• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
memdog

Hijack this log file

5 posts in this topic

C:\WINDOWS\kdx\KHost.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\DIGStream\digstream.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\sdkji.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Corel\Suite8\Programs\DAD8.EXE

C:\Program Files\Common Files\Skyscape\smARTupdate.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Robert\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

 

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {408A38D3-8F90-3682-07E0-801204F76847} - C:\WINDOWS\ieui32.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup

O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sdkji.exe] C:\WINDOWS\system32\sdkji.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKLM\..\RunOnce: [ntcx.exe] C:\WINDOWS\system32\ntcx.exe

O4 - HKLM\..\RunOnce: [winme32.exe] C:\WINDOWS\system32\winme32.exe

O4 - HKLM\..\RunOnce: [atlwz32.exe] C:\WINDOWS\system32\atlwz32.exe

O4 - HKLM\..\RunOnce: [d3fd32.exe] C:\WINDOWS\system32\d3fd32.exe

O4 - HKLM\..\RunOnce: [ipal32.exe] C:\WINDOWS\ipal32.exe

O4 - HKLM\..\RunOnce: [ielj.exe] C:\WINDOWS\system32\ielj.exe

O4 - HKLM\..\RunOnce: [sdklu.exe] C:\WINDOWS\system32\sdklu.exe

O4 - HKLM\..\RunOnce: [apinx32.exe] C:\WINDOWS\apinx32.exe

O4 - HKLM\..\RunOnce: [atlvr.exe] C:\WINDOWS\atlvr.exe

O4 - HKLM\..\RunOnce: [mstw.exe] C:\WINDOWS\mstw.exe

O4 - HKLM\..\RunOnce: [addin32.exe] C:\WINDOWS\addin32.exe

O4 - HKLM\..\RunOnce: [netka.exe] C:\WINDOWS\netka.exe

O4 - HKLM\..\RunOnce: [ipqb.exe] C:\WINDOWS\system32\ipqb.exe

O4 - HKLM\..\RunOnce: [msvg.exe] C:\WINDOWS\msvg.exe

O4 - HKLM\..\RunOnce: [sdksq32.exe] C:\WINDOWS\system32\sdksq32.exe

O4 - HKLM\..\RunOnce: [iech.exe] C:\WINDOWS\iech.exe

O4 - HKLM\..\RunOnce: [ntwm.exe] C:\WINDOWS\ntwm.exe

O4 - HKLM\..\RunOnce: [iped.exe] C:\WINDOWS\iped.exe

O4 - HKLM\..\RunOnce: [sdkvu32.exe] C:\WINDOWS\system32\sdkvu32.exe

O4 - HKLM\..\RunOnce: [addcw32.exe] C:\WINDOWS\system32\addcw32.exe

O4 - HKLM\..\RunOnce: [msvd.exe] C:\WINDOWS\system32\msvd.exe

O4 - HKLM\..\RunOnce: [sdkne32.exe] C:\WINDOWS\system32\sdkne32.exe

O4 - HKLM\..\RunOnce: [appzx32.exe] C:\WINDOWS\appzx32.exe

O4 - HKLM\..\RunOnce: [sdkpq.exe] C:\WINDOWS\system32\sdkpq.exe

O4 - HKLM\..\RunOnce: [winsi.exe] C:\WINDOWS\system32\winsi.exe

O4 - HKLM\..\RunOnce: [javavo.exe] C:\WINDOWS\javavo.exe

O4 - HKLM\..\RunOnce: [ipyl32.exe] C:\WINDOWS\ipyl32.exe

O4 - HKLM\..\RunOnce: [msbc32.exe] C:\WINDOWS\msbc32.exe

O4 - HKLM\..\RunOnce: [atllr32.exe] C:\WINDOWS\atllr32.exe

O4 - HKLM\..\RunOnce: [mfcsr.exe] C:\WINDOWS\system32\mfcsr.exe

O4 - HKLM\..\RunOnce: [ierc.exe] C:\WINDOWS\ierc.exe

O4 - HKLM\..\RunOnce: [mfcwd32.exe] C:\WINDOWS\system32\mfcwd32.exe

O4 - HKLM\..\RunOnce: [netoz.exe] C:\WINDOWS\system32\netoz.exe

O4 - HKLM\..\RunOnce: [winrf32.exe] C:\WINDOWS\winrf32.exe

O4 - HKLM\..\RunOnce: [appjd.exe] C:\WINDOWS\system32\appjd.exe

O4 - HKLM\..\RunOnce: [ntwo.exe] C:\WINDOWS\ntwo.exe

O4 - HKLM\..\RunOnce: [addka.exe] C:\WINDOWS\system32\addka.exe

O4 - HKLM\..\RunOnce: [winwi32.exe] C:\WINDOWS\system32\winwi32.exe

O4 - HKLM\..\RunOnce: [sdkjp32.exe] C:\WINDOWS\sdkjp32.exe

O4 - HKLM\..\RunOnce: [iejn.exe] C:\WINDOWS\iejn.exe

O4 - HKLM\..\RunOnce: [javanw.exe] C:\WINDOWS\javanw.exe

O4 - HKLM\..\RunOnce: [appwq.exe] C:\WINDOWS\appwq.exe

O4 - HKLM\..\RunOnce: [apprz.exe] C:\WINDOWS\system32\apprz.exe

O4 - HKLM\..\RunOnce: [javaxb.exe] C:\WINDOWS\system32\javaxb.exe

O4 - HKLM\..\RunOnce: [winip.exe] C:\WINDOWS\winip.exe

O4 - HKLM\..\RunOnce: [iest32.exe] C:\WINDOWS\iest32.exe

O4 - HKLM\..\RunOnce: [addcg.exe] C:\WINDOWS\addcg.exe

O4 - HKLM\..\RunOnce: [sdkpx32.exe] C:\WINDOWS\sdkpx32.exe

O4 - HKLM\..\RunOnce: [javaha32.exe] C:\WINDOWS\javaha32.exe

O4 - HKLM\..\RunOnce: [mfcjt32.exe] C:\WINDOWS\system32\mfcjt32.exe

O4 - HKLM\..\RunOnce: [d3ea32.exe] C:\WINDOWS\d3ea32.exe

O4 - HKLM\..\RunOnce: [javand.exe] C:\WINDOWS\javand.exe

O4 - HKLM\..\RunOnce: [addcs.exe] C:\WINDOWS\system32\addcs.exe

O4 - HKLM\..\RunOnce: [javamh32.exe] C:\WINDOWS\javamh32.exe

O4 - HKLM\..\RunOnce: [winxg32.exe] C:\WINDOWS\winxg32.exe

O4 - HKLM\..\RunOnce: [netxz.exe] C:\WINDOWS\netxz.exe

O4 - HKLM\..\RunOnce: [ntvr.exe] C:\WINDOWS\ntvr.exe

O4 - HKLM\..\RunOnce: [crgy.exe] C:\WINDOWS\system32\crgy.exe

O4 - HKLM\..\RunOnce: [sysdw32.exe] C:\WINDOWS\system32\sysdw32.exe

O4 - HKLM\..\RunOnce: [apifc.exe] C:\WINDOWS\apifc.exe

O4 - HKLM\..\RunOnce: [mfczs.exe] C:\WINDOWS\system32\mfczs.exe

O4 - HKLM\..\RunOnce: [d3zz32.exe] C:\WINDOWS\d3zz32.exe

O4 - HKLM\..\RunOnce: [mfcdh.exe] C:\WINDOWS\mfcdh.exe

O4 - HKLM\..\RunOnce: [appwh32.exe] C:\WINDOWS\appwh32.exe

O4 - HKLM\..\RunOnce: [msub.exe] C:\WINDOWS\msub.exe

O4 - HKLM\..\RunOnce: [winvb.exe] C:\WINDOWS\system32\winvb.exe

O4 - HKLM\..\RunOnce: [d3sc32.exe] C:\WINDOWS\system32\d3sc32.exe

O4 - HKLM\..\RunOnce: [sysbw32.exe] C:\WINDOWS\sysbw32.exe

O4 - HKLM\..\RunOnce: [iexi32.exe] C:\WINDOWS\system32\iexi32.exe

O4 - HKLM\..\RunOnce: [apirt32.exe] C:\WINDOWS\apirt32.exe

O4 - HKLM\..\RunOnce: [addag32.exe] C:\WINDOWS\system32\addag32.exe

O4 - HKLM\..\RunOnce: [crks.exe] C:\WINDOWS\system32\crks.exe

O4 - HKLM\..\RunOnce: [apimo32.exe] C:\WINDOWS\apimo32.exe

O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe

O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\MSOffice\Office10\OSA.EXE

O4 - Global Startup: VPN,(COLUMBIA UNIVERSITY & NYP) VPN CLIENT.lnk = C:\Program Files\Columbia University\CU & NYP VPN CLIENT\ipsecdialer.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOffice\Office10\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite (HKLM)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://mail13a.shu.edu/iNotes.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content-g.kontiki.com/kdx/v2.10/kon...current/kdx.cab

 

Can anyone help me figure out what's good an what's bad? I'm a novice at this. Thanks,

Memdog

Share this post


Link to post
Share on other sites

Hi memdog,

 

Please include the top part of your log so we can see what operating system details you have - that's very important to be able to help you :)

 

It will look something like this:

 

Logfile of HijackThis v1.98.0

Scan saved at 4:08:36 PM, on 7/10/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Make sure you have version 1.98.0 (see bolded entry above). If you have a lower version you need to update it and scan once more and post a fresh log please.

 

How to update HijackThis

Open HijackThis.exe and press *config* {bottom right corner} and then press *Misc. Tools* at the top. Next press *check for online update* and you should see version 1.98.0 available. Download that. Scan again and post a new log

 

P.S. If you have any problems getting the update. Simply delete your old version of HijackThis and download the new version from this link.

http://www.spywareinfo.com/~merijn/files/HijackThis.exe

 

or here:

http://www.majorgeeks.com/downloadget.php?...a8baee6434cfc13

Share this post


Link to post
Share on other sites

Downloaded newest version of Hijackthis. Here's the log. Any help/advice is greatly appreciated. Thanks.

 

Logfile of HijackThis v1.98.0

Scan saved at 5:49:17 AM, on 7/14/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Columbia University\CU & NYP VPN CLIENT\cvpnd.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\WINDOWS\System32\GEARSEC.EXE

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\apitq.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\devldr32.exe

C:\WINDOWS\system32\winfw.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE

C:\WINDOWS\kdx\KHost.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\DIGStream\digstream.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Corel\Suite8\Programs\DAD8.EXE

C:\Program Files\Common Files\Skyscape\smARTupdate.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\sdkpl.exe

C:\Hijack this\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gimsp.dll/sp.html#44272

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://gimsp.dll/index.html#44272

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://gimsp.dll/index.html#44272

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\gimsp.dll/sp.html#44272

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gimsp.dll/sp.html#44272

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://gimsp.dll/index.html#44272

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/1/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/w/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {B649C227-6B2C-5344-E8BD-AD0707AF831C} - C:\WINDOWS\system32\ierr32.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup

O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sdkji.exe] C:\WINDOWS\system32\sdkji.exe

O4 - HKLM\..\RunOnce: [msvd.exe] C:\WINDOWS\system32\msvd.exe

O4 - HKLM\..\RunOnce: [sdkne32.exe] C:\WINDOWS\system32\sdkne32.exe

O4 - HKLM\..\RunOnce: [appzx32.exe] C:\WINDOWS\appzx32.exe

O4 - HKLM\..\RunOnce: [sdkpq.exe] C:\WINDOWS\system32\sdkpq.exe

O4 - HKLM\..\RunOnce: [winsi.exe] C:\WINDOWS\system32\winsi.exe

O4 - HKLM\..\RunOnce: [javavo.exe] C:\WINDOWS\javavo.exe

O4 - HKLM\..\RunOnce: [ipyl32.exe] C:\WINDOWS\ipyl32.exe

O4 - HKLM\..\RunOnce: [msbc32.exe] C:\WINDOWS\msbc32.exe

O4 - HKLM\..\RunOnce: [atllr32.exe] C:\WINDOWS\atllr32.exe

O4 - HKLM\..\RunOnce: [mfcsr.exe] C:\WINDOWS\system32\mfcsr.exe

O4 - HKLM\..\RunOnce: [ierc.exe] C:\WINDOWS\ierc.exe

O4 - HKLM\..\RunOnce: [mfcwd32.exe] C:\WINDOWS\system32\mfcwd32.exe

O4 - HKLM\..\RunOnce: [netoz.exe] C:\WINDOWS\system32\netoz.exe

O4 - HKLM\..\RunOnce: [winrf32.exe] C:\WINDOWS\winrf32.exe

O4 - HKLM\..\RunOnce: [appjd.exe] C:\WINDOWS\system32\appjd.exe

O4 - HKLM\..\RunOnce: [ntwo.exe] C:\WINDOWS\ntwo.exe

O4 - HKLM\..\RunOnce: [addka.exe] C:\WINDOWS\system32\addka.exe

O4 - HKLM\..\RunOnce: [winwi32.exe] C:\WINDOWS\system32\winwi32.exe

O4 - HKLM\..\RunOnce: [sdkjp32.exe] C:\WINDOWS\sdkjp32.exe

O4 - HKLM\..\RunOnce: [iejn.exe] C:\WINDOWS\iejn.exe

O4 - HKLM\..\RunOnce: [javanw.exe] C:\WINDOWS\javanw.exe

O4 - HKLM\..\RunOnce: [appwq.exe] C:\WINDOWS\appwq.exe

O4 - HKLM\..\RunOnce: [apprz.exe] C:\WINDOWS\system32\apprz.exe

O4 - HKLM\..\RunOnce: [javaxb.exe] C:\WINDOWS\system32\javaxb.exe

O4 - HKLM\..\RunOnce: [winip.exe] C:\WINDOWS\winip.exe

O4 - HKLM\..\RunOnce: [iest32.exe] C:\WINDOWS\iest32.exe

O4 - HKLM\..\RunOnce: [addcg.exe] C:\WINDOWS\addcg.exe

O4 - HKLM\..\RunOnce: [sdkpx32.exe] C:\WINDOWS\sdkpx32.exe

O4 - HKLM\..\RunOnce: [javaha32.exe] C:\WINDOWS\javaha32.exe

O4 - HKLM\..\RunOnce: [mfcjt32.exe] C:\WINDOWS\system32\mfcjt32.exe

O4 - HKLM\..\RunOnce: [d3ea32.exe] C:\WINDOWS\d3ea32.exe

O4 - HKLM\..\RunOnce: [javand.exe] C:\WINDOWS\javand.exe

O4 - HKLM\..\RunOnce: [addcs.exe] C:\WINDOWS\system32\addcs.exe

O4 - HKLM\..\RunOnce: [javamh32.exe] C:\WINDOWS\javamh32.exe

O4 - HKLM\..\RunOnce: [winxg32.exe] C:\WINDOWS\winxg32.exe

O4 - HKLM\..\RunOnce: [netxz.exe] C:\WINDOWS\netxz.exe

O4 - HKLM\..\RunOnce: [ntvr.exe] C:\WINDOWS\ntvr.exe

O4 - HKLM\..\RunOnce: [crgy.exe] C:\WINDOWS\system32\crgy.exe

O4 - HKLM\..\RunOnce: [sysdw32.exe] C:\WINDOWS\system32\sysdw32.exe

O4 - HKLM\..\RunOnce: [apifc.exe] C:\WINDOWS\apifc.exe

O4 - HKLM\..\RunOnce: [mfczs.exe] C:\WINDOWS\system32\mfczs.exe

O4 - HKLM\..\RunOnce: [d3zz32.exe] C:\WINDOWS\d3zz32.exe

O4 - HKLM\..\RunOnce: [mfcdh.exe] C:\WINDOWS\mfcdh.exe

O4 - HKLM\..\RunOnce: [appwh32.exe] C:\WINDOWS\appwh32.exe

O4 - HKLM\..\RunOnce: [msub.exe] C:\WINDOWS\msub.exe

O4 - HKLM\..\RunOnce: [winvb.exe] C:\WINDOWS\system32\winvb.exe

O4 - HKLM\..\RunOnce: [d3sc32.exe] C:\WINDOWS\system32\d3sc32.exe

O4 - HKLM\..\RunOnce: [sysbw32.exe] C:\WINDOWS\sysbw32.exe

O4 - HKLM\..\RunOnce: [iexi32.exe] C:\WINDOWS\system32\iexi32.exe

O4 - HKLM\..\RunOnce: [apirt32.exe] C:\WINDOWS\apirt32.exe

O4 - HKLM\..\RunOnce: [addag32.exe] C:\WINDOWS\system32\addag32.exe

O4 - HKLM\..\RunOnce: [crks.exe] C:\WINDOWS\system32\crks.exe

O4 - HKLM\..\RunOnce: [apimo32.exe] C:\WINDOWS\apimo32.exe

O4 - HKLM\..\RunOnce: [apiwo32.exe] C:\WINDOWS\system32\apiwo32.exe

O4 - HKLM\..\RunOnce: [atlsz.exe] C:\WINDOWS\system32\atlsz.exe

O4 - HKLM\..\RunOnce: [atlvp.exe] C:\WINDOWS\system32\atlvp.exe

O4 - HKLM\..\RunOnce: [sysnh.exe] C:\WINDOWS\system32\sysnh.exe

O4 - HKLM\..\RunOnce: [mfcng32.exe] C:\WINDOWS\system32\mfcng32.exe

O4 - HKLM\..\RunOnce: [addat.exe] C:\WINDOWS\system32\addat.exe

O4 - HKLM\..\RunOnce: [d3aq32.exe] C:\WINDOWS\system32\d3aq32.exe

O4 - HKLM\..\RunOnce: [d3hd.exe] C:\WINDOWS\system32\d3hd.exe

O4 - HKLM\..\RunOnce: [mfcum.exe] C:\WINDOWS\mfcum.exe

O4 - HKLM\..\RunOnce: [sdkdj32.exe] C:\WINDOWS\system32\sdkdj32.exe

O4 - HKLM\..\RunOnce: [addso.exe] C:\WINDOWS\system32\addso.exe

O4 - HKLM\..\RunOnce: [crxf.exe] C:\WINDOWS\system32\crxf.exe

O4 - HKLM\..\RunOnce: [sysni.exe] C:\WINDOWS\sysni.exe

O4 - HKLM\..\RunOnce: [appfj32.exe] C:\WINDOWS\appfj32.exe

O4 - HKLM\..\RunOnce: [winkt32.exe] C:\WINDOWS\winkt32.exe

O4 - HKLM\..\RunOnce: [sysvo.exe] C:\WINDOWS\sysvo.exe

O4 - HKLM\..\RunOnce: [iexp.exe] C:\WINDOWS\system32\iexp.exe

O4 - HKLM\..\RunOnce: [msfm32.exe] C:\WINDOWS\system32\msfm32.exe

O4 - HKLM\..\RunOnce: [javawc32.exe] C:\WINDOWS\javawc32.exe

O4 - HKLM\..\RunOnce: [sdkcn.exe] C:\WINDOWS\system32\sdkcn.exe

O4 - HKLM\..\RunOnce: [javavr.exe] C:\WINDOWS\javavr.exe

O4 - HKLM\..\RunOnce: [apitq.exe] C:\WINDOWS\apitq.exe

O4 - HKLM\..\RunOnce: [msrw.exe] C:\WINDOWS\system32\msrw.exe

O4 - HKLM\..\RunOnce: [winfw.exe] C:\WINDOWS\system32\winfw.exe

O4 - HKLM\..\RunOnce: [sdktw32.exe] C:\WINDOWS\sdktw32.exe

O4 - HKLM\..\RunOnce: [apilx32.exe] C:\WINDOWS\system32\apilx32.exe

O4 - HKLM\..\RunOnce: [msxf.exe] C:\WINDOWS\system32\msxf.exe

O4 - HKLM\..\RunOnce: [winkf32.exe] C:\WINDOWS\winkf32.exe

O4 - HKLM\..\RunOnce: [atlxt32.exe] C:\WINDOWS\atlxt32.exe

O4 - HKLM\..\RunOnce: [crad.exe] C:\WINDOWS\crad.exe

O4 - HKLM\..\RunOnce: [apiat32.exe] C:\WINDOWS\apiat32.exe

O4 - HKLM\..\RunOnce: [ntlu.exe] C:\WINDOWS\system32\ntlu.exe

O4 - HKLM\..\RunOnce: [sdkrp.exe] C:\WINDOWS\sdkrp.exe

O4 - HKLM\..\RunOnce: [sdkzh32.exe] C:\WINDOWS\sdkzh32.exe

O4 - HKLM\..\RunOnce: [appyj32.exe] C:\WINDOWS\system32\appyj32.exe

O4 - HKLM\..\RunOnce: [ielj.exe] C:\WINDOWS\system32\ielj.exe

O4 - HKLM\..\RunOnce: [sdklu.exe] C:\WINDOWS\system32\sdklu.exe

O4 - HKLM\..\RunOnce: [apinx32.exe] C:\WINDOWS\apinx32.exe

O4 - HKLM\..\RunOnce: [atlvr.exe] C:\WINDOWS\atlvr.exe

O4 - HKLM\..\RunOnce: [mstw.exe] C:\WINDOWS\mstw.exe

O4 - HKLM\..\RunOnce: [addin32.exe] C:\WINDOWS\addin32.exe

O4 - HKLM\..\RunOnce: [netka.exe] C:\WINDOWS\netka.exe

O4 - HKLM\..\RunOnce: [ipqb.exe] C:\WINDOWS\system32\ipqb.exe

O4 - HKLM\..\RunOnce: [msvg.exe] C:\WINDOWS\msvg.exe

O4 - HKLM\..\RunOnce: [sdksq32.exe] C:\WINDOWS\system32\sdksq32.exe

O4 - HKLM\..\RunOnce: [iech.exe] C:\WINDOWS\iech.exe

O4 - HKLM\..\RunOnce: [ntwm.exe] C:\WINDOWS\ntwm.exe

O4 - HKLM\..\RunOnce: [iekj32.exe] C:\WINDOWS\iekj32.exe

O4 - HKLM\..\RunOnce: [javapg.exe] C:\WINDOWS\system32\javapg.exe

O4 - HKLM\..\RunOnce: [ipdr.exe] C:\WINDOWS\system32\ipdr.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe

O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\MSOffice\Office10\OSA.EXE

O4 - Global Startup: VPN,(COLUMBIA UNIVERSITY & NYP) VPN CLIENT.lnk = C:\Program Files\Columbia University\CU & NYP VPN CLIENT\ipsecdialer.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOffice\Office10\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://mail13a.shu.edu/iNotes.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_02) - https://ny168amicas.cpmc.columbia.edu/plugi..._1_3_silent.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content-g.kontiki.com/kdx/v2.10/kon...current/kdx.cab

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

Share this post


Link to post
Share on other sites

1. Download this tool called AboutBuster http://www.downloads.subratam.org/AboutBuster.zip

 

Unzip it to your desktop but don't run it yet.

 

2. You already have Adaware installed. Make sure it's up to date. Just open Adaware and click on *Check for Updates Now* and then *Connect*. It will find a new reference-file. Click *ok* and let it download and install the updates by clicking on *Finish* .This will return you to the main screen. You should now see Reference File # : 01R332 12.07.2004 or higher listed.

 

3. Print out these instructions so you have them handy as most of the steps need to be done in safe mode and you may not be able to go online. Keep IE closed!!

 

4. Make sure your PC is configured to show hidden files

 

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"

Click "Apply" then "OK"

 

5. Next, go to Start->Run and type "Services.msc" (without quotes) then hit Ok

 

Scroll down and find the service called "Network Security Service". When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.

 

6. Reboot to Safe Mode

How to start the computer in Safe mode

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

 

7. Scan with Hijack This and put checks next to all the following, then click "Fix Checked"

This is a very long list. Please proceed with care so that you do not miss any - use the printout of these instructions I asked you to make above.

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gimsp.dll/sp.html#44272

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://gimsp.dll/index.html#44272

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://gimsp.dll/index.html#44272

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\gimsp.dll/sp.html#44272

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gimsp.dll/sp.html#44272

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://gimsp.dll/index.html#44272

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/1/search.html

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/w/search.html

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/

 

R3 - Default URLSearchHook is missing

 

O2 - BHO: (no name) - {B649C227-6B2C-5344-E8BD-AD0707AF831C} - C:\WINDOWS\system32\ierr32.dll

 

O4 - HKLM\..\Run: [sdkji.exe] C:\WINDOWS\system32\sdkji.exe

 

O4 - HKLM\..\RunOnce: [msvd.exe] C:\WINDOWS\system32\msvd.exe

 

O4 - HKLM\..\RunOnce: [sdkne32.exe] C:\WINDOWS\system32\sdkne32.exe

 

O4 - HKLM\..\RunOnce: [appzx32.exe] C:\WINDOWS\appzx32.exe

 

O4 - HKLM\..\RunOnce: [sdkpq.exe] C:\WINDOWS\system32\sdkpq.exe

 

O4 - HKLM\..\RunOnce: [winsi.exe] C:\WINDOWS\system32\winsi.exe

 

O4 - HKLM\..\RunOnce: [javavo.exe] C:\WINDOWS\javavo.exe

 

O4 - HKLM\..\RunOnce: [ipyl32.exe] C:\WINDOWS\ipyl32.exe

 

O4 - HKLM\..\RunOnce: [msbc32.exe] C:\WINDOWS\msbc32.exe

 

O4 - HKLM\..\RunOnce: [atllr32.exe] C:\WINDOWS\atllr32.exe

 

O4 - HKLM\..\RunOnce: [mfcsr.exe] C:\WINDOWS\system32\mfcsr.exe

 

O4 - HKLM\..\RunOnce: [ierc.exe] C:\WINDOWS\ierc.exe

 

O4 - HKLM\..\RunOnce: [mfcwd32.exe] C:\WINDOWS\system32\mfcwd32.exe

 

O4 - HKLM\..\RunOnce: [netoz.exe] C:\WINDOWS\system32\netoz.exe

 

O4 - HKLM\..\RunOnce: [winrf32.exe] C:\WINDOWS\winrf32.exe

 

O4 - HKLM\..\RunOnce: [appjd.exe] C:\WINDOWS\system32\appjd.exe

 

O4 - HKLM\..\RunOnce: [ntwo.exe] C:\WINDOWS\ntwo.exe

 

O4 - HKLM\..\RunOnce: [addka.exe] C:\WINDOWS\system32\addka.exe

 

O4 - HKLM\..\RunOnce: [winwi32.exe] C:\WINDOWS\system32\winwi32.exe

 

O4 - HKLM\..\RunOnce: [sdkjp32.exe] C:\WINDOWS\sdkjp32.exe

 

O4 - HKLM\..\RunOnce: [iejn.exe] C:\WINDOWS\iejn.exe

 

O4 - HKLM\..\RunOnce: [javanw.exe] C:\WINDOWS\javanw.exe

 

O4 - HKLM\..\RunOnce: [appwq.exe] C:\WINDOWS\appwq.exe

 

O4 - HKLM\..\RunOnce: [apprz.exe] C:\WINDOWS\system32\apprz.exe

 

O4 - HKLM\..\RunOnce: [javaxb.exe] C:\WINDOWS\system32\javaxb.exe

 

O4 - HKLM\..\RunOnce: [winip.exe] C:\WINDOWS\winip.exe

 

O4 - HKLM\..\RunOnce: [iest32.exe] C:\WINDOWS\iest32.exe

 

O4 - HKLM\..\RunOnce: [addcg.exe] C:\WINDOWS\addcg.exe

 

O4 - HKLM\..\RunOnce: [sdkpx32.exe] C:\WINDOWS\sdkpx32.exe

 

O4 - HKLM\..\RunOnce: [javaha32.exe] C:\WINDOWS\javaha32.exe

 

O4 - HKLM\..\RunOnce: [mfcjt32.exe] C:\WINDOWS\system32\mfcjt32.exe

 

O4 - HKLM\..\RunOnce: [d3ea32.exe] C:\WINDOWS\d3ea32.exe

 

O4 - HKLM\..\RunOnce: [javand.exe] C:\WINDOWS\javand.exe

 

O4 - HKLM\..\RunOnce: [addcs.exe] C:\WINDOWS\system32\addcs.exe

 

O4 - HKLM\..\RunOnce: [javamh32.exe] C:\WINDOWS\javamh32.exe

 

O4 - HKLM\..\RunOnce: [winxg32.exe] C:\WINDOWS\winxg32.exe

 

O4 - HKLM\..\RunOnce: [netxz.exe] C:\WINDOWS\netxz.exe

 

O4 - HKLM\..\RunOnce: [ntvr.exe] C:\WINDOWS\ntvr.exe

 

O4 - HKLM\..\RunOnce: [crgy.exe] C:\WINDOWS\system32\crgy.exe

 

O4 - HKLM\..\RunOnce: [sysdw32.exe] C:\WINDOWS\system32\sysdw32.exe

 

O4 - HKLM\..\RunOnce: [apifc.exe] C:\WINDOWS\apifc.exe

 

O4 - HKLM\..\RunOnce: [mfczs.exe] C:\WINDOWS\system32\mfczs.exe

 

O4 - HKLM\..\RunOnce: [d3zz32.exe] C:\WINDOWS\d3zz32.exe

 

O4 - HKLM\..\RunOnce: [mfcdh.exe] C:\WINDOWS\mfcdh.exe

 

O4 - HKLM\..\RunOnce: [appwh32.exe] C:\WINDOWS\appwh32.exe

 

O4 - HKLM\..\RunOnce: [msub.exe] C:\WINDOWS\msub.exe

 

O4 - HKLM\..\RunOnce: [winvb.exe] C:\WINDOWS\system32\winvb.exe

 

O4 - HKLM\..\RunOnce: [d3sc32.exe] C:\WINDOWS\system32\d3sc32.exe

 

O4 - HKLM\..\RunOnce: [sysbw32.exe] C:\WINDOWS\sysbw32.exe

 

O4 - HKLM\..\RunOnce: [iexi32.exe] C:\WINDOWS\system32\iexi32.exe

 

O4 - HKLM\..\RunOnce: [apirt32.exe] C:\WINDOWS\apirt32.exe

 

O4 - HKLM\..\RunOnce: [addag32.exe] C:\WINDOWS\system32\addag32.exe

 

O4 - HKLM\..\RunOnce: [crks.exe] C:\WINDOWS\system32\crks.exe

 

O4 - HKLM\..\RunOnce: [apimo32.exe] C:\WINDOWS\apimo32.exe

 

O4 - HKLM\..\RunOnce: [apiwo32.exe] C:\WINDOWS\system32\apiwo32.exe

 

O4 - HKLM\..\RunOnce: [atlsz.exe] C:\WINDOWS\system32\atlsz.exe

 

O4 - HKLM\..\RunOnce: [atlvp.exe] C:\WINDOWS\system32\atlvp.exe

 

O4 - HKLM\..\RunOnce: [sysnh.exe] C:\WINDOWS\system32\sysnh.exe

 

O4 - HKLM\..\RunOnce: [mfcng32.exe] C:\WINDOWS\system32\mfcng32.exe

 

O4 - HKLM\..\RunOnce: [addat.exe] C:\WINDOWS\system32\addat.exe

 

O4 - HKLM\..\RunOnce: [d3aq32.exe] C:\WINDOWS\system32\d3aq32.exe

 

O4 - HKLM\..\RunOnce: [d3hd.exe] C:\WINDOWS\system32\d3hd.exe

 

O4 - HKLM\..\RunOnce: [mfcum.exe] C:\WINDOWS\mfcum.exe

 

O4 - HKLM\..\RunOnce: [sdkdj32.exe] C:\WINDOWS\system32\sdkdj32.exe

 

O4 - HKLM\..\RunOnce: [addso.exe] C:\WINDOWS\system32\addso.exe

 

O4 - HKLM\..\RunOnce: [crxf.exe] C:\WINDOWS\system32\crxf.exe

 

O4 - HKLM\..\RunOnce: [sysni.exe] C:\WINDOWS\sysni.exe

 

O4 - HKLM\..\RunOnce: [appfj32.exe] C:\WINDOWS\appfj32.exe

 

O4 - HKLM\..\RunOnce: [winkt32.exe] C:\WINDOWS\winkt32.exe

 

O4 - HKLM\..\RunOnce: [sysvo.exe] C:\WINDOWS\sysvo.exe

 

O4 - HKLM\..\RunOnce: [iexp.exe] C:\WINDOWS\system32\iexp.exe

 

O4 - HKLM\..\RunOnce: [msfm32.exe] C:\WINDOWS\system32\msfm32.exe

 

O4 - HKLM\..\RunOnce: [javawc32.exe] C:\WINDOWS\javawc32.exe

 

O4 - HKLM\..\RunOnce: [sdkcn.exe] C:\WINDOWS\system32\sdkcn.exe

 

O4 - HKLM\..\RunOnce: [javavr.exe] C:\WINDOWS\javavr.exe

 

O4 - HKLM\..\RunOnce: [apitq.exe] C:\WINDOWS\apitq.exe

 

O4 - HKLM\..\RunOnce: [msrw.exe] C:\WINDOWS\system32\msrw.exe

 

O4 - HKLM\..\RunOnce: [winfw.exe] C:\WINDOWS\system32\winfw.exe

 

O4 - HKLM\..\RunOnce: [sdktw32.exe] C:\WINDOWS\sdktw32.exe

 

O4 - HKLM\..\RunOnce: [apilx32.exe] C:\WINDOWS\system32\apilx32.exe

 

O4 - HKLM\..\RunOnce: [msxf.exe] C:\WINDOWS\system32\msxf.exe

 

O4 - HKLM\..\RunOnce: [winkf32.exe] C:\WINDOWS\winkf32.exe

 

O4 - HKLM\..\RunOnce: [atlxt32.exe] C:\WINDOWS\atlxt32.exe

 

O4 - HKLM\..\RunOnce: [crad.exe] C:\WINDOWS\crad.exe

 

O4 - HKLM\..\RunOnce: [apiat32.exe] C:\WINDOWS\apiat32.exe

 

O4 - HKLM\..\RunOnce: [ntlu.exe] C:\WINDOWS\system32\ntlu.exe

 

O4 - HKLM\..\RunOnce: [sdkrp.exe] C:\WINDOWS\sdkrp.exe

 

O4 - HKLM\..\RunOnce: [sdkzh32.exe] C:\WINDOWS\sdkzh32.exe

 

O4 - HKLM\..\RunOnce: [appyj32.exe] C:\WINDOWS\system32\appyj32.exe

 

O4 - HKLM\..\RunOnce: [ielj.exe] C:\WINDOWS\system32\ielj.exe

 

O4 - HKLM\..\RunOnce: [sdklu.exe] C:\WINDOWS\system32\sdklu.exe

 

O4 - HKLM\..\RunOnce: [apinx32.exe] C:\WINDOWS\apinx32.exe

 

O4 - HKLM\..\RunOnce: [atlvr.exe] C:\WINDOWS\atlvr.exe

 

O4 - HKLM\..\RunOnce: [mstw.exe] C:\WINDOWS\mstw.exe

 

O4 - HKLM\..\RunOnce: [addin32.exe] C:\WINDOWS\addin32.exe

 

O4 - HKLM\..\RunOnce: [netka.exe] C:\WINDOWS\netka.exe

 

O4 - HKLM\..\RunOnce: [ipqb.exe] C:\WINDOWS\system32\ipqb.exe

 

O4 - HKLM\..\RunOnce: [msvg.exe] C:\WINDOWS\msvg.exe

 

O4 - HKLM\..\RunOnce: [sdksq32.exe] C:\WINDOWS\system32\sdksq32.exe

 

O4 - HKLM\..\RunOnce: [iech.exe] C:\WINDOWS\iech.exe

 

O4 - HKLM\..\RunOnce: [ntwm.exe] C:\WINDOWS\ntwm.exe

 

O4 - HKLM\..\RunOnce: [iekj32.exe] C:\WINDOWS\iekj32.exe

 

O4 - HKLM\..\RunOnce: [javapg.exe] C:\WINDOWS\system32\javapg.exe

 

O4 - HKLM\..\RunOnce: [ipdr.exe] C:\WINDOWS\system32\ipdr.exe

 

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dl

 

After checkmarking all of the above, don't forget to press the *fix checked* button. Then close HijackThis. Proceed to the file deletions list below.

 

and delete the following files if present. I have sorted these by the folder you will find them in. Please delete only the files that match exactly each name listed (do not be tempted to delete any file you find with a similar name - these mimic some valid windows files sometimes, so be sure you have the exact one before deleting).

 

Note: These files are in the Windows folder

C:\WINDOWS\addcg.exe

 

C:\WINDOWS\addin32.exe

 

C:\WINDOWS\apiat32.exe

 

C:\WINDOWS\apifc.exe

 

C:\WINDOWS\apimo32.exe

 

C:\WINDOWS\apinx32.exe

 

C:\WINDOWS\apirt32.exe

 

C:\WINDOWS\apitq.exe

 

C:\WINDOWS\appfj32.exe

 

C:\WINDOWS\appwh32.exe

 

C:\WINDOWS\appwq.exe

 

C:\WINDOWS\appzx32.exe

 

C:\WINDOWS\atllr32.exe

 

C:\WINDOWS\atlvr.exe

 

C:\WINDOWS\atlxt32.exe

 

C:\WINDOWS\crad.exe

 

C:\WINDOWS\d3ea32.exe

 

C:\WINDOWS\d3zz32.exe

 

C:\WINDOWS\iech.exe

 

C:\WINDOWS\iejn.exe

 

C:\WINDOWS\iekj32.exe

 

C:\WINDOWS\ierc.exe

 

C:\WINDOWS\iest32.exe

 

C:\WINDOWS\ipyl32.exe

 

C:\WINDOWS\javaha32.exe

 

C:\WINDOWS\javamh32.exe

 

C:\WINDOWS\javand.exe

 

C:\WINDOWS\javanw.exe

 

C:\WINDOWS\javavo.exe

 

C:\WINDOWS\javavr.exe

 

C:\WINDOWS\javawc32.exe

 

C:\WINDOWS\mfcdh.exe

 

C:\WINDOWS\mfcum.exe

 

C:\WINDOWS\msbc32.exe

 

C:\WINDOWS\msopt.dll

 

C:\WINDOWS\mstw.exe

 

C:\WINDOWS\msub.exe

 

C:\WINDOWS\msvg.exe

 

C:\WINDOWS\netka.exe

 

C:\WINDOWS\netxz.exe

 

C:\WINDOWS\ntvr.exe

 

C:\WINDOWS\ntwm.exe

 

C:\WINDOWS\ntwo.exe

 

C:\WINDOWS\sdkjp32.exe

 

C:\WINDOWS\sdkpl.exe

 

C:\WINDOWS\sdkpx32.exe

 

C:\WINDOWS\sdkrp.exe

 

C:\WINDOWS\sdktw32.exe

 

C:\WINDOWS\sdkzh32.exe

 

C:\WINDOWS\sysbw32.exe

 

C:\WINDOWS\sysni.exe

 

C:\WINDOWS\sysvo.exe

 

C:\WINDOWS\winip.exe

 

C:\WINDOWS\winkf32.exe

 

C:\WINDOWS\winkt32.exe

 

C:\WINDOWS\winrf32.exe

 

C:\WINDOWS\winxg32.exe

 

Note: These files are in the system32 folder

C:\WINDOWS\system32\addag32.exe

 

C:\WINDOWS\system32\addat.exe

 

C:\WINDOWS\system32\addcs.exe

 

C:\WINDOWS\system32\addka.exe

 

C:\WINDOWS\system32\addso.exe

 

C:\WINDOWS\system32\apilx32.exe

 

C:\WINDOWS\system32\apiwo32.exe

 

C:\WINDOWS\system32\appjd.exe

 

C:\WINDOWS\system32\apprz.exe

 

C:\WINDOWS\system32\appyj32.exe

 

C:\WINDOWS\system32\atlsz.exe

 

C:\WINDOWS\system32\atlvp.exe

 

C:\WINDOWS\system32\crgy.exe

 

C:\WINDOWS\system32\crks.exe

 

C:\WINDOWS\system32\crxf.exe

 

C:\WINDOWS\system32\d3aq32.exe

 

C:\WINDOWS\system32\d3hd.exe

 

C:\WINDOWS\system32\d3sc32.exe

 

C:\WINDOWS\system32\gimsp.dll

 

C:\WINDOWS\system32\ielj.exe

 

C:\WINDOWS\system32\ierr32.dll

 

C:\WINDOWS\system32\iexi32.exe

 

C:\WINDOWS\system32\iexp.exe

 

C:\WINDOWS\system32\ipdr.exe

 

C:\WINDOWS\system32\ipqb.exe

 

C:\WINDOWS\system32\javapg.exe

 

C:\WINDOWS\system32\javaxb.exe

 

C:\WINDOWS\system32\mfcjt32.exe

 

C:\WINDOWS\system32\mfcng32.exe

 

C:\WINDOWS\system32\mfcsr.exe

 

C:\WINDOWS\system32\mfcwd32.exe

 

C:\WINDOWS\system32\mfczs.exe

 

C:\WINDOWS\system32\msfm32.exe

 

C:\WINDOWS\system32\msrw.exe

 

C:\WINDOWS\system32\msvd.exe

 

C:\WINDOWS\system32\msxf.exe

 

C:\WINDOWS\system32\netoz.exe

 

C:\WINDOWS\system32\ntlu.exe

 

C:\WINDOWS\system32\sdkji.exe

 

C:\WINDOWS\system32\sdkcn.exe

 

C:\WINDOWS\system32\sdkdj32.exe

 

C:\WINDOWS\system32\sdklu.exe

 

C:\WINDOWS\system32\sdkne32.exe

 

C:\WINDOWS\system32\sdkpq.exe

 

C:\WINDOWS\system32\sdksq32.exe

 

C:\WINDOWS\system32\sysdw32.exe

 

C:\WINDOWS\system32\sysnh.exe

 

C:\WINDOWS\system32\winfw.exe

 

C:\WINDOWS\system32\winfw.exe

 

C:\WINDOWS\system32\winsi.exe

 

C:\WINDOWS\system32\winvb.exe

 

C:\WINDOWS\system32\winwi32.exe

 

8. Double click AboutBuster.exe that you downloaded earlier. Click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or word pad and save as a .txt file) and post a copy back here when you are done with all the steps.

 

9. Scan with Adaware and let it remove any bad files found.

 

10. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

 

Temporary Files

Temporary Internet Files

Recycle Bin

 

11. Reboot to normal mode, scan again with Hijack This and post a new log here.

 

12. NOTE: Please check your hosts file. Download the Hoster from here: http://members.aol.com/toadbee/hoster.zip

Press 'Restore Original Hosts' and press 'OK'

Exit Program.

Note: if you were using a custom Hosts file you will need to replace any of those entries yourself

........................................................

13. Additionally, Please check your ActiveX security settings. They may have been changed by this CWS variant to allow ALL ActiveX!! If they have been changed, reset your active x security settings in IE as recommended.

 

14. Finally, do an online scan at the following site. Let it remove any infected files found.

Trend Micro (PC-cillin) - Free on-line Scan

http://housecall.antivirus.com

 

Post a fresh HijackThis log and the AboutBuster report back here please.

Share this post


Link to post
Share on other sites

Jane,

 

Thanks a lot! No more pop-ups/browser problems, and much faster processing time! I think there may be still a few bad files in my system, so any additional help would be appreciated.

 

I couldn't figure out how to save the AboutBuster log, but it was huge; pages and pages of files removed. Here's my new Hijackthis log:

 

Logfile of HijackThis v1.98.0

Scan saved at 2:36:13 PM, on 7/18/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Columbia University\CU & NYP VPN CLIENT\cvpnd.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\WINDOWS\System32\GEARSEC.EXE

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE

C:\WINDOWS\kdx\KHost.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\DIGStream\digstream.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Corel\Suite8\Programs\DAD8.EXE

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

C:\Program Files\Common Files\Skyscape\smARTupdate.exe

C:\Hijack this\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/1/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup

O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe

O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

O4 - Global Startup: Microsoft Office.lnk = C:\MSOffice\Office10\OSA.EXE

O4 - Global Startup: VPN,(COLUMBIA UNIVERSITY & NYP) VPN CLIENT.lnk = C:\Program Files\Columbia University\CU & NYP VPN CLIENT\ipsecdialer.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOffice\Office10\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://mail13a.shu.edu/iNotes.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_02) - https://ny168amicas.cpmc.columbia.edu/plugi..._1_3_silent.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content-g.kontiki.com/kdx/v2.10/kon...current/kdx.cab

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0