {82935B53-C07A-4321-2D6B-1BEFEDF758BE} - C:\WINDOWS\SYSTEM\D3BM.DLL
O2 - BHO: Class - {60CC4012-F1EA-B05A-C3B6-B0884B04256A} - C:\WINDOWS\SYSTEM\IPYN32.DLL
O2 - BHO: Class - {A958A169-D483-E7DE-21B6-16C6778544A6} - C:\WINDOWS\SYSTEM\SDKVS.DLL
O2 - BHO: Class - {A2062505-899C-063F-015E-9628483A0E16} - C:\WINDOWS\SYSTEM\APPSK.DLL
O2 - BHO: Class - {8F847879-40F7-B232-AEC5-D3214B36C965} - C:\WINDOWS\ADDEQ32.DLL
O2 - BHO: Class - {44D6E07C-653A-2AAB-E15E-C8A8D058A69A} - C:\WINDOWS\SYSTEM\CRFZ.DLL
O2 - BHO: Class - {90322B92-7595-8451-4FC8-CF6E0A650624} - C:\WINDOWS\SYSTEM\SYSYW32.DLL
O2 - BHO: Class - {13DF5395-818A-427D-8E89-35E89CB935C1} - C:\WINDOWS\SYSTEM\ADDIJ.DLL
O2 - BHO: Class - {7153C74E-9AA0-9071-5E42-A4F5204E058F} - C:\WINDOWS\MSDJ.DLL
O2 - BHO: Class - {BCCFD00A-DDB3-66B0-CF24-AB063F02A5F2} - C:\WINDOWS\NTDU.DLL
O2 - BHO: Class - {6A3B8508-1270-2B62-9ACB-B499FEAE3120} - C:\WINDOWS\SYSTEM\D3SG.DLL
O2 - BHO: Class - {458BEC00-7562-DFA4-7AE7-FA25EC402DAC} - C:\WINDOWS\SYSTEM\SYSUT32.DLL
O2 - BHO: Class - {456AA758-A6D4-3D40-97CC-BE10CAAF3EEA} - C:\WINDOWS\SYSTEM\JAVALI32.DLL
O2 - BHO: Class - {94BE3C40-321F-9253-6C8E-FD536B1C7FC2} - C:\WINDOWS\SYSTEM\JAVACG32.DLL
O2 - BHO: Class - {AA0CF52E-7A00-E379-F181-70AF79966EC6} - C:\WINDOWS\SYSTEM\MSSO32.DLL
O2 - BHO: Class - {B9E4D006-7A30-6772-18E7-A2C7B4E14473} - C:\WINDOWS\JAVADS.DLL
O2 - BHO: Class - {27853C2B-D24E-079E-B564-942AA78CEDD4} - C:\WINDOWS\SYSTEM\APIBS.DLL
O2 - BHO: Class - {DD9BFA8F-A5CC-8F6E-F806-0A8CBA44772D} - C:\WINDOWS\SYSTEM\D3HJ.DLL
O2 - BHO: Class - {1770D985-41E8-2FD2-FF5E-48174D0063CF} - C:\WINDOWS\SYSTEM\ADDTL.DLL
O2 - BHO: Class - {93818BC9-D266-1EB9-EDFE-1C682654EE66} - C:\WINDOWS\ATLNE.DLL
O2 - BHO: Class - {991DF816-06EC-05DF-D306-F828A69AEF22} - C:\WINDOWS\NETUI32.DLL
O2 - BHO: Class - {78678C67-58D1-BFFC-FA43-DCB83006E6E6} - C:\WINDOWS\NETZG32.DLL
O2 - BHO: Class - {4D565645-6197-E88E-7087-D53B8E933D07} - C:\WINDOWS\SYSTEM\APPUH.DLL
O2 - BHO: Class - {093680F4-6D7A-144A-D33E-DC9B538D581B} - C:\WINDOWS\SYSTEM\JAVARZ32.DLL
O2 - BHO: Class - {EE5CF572-2A44-0143-F263-4625430E6551} - C:\WINDOWS\ADDBV32.DLL
O2 - BHO: Class - {26EAEA9A-0AE9-BBF9-7DBE-948F7AADCAC6} - C:\WINDOWS\SYSTEM\IPFL.DLL
O2 - BHO: Class - {E97E5AE0-29D6-7DFA-7E92-29CC5D770DA3} - C:\WINDOWS\IPHO32.DLL
O2 - BHO: Class - {04D1DF3C-C625-0315-0875-A232686AFD1F} - C:\WINDOWS\SYSTEM\APIQF32.DLL
O2 - BHO: Class - {44FC8C96-DD01-37F9-B782-F4CDFEF1A1C8} - C:\WINDOWS\SYSTEM\NTIS.DLL
O2 - BHO: Class - {7CF3DE07-F033-20B9-DF3E-032F8C4EDA3B} - C:\WINDOWS\SYSTEM\ADDYB32.DLL
O2 - BHO: Class - {3E29B368-01E7-2037-A0E6-6F97B79FA801} - C:\WINDOWS\SYSTEM\MFCBZ32.DLL
O2 - BHO: Class - {6449F8FB-2D9F-4038-901E-46002846D2B7} - C:\WINDOWS\SYSTEM\ADDPF32.DLL
O2 - BHO: Class - {66DC5AD1-B874-3EB5-D86F-AE8806756557} - C:\WINDOWS\IEFA.DLL
O2 - BHO: Class - {32647596-213A-8327-EDB5-24A45C5C5E36} - C:\WINDOWS\SDKKW.DLL
O2 - BHO: Class - {A72DA518-41F3-C894-F46E-42E7280D77E4} - C:\WINDOWS\SYSTEM\ATLSI32.DLL
O2 - BHO: Class - {6CF47EBD-F47F-F256-5877-09354850D9FC} - C:\WINDOWS\CRCD.DLL
O2 - BHO: Class - {8E791205-E0B5-2600-EEB9-32CAB7717620} - C:\WINDOWS\JAVAQH.DLL
O2 - BHO: Class - {19597D9F-B88E-697E-D763-E9940650A73C} - C:\WINDOWS\SYSTEM\WINUZ32.DLL
O2 - BHO: Class - {353A2FBE-089A-FCCA-C5BA-394F769B353F} - C:\WINDOWS\SYSTEM\MSQH.DLL
O2 - BHO: Class - {E7FCD046-7EFA-EC37-9814-C95DD24FA232} - C:\WINDOWS\NETJU.DLL
O2 - BHO: Class - {875B4CD1-0BF3-E6A9-2A50-67BB4B403435} - C:\WINDOWS\ADDDV32.DLL
O2 - BHO: Class - {8E9FD882-908D-2B7C-2FF8-25671EC42598} - C:\WINDOWS\SYSTEM\MFCRW32.DLL
O2 - BHO: Class - {CFDEDD7B-3C68-3EA9-44F9-80368394C67C} - C:\WINDOWS\JAVAUS.DLL
O2 - BHO: Class - {C2E0B279-5970-A3D1-B0AB-50937597E089} - C:\WINDOWS\JAVAFU32.DLL
O2 - BHO: Class - {ED1F3DC8-6028-5621-EAE8-8F5FDFA8C76A} - C:\WINDOWS\SYSTEM\JAVAKS32.DLL
O2 - BHO: Class - {0597D537-86A0-08BE-1BB8-7597D9D9FE0A} - C:\WINDOWS\ATLEL.DLL
O2 - BHO: Class - {588E9107-C2D3-E0FF-D067-E37707B28CEA} - C:\WINDOWS\IPSK32.DLL
O2 - BHO: Class - {FE0AC8A6-1206-1F84-6453-4D4D61EF27E8} - C:\WINDOWS\SYSTEM\NTWU32.DLL
O2 - BHO: Class - {A5B223E5-0E73-9AC9-758C-41988A18DD24} - C:\WINDOWS\SYSTEM\APIKR.DLL
O2 - BHO: Class - {2A84CAD2-B123-6B06-880C-0055BDCCF0FE} - C:\WINDOWS\SYSTEM\MFCVN32.DLL
O2 - BHO: Class - {9114570A-A3BD-1492-E6A7-9F9C0C0F0D7A} - C:\WINDOWS\APPSH32.DLL
O2 - BHO: Class - {4C94038E-E594-8956-8F78-1007DB13CE40} - C:\WINDOWS\SYSTEM\SYSKI32.DLL
O2 - BHO: Class - {5BA8ED10-55C0-B29D-A8F3-E37E146D4B4A} - C:\WINDOWS\SYSTEM\MFCKD32.DLL
O2 - BHO: Class - {F322AB0B-621C-11A3-B1AE-7A7FC2B40350} - C:\WINDOWS\MFCOC.DLL
O2 - BHO: Class - {6B116755-D849-210C-3AF2-257149A82882} - C:\WINDOWS\NTZJ32.DLL
O2 - BHO: Class - {E43E7E04-6264-19E3-CABC-9B791F6F5078} - C:\WINDOWS\MSXA32.DLL
O2 - BHO: Class - {0C46C72F-75AC-E403-AC2F-A5CE6740682F} - C:\WINDOWS\SYSTEM\NETRU.DLL
O2 - BHO: Class - {9847DDAA-B073-1B12-1D01-BB4E38F69B5A} - C:\WINDOWS\SYSTEM\APPLZ.DLL
O2 - BHO: Class - {A40E210D-44F7-33DE-2D6C-292A6520AB82} - C:\WINDOWS\WINPR32.DLL
O2 - BHO: Class - {E8A17D47-9FBA-94B1-2B60-4B4FA0C145A3} - C:\WINDOWS\SYSWO.DLL
O2 - BHO: Class - {7B7B6E94-D1DE-C5B2-4825-1995BB271426} - C:\WINDOWS\SDKMI.DLL
O2 - BHO: Class - {CC3A504B-41DE-5145-BA59-63AEDFBC89C3} - C:\WINDOWS\SYSTEM\NETQV.DLL
O2 - BHO: Class - {4572B4C5-5DD0-E0C1-E935-4A5F6D06763D} - C:\WINDOWS\SYSTEM\SDKJM.DLL
O2 - BHO: Class - {2ECEA165-3F6C-E79E-43DA-6E7B4C708792} - C:\WINDOWS\SYSTEM\IPLF32.DLL
O2 - BHO: Class - {3671C517-3B6E-EAD9-6286-2A7FD1E82C95} - C:\WINDOWS\SYSTEM\WINIK.DLL
O2 - BHO: Class - {908708BE-F6FE-44B2-B1E5-D54BD8779D62} - C:\WINDOWS\ADDYQ.DLL
O2 - BHO: Class - {79E0B318-002C-7903-30CE-486F72CDF957} - C:\WINDOWS\SYSTEM\SYSEM.DLL
O2 - BHO: Class - {2072E213-9FA4-3F02-F765-41EAC5FEE389} - C:\WINDOWS\MSNL.DLL
O2 - BHO: Class - {17FC710D-C0F3-9F8F-B630-C6A396F77B7E} - C:\WINDOWS\SYSHV32.DLL
O2 - BHO: Class - {78BF06AA-3AE7-6D4E-7648-D1DEE433B86D} - C:\WINDOWS\SYSTEM\CRFU32.DLL
O2 - BHO: Class - {AA2057A8-B033-5FED-DE09-9933A49F9AED} - C:\WINDOWS\NETIX32.DLL
O2 - BHO: Class - {6279117F-EA7F-BEE3-52DD-22B0427914A6} - C:\WINDOWS\IEXR.DLL
O2 - BHO: Class - {13E8464A-2089-4AA1-300B-F7BC0B335C69} - C:\WINDOWS\SYSTEM\MSLI.DLL
O2 - BHO: Class - {F9DB070D-5394-0723-F5DA-646C713E9FE2} - C:\WINDOWS\JAVANI32.DLL
O2 - BHO: Class - {A9B5AF4E-E897-1C45-D86D-9A80E109CAE7} - C:\WINDOWS\SYSTEM\IPSP32.DLL
O2 - BHO: Class - {2B52B4D3-47B4-FC73-8508-9709FDECF270} - C:\WINDOWS\SYSTEM\JAVAHB.DLL
O2 - BHO: Class - {236770E7-E878-8704-8A5E-45616824DA7F} - C:\WINDOWS\SYSTEM\MSHC.DLL
O2 - BHO: Class - {057280C0-DC99-4451-907E-A5E66309D3E5} - C:\WINDOWS\SYSTEM\ATLNU.DLL
O2 - BHO: Class - {214827F0-3D1E-01DE-2873-544D6D4CEBAA} - C:\WINDOWS\WINBG32.DLL
O2 - BHO: Class - {D19325BB-4FA3-12F7-E15D-4A2FBE154324} - C:\WINDOWS\SYSTEM\SDKHM32.DLL
O2 - BHO: Class - {236A52A4-0D6B-4284-F174-EB78C9872A68} - C:\WINDOWS\APPPB.DLL
O2 - BHO: Class - {57340397-5850-0278-7CAC-2B318AEA3D9A} - C:\WINDOWS\APPBF32.DLL
O2 - BHO: Class - {D26AF2AB-0F2A-822B-1267-109C8769FEDC} - C:\WINDOWS\MSKM.DLL
O2 - BHO: Class - {30A66C85-5AF5-1B9D-03A3-66F9AD0D9FE1} - C:\WINDOWS\SYSTEM\NTIG.DLL
O2 - BHO: Class - {3F168309-460C-3C13-633D-8B2D81732BD0} - C:\WINDOWS\APIGE.DLL
O2 - BHO: Class - {D300964A-6315-E22B-E5B5-16768794DF6D} - C:\WINDOWS\NETGN32.DLL
O2 - BHO: Class - {E7057D74-9366-EDCC-5B55-8D1F5F0B2823} - C:\WINDOWS\SYSTEM\D3KD32.DLL
O2 - BHO: Class - {5FF9D913-AF6D-6D79-5A3A-75BA7425C8DF} - C:\WINDOWS\D3SN32.DLL
O2 - BHO: Class - {EC15F4E3-8B04-146F-F290-13F33AB877B1} - C:\WINDOWS\NTVL.DLL
O2 - BHO: Class - {78BDA9AC-5B7C-DF76-EB74-464C7B32E142} - C:\WINDOWS\SYSTEM\MSBL.DLL
O2 - BHO: Class - {B36BF8D0-78A6-6627-C70B-89B4CE7916F8} - C:\WINDOWS\IEJZ.DLL
O2 - BHO: Class - {9D9A4011-CF19-AA74-08CA-6E9FB408C988} - C:\WINDOWS\SYSTEM\APPJX32.DLL
O2 - BHO: Class - {DA6A99B0-00AD-2CD1-C021-2CCE5CE744E3} - C:\WINDOWS\ATLZD.DLL
O2 - BHO: Class - {878A81B0-C10A-9380-C3B6-89A99E2C869B} - C:\WINDOWS\APITA32.DLL
O2 - BHO: Class - {CBD49121-A8EF-D345-CCFF-038BD5FDDEA9} - C:\WINDOWS\WINEO.DLL
O2 - BHO: Class - {19B907F0-A6CA-BB49-9C14-FD51E9541ECD} - C:\WINDOWS\D3IU32.DLL
O2 - BHO: Class - {D6036847-0CE9-CD98-8490-CBE09650BB49} - C:\WINDOWS\WINLQ.DLL
O2 - BHO: Class - {A757209F-1F9F-F6A7-A30C-E09315CE6233} - C:\WINDOWS\NTLF32.DLL
O2 - BHO: Class - {795C4F6D-8709-7CDE-2594-4B088D22936D} - C:\WINDOWS\SDKZT32.DLL
O2 - BHO: Class - {A52341BA-BE38-0B92-7349-0153C401D02C} - C:\WINDOWS\SYSTEM\IPUN.DLL
O2 - BHO: Class - {72E235C2-802F-1CA0-B24E-5FC67932116C} - C:\WINDOWS\SYSTEM\WINEU.DLL
O2 - BHO: Class - {B9F72B1E-1C8C-5929-9846-89621C14AA3E} - C:\WINDOWS\SYSTEM\APIZE32.DLL
O2 - BHO: Class - {61F79F8B-D46D-50B2-7E7F-60D809E68EAE} - C:\WINDOWS\APPVX.DLL
O2 - BHO: Class - {68F0E283-684D-FC42-3C24-C144CBB27B3F} - C:\WINDOWS\SYSTEM\ATLIW.DLL
O2 - BHO: Class - {9A97F267-F986-B2AB-F3F4-CDBF9FDD26AF} - C:\WINDOWS\SYSTEM\CRQE.DLL
O2 - BHO: Class - {8CAF6BFD-EB62-A647-4A21-D1B6ED772B29} - C:\WINDOWS\SYSTEM\MSBI.DLL
O2 - BHO: Class - {6B10CE97-0404-CE37-A21D-4A74318C961A} - C:\WINDOWS\D3LS32.DLL
O2 - BHO: Class - {2E36916B-B262-B592-1178-8FF15F1A1514} - C:\WINDOWS\SYSTEM\JAVAWA.DLL
O2 - BHO: Class - {A7030A8B-81B1-9908-1971-009E47C24FCA} - C:\WINDOWS\NETTQ.DLL
O2 - BHO: Class - {ADF83008-D033-75CF-F558-8F5FD25A0CAC} - C:\WINDOWS\SYSTEM\SYSXV32.DLL
O2 - BHO: Class - {211B99E0-F1C1-1D55-58EC-0AF23546E627} - C:\WINDOWS\SYSTEM\SYSXE32.DLL
O2 - BHO: Class - {8D40A014-F240-A3E9-52B2-907E3A6D3B6B} - C:\WINDOWS\SYSTEM\ADDQG.DLL
O2 - BHO: Class - {F2B52E04-55B6-4EE4-F4E3-8D292B1044D6} - C:\WINDOWS\SYSTEM\JAVATI.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_1.DLL (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IELM.EXE] C:\WINDOWS\SYSTEM\IELM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [D3GW.EXE] C:\WINDOWS\D3GW.EXE
O4 - HKLM\..\RunServices: [ATLYY.EXE] C:\WINDOWS\ATLYY.EXE /s
O4 - HKLM\..\RunServices: [D3JZ32.EXE] C:\WINDOWS\D3JZ32.EXE /s
O4 - HKLM\..\RunServices: [APPWJ32.EXE] C:\WINDOWS\APPWJ32.EXE /s
O4 - HKLM\..\RunServices: [SDKCU32.EXE] C:\WINDOWS\SDKCU32.EXE /s
O4 - HKLM\..\RunServices: [JAVATR32.EXE] C:\WINDOWS\SYSTEM\JAVATR32.EXE /s
O4 - HKLM\..\RunServices: [MSGR32.EXE] C:\WINDOWS\SYSTEM\MSGR32.EXE /s
O4 - HKLM\..\RunServices: [SDKBU32.EXE] C:\WINDOWS\SDKBU32.EXE /s
O4 - Startup: D-Link AirPlus.lnk = C:\Program Files\D-Link AirPlus\AirPlus.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab



Thanks Again.

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:19 AM

Posted 22 December 2005 - 08:52 AM

Hello,

I just wanted to confirm that I cought everything


Unfortunately, I still see more malware present than any other legit program in the hijackthislog.
It is a real bad idea not having an antivirus and firewall installed, that's why I want you to install them first.
AVG, AntiVirŪ OR Avast are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Zonealarm, Agnitum Outpost Free OR Kerio are FREE firewalls.

Understanding and using firewalls

Perform a full scan with the antivirus and let it remove everything it is finding. Reboot afterwards!!

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

° Download AboutBuster.
Unzip AboutBuster in an own folder such as C:\AboutBuster.
Start AboutBuster.exe. Click OK, Update, Check For Update and download the updates if present.
Close aboutbuster now, because you may not run it yet, that's for later.
If You are getting an error when updating, please let me know first before you proceed with the next steps.

* Download and install CCleaner
Do not use it yet.

Download Ad-aware version SE Personal 1.06 from one of these locations:

http://www.download.com/3000-2144-10045910.html
http://www.majorgeeks.com/download506.html

Install by double-clicking on the downloaded file.
If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version. Be sure to uninstall the previous version.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon > Click connect > Click OK > Click Finish.)
2. Set up the Configurations as follows:
-- Click the Gear wheel at the top of the Ad-Aware window
-- Click General > Safety & Settings: Check (Green) all three.
-- Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
Don't run the scan yet!

* Please reboot your system into SAFE MODE.
°To get into the Windows Safe mode as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start hijackthis and click scan and put a checkmark next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\oarvc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\oarvc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\oarvc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\oarvc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\oarvc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\oarvc.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\oarvc.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\PROGRAM FILES\SUBMIT\SUBMITHOOK.DLL
O2 - BHO: Class - {C2A65EF9-4FC7-5F32-D9C1-09D83012C91D} - C:\WINDOWS\SYSTEM\NTSE.DLL
O2 - BHO: Class - {2127FF53-5214-A977-18E8-9B58B90C486C} - C:\WINDOWS\SYSTEM\CROS32.DLL
O2 - BHO: Class - {8955C38D-4C95-80AA-4D9C-204125ADD200} - C:\WINDOWS\CRFS.DLL
O2 - BHO: Class - {4588D32C-F606-D547-FA25-1F86D0D53C66} - C:\WINDOWS\SYSTEM\IEHV32.DLL
O2 - BHO: Class - {EAE93A50-B566-8AE6-4CF2-7070B758A27C} - C:\WINDOWS\WINXW.DLL
O2 - BHO: Class - {474BC714-CE9E-6D6E-EFD4-FC75E4F9B77C} - C:\WINDOWS\CRPL.DLL
O2 - BHO: Class - {3E6324FC-B7AB-3DED-C91E-FF44C25EDF8F} - C:\WINDOWS\SYSTEM\ATLAY.DLL
O2 - BHO: Class - {26D2DCB8-71C1-252A-D759-F55FEC431202} - C:\WINDOWS\SYSTEM\SDKFV.DLL
O2 - BHO: Class - {0033AAE9-55C7-41F3-F763-32B1DA16BE5C} - C:\WINDOWS\SYSTEM\MFCGP32.DLL
O2 - BHO: Class - {D9CDCA0F-2E12-6320-FED6-8817E123401F} - C:\WINDOWS\SYSTEM\APPEO.DLL
O2 - BHO: Class - {DF681A51-5F05-1F39-036E-D1C704F8F568} - C:\WINDOWS\IPOY32.DLL
O2 - BHO: Class - {6BE5C394-AA25-266E-D794-88256569CD9D} - C:\WINDOWS\D3RO32.DLL
O2 - BHO: Class - {C4843FF7-AE70-BF42-6057-827D9D3007CE} - C:\WINDOWS\APIJI32.DLL
O2 - BHO: Class - {263DE9FD-A5FF-1173-6483-3084AC7F97CC} - C:\WINDOWS\IEIF32.DLL
O2 - BHO: Class - {0D986CF8-2CE9-4F81-C868-236758D1D348} - C:\WINDOWS\SYSTEM\CRYU32.DLL
O2 - BHO: Class - {7AF4AA3B-0ABB-CC5A-EC47-788E8388DEE1} - C:\WINDOWS\SYSTEM\D3JG32.DLL
O2 - BHO: Class - {6516D1D3-6292-4788-0C0D-A114597B3DEF} - C:\WINDOWS\ADDOV32.DLL
O2 - BHO: Class - {008A3C3B-9249-57B4-CBC9-55AB9E690943} - C:\WINDOWS\SYSTEM\ADDCU32.DLL
O2 - BHO: Class - {2F9CF46E-EFF6-35CD-9CDA-BF02ABD0CAF6} - C:\WINDOWS\ATLCI32.DLL
O2 - BHO: Class - {90426D31-0395-9DA8-80E5-E0C2FD2B6F9C} - C:\WINDOWS\SYSTEM\CROV32.DLL
O2 - BHO: Class - {8EFE910F-0591-211F-7401-F737316026EE} - C:\WINDOWS\SYSTEM\JAVARN.DLL
O2 - BHO: Class - {58A38705-CB9F-7B61-F5FA-A70899B04378} - C:\WINDOWS\NTWA.DLL
O2 - BHO: Class - {EE0622B9-E1DD-2901-FB4F-F5C1BFA6825D} - C:\WINDOWS\SYSTEM\WINPI32.DLL
O2 - BHO: Class - {E644B589-2512-8BFF-D131-B550B1DC8F6A} - C:\WINDOWS\SYSTEM\SDKGK.DLL
O2 - BHO: Class - {A652C940-69E4-64E3-7AAF-435391F510CF} - C:\WINDOWS\SYSTEM\ATLJD32.DLL
O2 - BHO: Class - {28794D46-D75B-7CDB-21C3-65E69FD4B409} - C:\WINDOWS\SYSTEM\D3TU32.DLL
O2 - BHO: Class - {31C94FA3-13E4-1D4B-B350-6A09F9B4EDDA} - C:\WINDOWS\SYSVJ.DLL
O2 - BHO: Class - {F82291F5-36E0-4F75-AC50-26ED7715CF32} - C:\WINDOWS\SYSTEM\ADDSI.DLL
O2 - BHO: Class - {2FC5C0C4-3F0A-6E09-E41D-7CD05875884C} - C:\WINDOWS\IPRG32.DLL
O2 - BHO: Class - {01083C96-E7FB-D9DC-2583-A48F318E60CB} - C:\WINDOWS\APIOE.DLL
O2 - BHO: Class - {C8BBF9F2-5F1D-686C-B265-A0082E15F49B} - C:\WINDOWS\JAVAOI32.DLL
O2 - BHO: Class - {934F52F5-7431-6F8D-CF03-508A60646BCC} - C:\WINDOWS\IEFQ.DLL
O2 - BHO: Class - {B6169D6A-232D-595E-E6F2-7792C942DCAB} - C:\WINDOWS\SYSTEM\IESE32.DLL
O2 - BHO: Class - {CBAEF3F4-4602-ADD1-E400-F5E4309098A2} - C:\WINDOWS\APPXZ32.DLL
O2 - BHO: Class - {14A89499-E461-38DD-211A-FDE8764A8C67} - C:\WINDOWS\SYSTEM\D3AL32.DLL
O2 - BHO: Class - {71546271-3F01-C594-3A14-A3F2347D0658} - C:\WINDOWS\SDKHD32.DLL
O2 - BHO: Class - {FF3B84BF-172F-490A-EADC-AFDD0366F962} - C:\WINDOWS\APPJU32.DLL
O2 - BHO: Class - {2292BD18-3B6B-01F7-6D6E-CA1A2CB8FE64} - C:\WINDOWS\NETDR.DLL
O2 - BHO: Class - {82935B53-C07A-4321-2D6B-1BEFEDF758BE} - C:\WINDOWS\SYSTEM\D3BM.DLL
O2 - BHO: Class - {60CC4012-F1EA-B05A-C3B6-B0884B04256A} - C:\WINDOWS\SYSTEM\IPYN32.DLL
O2 - BHO: Class - {A958A169-D483-E7DE-21B6-16C6778544A6} - C:\WINDOWS\SYSTEM\SDKVS.DLL
O2 - BHO: Class - {A2062505-899C-063F-015E-9628483A0E16} - C:\WINDOWS\SYSTEM\APPSK.DLL
O2 - BHO: Class - {8F847879-40F7-B232-AEC5-D3214B36C965} - C:\WINDOWS\ADDEQ32.DLL
O2 - BHO: Class - {44D6E07C-653A-2AAB-E15E-C8A8D058A69A} - C:\WINDOWS\SYSTEM\CRFZ.DLL
O2 - BHO: Class - {90322B92-7595-8451-4FC8-CF6E0A650624} - C:\WINDOWS\SYSTEM\SYSYW32.DLL
O2 - BHO: Class - {13DF5395-818A-427D-8E89-35E89CB935C1} - C:\WINDOWS\SYSTEM\ADDIJ.DLL
O2 - BHO: Class - {7153C74E-9AA0-9071-5E42-A4F5204E058F} - C:\WINDOWS\MSDJ.DLL
O2 - BHO: Class - {BCCFD00A-DDB3-66B0-CF24-AB063F02A5F2} - C:\WINDOWS\NTDU.DLL
O2 - BHO: Class - {6A3B8508-1270-2B62-9ACB-B499FEAE3120} - C:\WINDOWS\SYSTEM\D3SG.DLL
O2 - BHO: Class - {458BEC00-7562-DFA4-7AE7-FA25EC402DAC} - C:\WINDOWS\SYSTEM\SYSUT32.DLL
O2 - BHO: Class - {456AA758-A6D4-3D40-97CC-BE10CAAF3EEA} - C:\WINDOWS\SYSTEM\JAVALI32.DLL
O2 - BHO: Class - {94BE3C40-321F-9253-6C8E-FD536B1C7FC2} - C:\WINDOWS\SYSTEM\JAVACG32.DLL
O2 - BHO: Class - {AA0CF52E-7A00-E379-F181-70AF79966EC6} - C:\WINDOWS\SYSTEM\MSSO32.DLL
O2 - BHO: Class - {B9E4D006-7A30-6772-18E7-A2C7B4E14473} - C:\WINDOWS\JAVADS.DLL
O2 - BHO: Class - {27853C2B-D24E-079E-B564-942AA78CEDD4} - C:\WINDOWS\SYSTEM\APIBS.DLL
O2 - BHO: Class - {DD9BFA8F-A5CC-8F6E-F806-0A8CBA44772D} - C:\WINDOWS\SYSTEM\D3HJ.DLL
O2 - BHO: Class - {1770D985-41E8-2FD2-FF5E-48174D0063CF} - C:\WINDOWS\SYSTEM\ADDTL.DLL
O2 - BHO: Class - {93818BC9-D266-1EB9-EDFE-1C682654EE66} - C:\WINDOWS\ATLNE.DLL
O2 - BHO: Class - {991DF816-06EC-05DF-D306-F828A69AEF22} - C:\WINDOWS\NETUI32.DLL
O2 - BHO: Class - {78678C67-58D1-BFFC-FA43-DCB83006E6E6} - C:\WINDOWS\NETZG32.DLL
O2 - BHO: Class - {4D565645-6197-E88E-7087-D53B8E933D07} - C:\WINDOWS\SYSTEM\APPUH.DLL
O2 - BHO: Class - {093680F4-6D7A-144A-D33E-DC9B538D581B} - C:\WINDOWS\SYSTEM\JAVARZ32.DLL
O2 - BHO: Class - {EE5CF572-2A44-0143-F263-4625430E6551} - C:\WINDOWS\ADDBV32.DLL
O2 - BHO: Class - {26EAEA9A-0AE9-BBF9-7DBE-948F7AADCAC6} - C:\WINDOWS\SYSTEM\IPFL.DLL
O2 - BHO: Class - {E97E5AE0-29D6-7DFA-7E92-29CC5D770DA3} - C:\WINDOWS\IPHO32.DLL
O2 - BHO: Class - {04D1DF3C-C625-0315-0875-A232686AFD1F} - C:\WINDOWS\SYSTEM\APIQF32.DLL
O2 - BHO: Class - {44FC8C96-DD01-37F9-B782-F4CDFEF1A1C8} - C:\WINDOWS\SYSTEM\NTIS.DLL
O2 - BHO: Class - {7CF3DE07-F033-20B9-DF3E-032F8C4EDA3B} - C:\WINDOWS\SYSTEM\ADDYB32.DLL
O2 - BHO: Class - {3E29B368-01E7-2037-A0E6-6F97B79FA801} - C:\WINDOWS\SYSTEM\MFCBZ32.DLL
O2 - BHO: Class - {6449F8FB-2D9F-4038-901E-46002846D2B7} - C:\WINDOWS\SYSTEM\ADDPF32.DLL
O2 - BHO: Class - {66DC5AD1-B874-3EB5-D86F-AE8806756557} - C:\WINDOWS\IEFA.DLL
O2 - BHO: Class - {32647596-213A-8327-EDB5-24A45C5C5E36} - C:\WINDOWS\SDKKW.DLL
O2 - BHO: Class - {A72DA518-41F3-C894-F46E-42E7280D77E4} - C:\WINDOWS\SYSTEM\ATLSI32.DLL
O2 - BHO: Class - {6CF47EBD-F47F-F256-5877-09354850D9FC} - C:\WINDOWS\CRCD.DLL
O2 - BHO: Class - {8E791205-E0B5-2600-EEB9-32CAB7717620} - C:\WINDOWS\JAVAQH.DLL
O2 - BHO: Class - {19597D9F-B88E-697E-D763-E9940650A73C} - C:\WINDOWS\SYSTEM\WINUZ32.DLL
O2 - BHO: Class - {353A2FBE-089A-FCCA-C5BA-394F769B353F} - C:\WINDOWS\SYSTEM\MSQH.DLL
O2 - BHO: Class - {E7FCD046-7EFA-EC37-9814-C95DD24FA232} - C:\WINDOWS\NETJU.DLL
O2 - BHO: Class - {875B4CD1-0BF3-E6A9-2A50-67BB4B403435} - C:\WINDOWS\ADDDV32.DLL
O2 - BHO: Class - {8E9FD882-908D-2B7C-2FF8-25671EC42598} - C:\WINDOWS\SYSTEM\MFCRW32.DLL
O2 - BHO: Class - {CFDEDD7B-3C68-3EA9-44F9-80368394C67C} - C:\WINDOWS\JAVAUS.DLL
O2 - BHO: Class - {C2E0B279-5970-A3D1-B0AB-50937597E089} - C:\WINDOWS\JAVAFU32.DLL
O2 - BHO: Class - {ED1F3DC8-6028-5621-EAE8-8F5FDFA8C76A} - C:\WINDOWS\SYSTEM\JAVAKS32.DLL
O2 - BHO: Class - {0597D537-86A0-08BE-1BB8-7597D9D9FE0A} - C:\WINDOWS\ATLEL.DLL
O2 - BHO: Class - {588E9107-C2D3-E0FF-D067-E37707B28CEA} - C:\WINDOWS\IPSK32.DLL
O2 - BHO: Class - {FE0AC8A6-1206-1F84-6453-4D4D61EF27E8} - C:\WINDOWS\SYSTEM\NTWU32.DLL
O2 - BHO: Class - {A5B223E5-0E73-9AC9-758C-41988A18DD24} - C:\WINDOWS\SYSTEM\APIKR.DLL
O2 - BHO: Class - {2A84CAD2-B123-6B06-880C-0055BDCCF0FE} - C:\WINDOWS\SYSTEM\MFCVN32.DLL
O2 - BHO: Class - {9114570A-A3BD-1492-E6A7-9F9C0C0F0D7A} - C:\WINDOWS\APPSH32.DLL
O2 - BHO: Class - {4C94038E-E594-8956-8F78-1007DB13CE40} - C:\WINDOWS\SYSTEM\SYSKI32.DLL
O2 - BHO: Class - {5BA8ED10-55C0-B29D-A8F3-E37E146D4B4A} - C:\WINDOWS\SYSTEM\MFCKD32.DLL
O2 - BHO: Class - {F322AB0B-621C-11A3-B1AE-7A7FC2B40350} - C:\WINDOWS\MFCOC.DLL
O2 - BHO: Class - {6B116755-D849-210C-3AF2-257149A82882} - C:\WINDOWS\NTZJ32.DLL
O2 - BHO: Class - {E43E7E04-6264-19E3-CABC-9B791F6F5078} - C:\WINDOWS\MSXA32.DLL
O2 - BHO: Class - {0C46C72F-75AC-E403-AC2F-A5CE6740682F} - C:\WINDOWS\SYSTEM\NETRU.DLL
O2 - BHO: Class - {9847DDAA-B073-1B12-1D01-BB4E38F69B5A} - C:\WINDOWS\SYSTEM\APPLZ.DLL
O2 - BHO: Class - {A40E210D-44F7-33DE-2D6C-292A6520AB82} - C:\WINDOWS\WINPR32.DLL
O2 - BHO: Class - {E8A17D47-9FBA-94B1-2B60-4B4FA0C145A3} - C:\WINDOWS\SYSWO.DLL
O2 - BHO: Class - {7B7B6E94-D1DE-C5B2-4825-1995BB271426} - C:\WINDOWS\SDKMI.DLL
O2 - BHO: Class - {CC3A504B-41DE-5145-BA59-63AEDFBC89C3} - C:\WINDOWS\SYSTEM\NETQV.DLL
O2 - BHO: Class - {4572B4C5-5DD0-E0C1-E935-4A5F6D06763D} - C:\WINDOWS\SYSTEM\SDKJM.DLL
O2 - BHO: Class - {2ECEA165-3F6C-E79E-43DA-6E7B4C708792} - C:\WINDOWS\SYSTEM\IPLF32.DLL
O2 - BHO: Class - {3671C517-3B6E-EAD9-6286-2A7FD1E82C95} - C:\WINDOWS\SYSTEM\WINIK.DLL
O2 - BHO: Class - {908708BE-F6FE-44B2-B1E5-D54BD8779D62} - C:\WINDOWS\ADDYQ.DLL
O2 - BHO: Class - {79E0B318-002C-7903-30CE-486F72CDF957} - C:\WINDOWS\SYSTEM\SYSEM.DLL
O2 - BHO: Class - {2072E213-9FA4-3F02-F765-41EAC5FEE389} - C:\WINDOWS\MSNL.DLL
O2 - BHO: Class - {17FC710D-C0F3-9F8F-B630-C6A396F77B7E} - C:\WINDOWS\SYSHV32.DLL
O2 - BHO: Class - {78BF06AA-3AE7-6D4E-7648-D1DEE433B86D} - C:\WINDOWS\SYSTEM\CRFU32.DLL
O2 - BHO: Class - {AA2057A8-B033-5FED-DE09-9933A49F9AED} - C:\WINDOWS\NETIX32.DLL
O2 - BHO: Class - {6279117F-EA7F-BEE3-52DD-22B0427914A6} - C:\WINDOWS\IEXR.DLL
O2 - BHO: Class - {13E8464A-2089-4AA1-300B-F7BC0B335C69} - C:\WINDOWS\SYSTEM\MSLI.DLL
O2 - BHO: Class - {F9DB070D-5394-0723-F5DA-646C713E9FE2} - C:\WINDOWS\JAVANI32.DLL
O2 - BHO: Class - {A9B5AF4E-E897-1C45-D86D-9A80E109CAE7} - C:\WINDOWS\SYSTEM\IPSP32.DLL
O2 - BHO: Class - {2B52B4D3-47B4-FC73-8508-9709FDECF270} - C:\WINDOWS\SYSTEM\JAVAHB.DLL
O2 - BHO: Class - {236770E7-E878-8704-8A5E-45616824DA7F} - C:\WINDOWS\SYSTEM\MSHC.DLL
O2 - BHO: Class - {057280C0-DC99-4451-907E-A5E66309D3E5} - C:\WINDOWS\SYSTEM\ATLNU.DLL
O2 - BHO: Class - {214827F0-3D1E-01DE-2873-544D6D4CEBAA} - C:\WINDOWS\WINBG32.DLL
O2 - BHO: Class - {D19325BB-4FA3-12F7-E15D-4A2FBE154324} - C:\WINDOWS\SYSTEM\SDKHM32.DLL
O2 - BHO: Class - {236A52A4-0D6B-4284-F174-EB78C9872A68} - C:\WINDOWS\APPPB.DLL
O2 - BHO: Class - {57340397-5850-0278-7CAC-2B318AEA3D9A} - C:\WINDOWS\APPBF32.DLL
O2 - BHO: Class - {D26AF2AB-0F2A-822B-1267-109C8769FEDC} - C:\WINDOWS\MSKM.DLL
O2 - BHO: Class - {30A66C85-5AF5-1B9D-03A3-66F9AD0D9FE1} - C:\WINDOWS\SYSTEM\NTIG.DLL
O2 - BHO: Class - {3F168309-460C-3C13-633D-8B2D81732BD0} - C:\WINDOWS\APIGE.DLL
O2 - BHO: Class - {D300964A-6315-E22B-E5B5-16768794DF6D} - C:\WINDOWS\NETGN32.DLL
O2 - BHO: Class - {E7057D74-9366-EDCC-5B55-8D1F5F0B2823} - C:\WINDOWS\SYSTEM\D3KD32.DLL
O2 - BHO: Class - {5FF9D913-AF6D-6D79-5A3A-75BA7425C8DF} - C:\WINDOWS\D3SN32.DLL
O2 - BHO: Class - {EC15F4E3-8B04-146F-F290-13F33AB877B1} - C:\WINDOWS\NTVL.DLL
O2 - BHO: Class - {78BDA9AC-5B7C-DF76-EB74-464C7B32E142} - C:\WINDOWS\SYSTEM\MSBL.DLL
O2 - BHO: Class - {B36BF8D0-78A6-6627-C70B-89B4CE7916F8} - C:\WINDOWS\IEJZ.DLL
O2 - BHO: Class - {9D9A4011-CF19-AA74-08CA-6E9FB408C988} - C:\WINDOWS\SYSTEM\APPJX32.DLL
O2 - BHO: Class - {DA6A99B0-00AD-2CD1-C021-2CCE5CE744E3} - C:\WINDOWS\ATLZD.DLL
O2 - BHO: Class - {878A81B0-C10A-9380-C3B6-89A99E2C869B} - C:\WINDOWS\APITA32.DLL
O2 - BHO: Class - {CBD49121-A8EF-D345-CCFF-038BD5FDDEA9} - C:\WINDOWS\WINEO.DLL
O2 - BHO: Class - {19B907F0-A6CA-BB49-9C14-FD51E9541ECD} - C:\WINDOWS\D3IU32.DLL
O2 - BHO: Class - {D6036847-0CE9-CD98-8490-CBE09650BB49} - C:\WINDOWS\WINLQ.DLL
O2 - BHO: Class - {A757209F-1F9F-F6A7-A30C-E09315CE6233} - C:\WINDOWS\NTLF32.DLL
O2 - BHO: Class - {795C4F6D-8709-7CDE-2594-4B088D22936D} - C:\WINDOWS\SDKZT32.DLL
O2 - BHO: Class - {A52341BA-BE38-0B92-7349-0153C401D02C} - C:\WINDOWS\SYSTEM\IPUN.DLL
O2 - BHO: Class - {72E235C2-802F-1CA0-B24E-5FC67932116C} - C:\WINDOWS\SYSTEM\WINEU.DLL
O2 - BHO: Class - {B9F72B1E-1C8C-5929-9846-89621C14AA3E} - C:\WINDOWS\SYSTEM\APIZE32.DLL
O2 - BHO: Class - {61F79F8B-D46D-50B2-7E7F-60D809E68EAE} - C:\WINDOWS\APPVX.DLL
O2 - BHO: Class - {68F0E283-684D-FC42-3C24-C144CBB27B3F} - C:\WINDOWS\SYSTEM\ATLIW.DLL
O2 - BHO: Class - {9A97F267-F986-B2AB-F3F4-CDBF9FDD26AF} - C:\WINDOWS\SYSTEM\CRQE.DLL
O2 - BHO: Class - {8CAF6BFD-EB62-A647-4A21-D1B6ED772B29} - C:\WINDOWS\SYSTEM\MSBI.DLL
O2 - BHO: Class - {6B10CE97-0404-CE37-A21D-4A74318C961A} - C:\WINDOWS\D3LS32.DLL
O2 - BHO: Class - {2E36916B-B262-B592-1178-8FF15F1A1514} - C:\WINDOWS\SYSTEM\JAVAWA.DLL
O2 - BHO: Class - {A7030A8B-81B1-9908-1971-009E47C24FCA} - C:\WINDOWS\NETTQ.DLL
O2 - BHO: Class - {ADF83008-D033-75CF-F558-8F5FD25A0CAC} - C:\WINDOWS\SYSTEM\SYSXV32.DLL
O2 - BHO: Class - {211B99E0-F1C1-1D55-58EC-0AF23546E627} - C:\WINDOWS\SYSTEM\SYSXE32.DLL
O2 - BHO: Class - {8D40A014-F240-A3E9-52B2-907E3A6D3B6B} - C:\WINDOWS\SYSTEM\ADDQG.DLL
O2 - BHO: Class - {F2B52E04-55B6-4EE4-F4E3-8D292B1044D6} - C:\WINDOWS\SYSTEM\JAVATI.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_1.DLL (file missing)
O4 - HKLM\..\Run: [IELM.EXE] C:\WINDOWS\SYSTEM\IELM.EXE
O4 - HKLM\..\RunServices: [D3GW.EXE] C:\WINDOWS\D3GW.EXE
O4 - HKLM\..\RunServices: [ATLYY.EXE] C:\WINDOWS\ATLYY.EXE /s
O4 - HKLM\..\RunServices: [D3JZ32.EXE] C:\WINDOWS\D3JZ32.EXE /s
O4 - HKLM\..\RunServices: [APPWJ32.EXE] C:\WINDOWS\APPWJ32.EXE /s
O4 - HKLM\..\RunServices: [SDKCU32.EXE] C:\WINDOWS\SDKCU32.EXE /s
O4 - HKLM\..\RunServices: [JAVATR32.EXE] C:\WINDOWS\SYSTEM\JAVATR32.EXE /s
O4 - HKLM\..\RunServices: [MSGR32.EXE] C:\WINDOWS\SYSTEM\MSGR32.EXE /s
O4 - HKLM\..\RunServices: [SDKBU32.EXE] C:\WINDOWS\SDKBU32.EXE /s


* Close all open windows except hijackthis and click 'Fix Checked'.

* Navigate to and delete the following files if present:

C:\WINDOWS\ATLYY.EXE
C:\WINDOWS\D3JZ32.EXE
C:\WINDOWS\APPWJ32.EXE
C:\WINDOWS\SDKCU32.EXE
C:\WINDOWS\SYSTEM\JAVATR32.EXE
C:\WINDOWS\SYSTEM\MSGR32.EXE
C:\WINDOWS\SDKBU32.EXE
C:\WINDOWS\D3GW.EXE
C:\WINDOWS\SYSTEM\IELM.EXE

* Start Aboutbuster and let it scan.
Let it scan a second and third time until everything is gone.

* Still in safe mode start Ccleaner.
click "Options", click the "Advanced" tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Click "Cleaner" and click Run Cleaner (bottom right)

* Open Adaware SE.

Click "Scan Now"
Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
Select "Search for low-risk threats"
Run the scanner using the Full Scan (Perform full system scan) mode.
When the scan has completed, select Next.
In the Scanning Results window, select the "Scan Summary" tab.
Check the box next to each "target family" you wish to remove.
Click next > Click OK.

REBOOT your computer.
After reboot..
* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report together with a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:19 AM

Posted 29 December 2005 - 01:47 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users