MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Help with search extender removal
May 31, 2020, 01:06:36 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
May 31, 2020, 01:06:36 AM

Login with username, password and session length
 Featured Sites:
News
New  Looking for cheap hardware and/or software?
Visit our new Online Store where you will be able to purchase from a reputable vendor by country.
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Help with search extender removal  (Read 2193 times)
merr
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 3


Bookmark and Share

View Profile
« on: May 15, 2005, 12:41:53 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Windows ME
Problem Application Name & Version: Search Extender
Problem Hardware Make & Model: Dell Dimension 4100
Error Messages:



Hi, one of my family members loaded this piece of evil spyware onto my pc and now I cannot seem to get it off.  I've already used Spybot S&D, AdAware, and Cwshredder and they did not help with the problem.  I even reinstalled Windows but the popups keep appearing.  Any help would be much appreciated.  Thanks in advance!


Logfile of HijackThis v1.99.1
Scan saved at 8:38:30 PM, on 5/14/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MFCYP.EXE
C:\WINDOWS\SYSTEM\CRJB32.EXE
C:\WINDOWS\SYSTEM\NETMT.EXE
C:\WINDOWS\MSSO32.EXE
C:\WINDOWS\SYSTEM\CRNX32.EXE
C:\WINDOWS\SYSTEM\ADDSS.EXE
C:\WINDOWS\SYSTEM\IEGY.EXE
C:\WINDOWS\SYSTEM\MSNS32.EXE
C:\WINDOWS\SYSTEM\WINDM.EXE
C:\WINDOWS\SYSTEM\APIMY32.EXE
C:\WINDOWS\SYSTEM\NETRH32.EXE
C:\WINDOWS\SYSTEM\MSDG32.EXE
C:\WINDOWS\ATLMJ32.EXE
C:\WINDOWS\MSPC.EXE
C:\WINDOWS\NTUE.EXE
C:\WINDOWS\SYSTEM\ATLFV.EXE
C:\WINDOWS\SYSTEM\NETRR32.EXE
C:\WINDOWS\CRYU32.EXE
C:\WINDOWS\SYSTEM\CRPG.EXE
C:\WINDOWS\SYSTEM\NTUV.EXE
C:\WINDOWS\SYSTEM\NETJC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\VERIZON ONLINE\WINPOET\WINPPPOVERETHERNET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\IPOD\BIN\IPODMANAGER.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WINAY32.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE
C:\WINDOWS\CRYU32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\MFCYP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\MSSO32.EXE
C:\WINDOWS\SYSTEM\APIMY32.EXE
C:\WINDOWS\MSSO32.EXE
C:\WINDOWS\SYSTEM\APIMY32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\NETRH32.EXE
C:\WINDOWS\SYSTEM\MSNS32.EXE
C:\WINDOWS\SYSTEM\MSNS32.EXE
C:\WINDOWS\SYSTEM\ATLUV32.EXE
C:\WINDOWS\SYSTEM\MSNS32.EXE
C:\WINDOWS\SYSTEM\APIOX.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ivaql.dll/sp.html#44675
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ivaql.dll/sp.html#44675
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ivaql.dll/sp.html#44675
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ivaql.dll/sp.html#44675
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ivaql.dll/sp.html#44675
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ivaql.dll/sp.html#44675
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ivaql.dll/sp.html#44675
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://start.verizon.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {1BD1A184-C0A8-F960-EAAC-54D58C4F675B} - C:\WINDOWS\SYSTEM\IEXM32.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\IOMEGA~1\DIRECTCD.EXE
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CyberLat Ram Cleaner] C:\Program Files\CyberLat\CyberLat RAM Cleaner 2,0\CLRamCleaner.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.EXE -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\issch.exe" -start
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [ADDSM.EXE] C:\WINDOWS\SYSTEM\ADDSM.EXE
O4 - HKLM\..\Run: [MSGT32.EXE] C:\WINDOWS\SYSTEM\MSGT32.EXE
O4 - HKLM\..\Run: [WINAY32.EXE] C:\WINDOWS\SYSTEM\WINAY32.EXE
O4 - HKLM\..\Run: [NTEL32.EXE] C:\WINDOWS\SYSTEM\NTEL32.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE"
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [D3ZY.EXE] C:\WINDOWS\D3ZY.EXE /s
O4 - HKLM\..\RunServices: [ADDVH.EXE] C:\WINDOWS\SYSTEM\ADDVH.EXE /s
O4 - HKLM\..\RunServices: [MFCYP.EXE] C:\WINDOWS\SYSTEM\MFCYP.EXE /s
O4 - HKLM\..\RunServices: [CRJB32.EXE] C:\WINDOWS\SYSTEM\CRJB32.EXE /s
O4 - HKLM\..\RunServices: [NETMT.EXE] C:\WINDOWS\SYSTEM\NETMT.EXE /s
O4 - HKLM\..\RunServices: [MSSO32.EXE] C:\WINDOWS\MSSO32.EXE /s
O4 - HKLM\..\RunServices: [JAVAYU32.EXE] C:\WINDOWS\JAVAYU32.EXE /s
O4 - HKLM\..\RunServices: [CRNX32.EXE] C:\WINDOWS\SYSTEM\CRNX32.EXE /s
O4 - HKLM\..\RunServices: [ADDSS.EXE] C:\WINDOWS\SYSTEM\ADDSS.EXE /s
O4 - HKLM\..\RunServices: [IEGY.EXE] C:\WINDOWS\SYSTEM\IEGY.EXE /s
O4 - HKLM\..\RunServices: [MSNS32.EXE] C:\WINDOWS\SYSTEM\MSNS32.EXE /s
O4 - HKLM\..\RunServices: [WINDM.EXE] C:\WINDOWS\SYSTEM\WINDM.EXE /s
O4 - HKLM\..\RunServices: [APIMY32.EXE] C:\WINDOWS\SYSTEM\APIMY32.EXE /s
O4 - HKLM\..\RunServices: [NETRH32.EXE] C:\WINDOWS\SYSTEM\NETRH32.EXE /s
O4 - HKLM\..\RunServices: [MSDG32.EXE] C:\WINDOWS\SYSTEM\MSDG32.EXE /s
O4 - HKLM\..\RunServices: [ATLMJ32.EXE] C:\WINDOWS\ATLMJ32.EXE /s
O4 - HKLM\..\RunServices: [MSPC.EXE] C:\WINDOWS\MSPC.EXE /s
O4 - HKLM\..\RunServices: [NTUE.EXE] C:\WINDOWS\NTUE.EXE /s
O4 - HKLM\..\RunServices: [ATLFV.EXE] C:\WINDOWS\SYSTEM\ATLFV.EXE /s
O4 - HKLM\..\RunServices: [NETRR32.EXE] C:\WINDOWS\SYSTEM\NETRR32.EXE /s
O4 - HKLM\..\RunServices: [CRYU32.EXE] C:\WINDOWS\CRYU32.EXE /s
O4 - HKLM\..\RunServices: [CRPG.EXE] C:\WINDOWS\SYSTEM\CRPG.EXE /s
O4 - HKLM\..\RunServices: [NTUV.EXE] C:\WINDOWS\SYSTEM\NTUV.EXE /s
O4 - HKLM\..\RunServices: [NETJC.EXE] C:\WINDOWS\SYSTEM\NETJC.EXE /s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ATLUV32.EXE] C:\WINDOWS\SYSTEM\ATLUV32.EXE /s
O4 - HKLM\..\RunServices: [APIOX.EXE] C:\WINDOWS\SYSTEM\APIOX.EXE /s
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VERIZON ONLINE.LNK = C:\Program Files\Verizon Online\VOLSW\Verizon Online.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Download with &FD - C:\PROGRAM FILES\FRESHDEVICES\FRESHDOWNLOAD\fdiectx.htm
O8 - Extra context menu item: Download &All by FD - C:\PROGRAM FILES\FRESHDEVICES\FRESHDOWNLOAD\fdiectx2.htm
O8 - Extra context menu item: &Vivisimo Meta-Search - res://C:\PROGRAM FILES\VIVISIMO\TOOLBAR\TOOLBAR3.DLL/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: Add to &Teleport - C:\PROGRAM FILES\TELEPORT PRO\teleport.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\PROGRAM FILES\VERIZON ONLINE\CONTROLPAD\Misc\a_menu.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .ivs: C:\PROGRA~1\INTERN~1\PLUGINS\NPRIFF.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {E344ADA2-75B6-4E7E-B221-0A04FD5B0165} (MaxisPublishX Control) - http://thesims.ea.com/us/teleport/MaxisPublishX.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shop.intuit.com/store/executables/ie/IDA.cab
O16 - DPF: {2DAE59A1-B355-4653-8D33-33A3A8F8C078} (MaxisVacationTeleX Control) - http://thesims.ea.com/teleport/vacation/MaxisVacationTeleX.cab
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.com/teleport/hotdate/NPC/MaxisHotDateTeleX.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/MaxisSimsFamilyTeleX.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unleashed/LOT/MaxisUnleashedLotTeleX.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/getdsl/system_check/images/MotivePreQual.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/superstar/MaxisSuperstarTeleX.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} (Toolbar Reg Sniff Activate) - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_2us.cab
O16 - DPF: {4063B398-3FC7-433E-B23B-0460CE7EDC27} (MaxisMakinMagicTeleX Control) - http://thesims.ea.com/teleport/makinmagic/MaxisMakinMagicTeleX.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - http://support.dell.com/systemprofiler/SysProfLcd.CAB
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = roots-servers.net
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: May 15, 2005, 02:19:43 AM »

Hi.....

---------------------------------------------------------------------
 ---------------------------------------------------------------------------
Download Killbox v2.0.0.175 and unzip the file to your Desktop .

Right click and drag your cursor over the below files to highlight them and then.use Control+C to copy them to the clipboard..Open KILLBOX and go to File...."Paste From Clipboard". All the files should now appear in the box (click on the Tab and check to make sure that only the files I have identified as malware and marked for deletion are there) . Then checkmark the "Delete on Reboot" box..and click the red X.  You will get a message saying "File will be deleted on next reboot" , Process and Reboot now?" Click "Yes" and post a new log when you have rebooted.  



C:\WINDOWS\SYSTEM\MFCYP.EXE
C:\WINDOWS\SYSTEM\CRJB32.EXE
C:\WINDOWS\SYSTEM\NETMT.EXE
C:\WINDOWS\MSSO32.EXE
C:\WINDOWS\SYSTEM\CRNX32.EXE
C:\WINDOWS\SYSTEM\ADDSS.EXE
C:\WINDOWS\SYSTEM\IEGY.EXE
C:\WINDOWS\SYSTEM\MSNS32.EXE
C:\WINDOWS\SYSTEM\WINDM.EXE
C:\WINDOWS\SYSTEM\APIMY32.EXE
C:\WINDOWS\SYSTEM\NETRH32.EXE
C:\WINDOWS\SYSTEM\MSDG32.EXE
C:\WINDOWS\ATLMJ32.EXE
C:\WINDOWS\MSPC.EXE
C:\WINDOWS\NTUE.EXE
C:\WINDOWS\SYSTEM\ATLFV.EXE
C:\WINDOWS\SYSTEM\NETRR32.EXE
C:\WINDOWS\CRYU32.EXE
C:\WINDOWS\SYSTEM\CRPG.EXE
C:\WINDOWS\SYSTEM\NTUV.EXE
C:\WINDOWS\SYSTEM\NETJC.EXE
C:\WINDOWS\SYSTEM\WINAY32.EXE
C:\WINDOWS\MSSO32.EXE
C:\WINDOWS\SYSTEM\APIMY32.EXE
C:\WINDOWS\SYSTEM\ATLUV32.EXE
C:\WINDOWS\SYSTEM\APIOX.EXE
C:\WINDOWS\D3ZY.EXE
C:\WINDOWS\SYSTEM\ADDVH.EXE
C:\WINDOWS\SYSTEM\ADDSM.EXE
 C:\WINDOWS\SYSTEM\MSGT32.EXE
C:\WINDOWS\SYSTEM\NTEL32.EXE

------------------------------------------------------------------------

Keep your browser closed and have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ivaql.dll/sp.html#44675
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ivaql.dll/sp.html#44675
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ivaql.dll/sp.html#44675
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ivaql.dll/sp.html#44675
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ivaql.dll/sp.html#44675
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ivaql.dll/sp.html#44675
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ivaql.dll/sp.html#44675
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {1BD1A184-C0A8-F960-EAAC-54D58C4F675B} - C:\WINDOWS\SYSTEM\IEXM32.DLL
O4 - HKLM\..\Run: [ADDSM.EXE] C:\WINDOWS\SYSTEM\ADDSM.EXE
O4 - HKLM\..\Run: [MSGT32.EXE] C:\WINDOWS\SYSTEM\MSGT32.EXE
O4 - HKLM\..\Run: [WINAY32.EXE] C:\WINDOWS\SYSTEM\WINAY32.EXE
O4 - HKLM\..\Run: [NTEL32.EXE] C:\WINDOWS\SYSTEM\NTEL32.EXE
O4 - HKLM\..\RunServices: [D3ZY.EXE] C:\WINDOWS\D3ZY.EXE /s
O4 - HKLM\..\RunServices: [ADDVH.EXE] C:\WINDOWS\SYSTEM\ADDVH.EXE /s
O4 - HKLM\..\RunServices: [MFCYP.EXE] C:\WINDOWS\SYSTEM\MFCYP.EXE /s
O4 - HKLM\..\RunServices: [CRJB32.EXE] C:\WINDOWS\SYSTEM\CRJB32.EXE /s
O4 - HKLM\..\RunServices: [NETMT.EXE] C:\WINDOWS\SYSTEM\NETMT.EXE /s
O4 - HKLM\..\RunServices: [MSSO32.EXE] C:\WINDOWS\MSSO32.EXE /s
O4 - HKLM\..\RunServices: [JAVAYU32.EXE] C:\WINDOWS\JAVAYU32.EXE /s
O4 - HKLM\..\RunServices: [CRNX32.EXE] C:\WINDOWS\SYSTEM\CRNX32.EXE /s
O4 - HKLM\..\RunServices: [ADDSS.EXE] C:\WINDOWS\SYSTEM\ADDSS.EXE /s
O4 - HKLM\..\RunServices: [IEGY.EXE] C:\WINDOWS\SYSTEM\IEGY.EXE /s
O4 - HKLM\..\RunServices: [MSNS32.EXE] C:\WINDOWS\SYSTEM\MSNS32.EXE /s
O4 - HKLM\..\RunServices: [WINDM.EXE] C:\WINDOWS\SYSTEM\WINDM.EXE /s
O4 - HKLM\..\RunServices: [APIMY32.EXE] C:\WINDOWS\SYSTEM\APIMY32.EXE /s
O4 - HKLM\..\RunServices: [NETRH32.EXE] C:\WINDOWS\SYSTEM\NETRH32.EXE /s
O4 - HKLM\..\RunServices: [MSDG32.EXE] C:\WINDOWS\SYSTEM\MSDG32.EXE /s
O4 - HKLM\..\RunServices: [ATLMJ32.EXE] C:\WINDOWS\ATLMJ32.EXE /s
O4 - HKLM\..\RunServices: [MSPC.EXE] C:\WINDOWS\MSPC.EXE /s
O4 - HKLM\..\RunServices: [NTUE.EXE] C:\WINDOWS\NTUE.EXE /s
O4 - HKLM\..\RunServices: [ATLFV.EXE] C:\WINDOWS\SYSTEM\ATLFV.EXE /s
O4 - HKLM\..\RunServices: [NETRR32.EXE] C:\WINDOWS\SYSTEM\NETRR32.EXE /s
O4 - HKLM\..\RunServices: [CRYU32.EXE] C:\WINDOWS\CRYU32.EXE /s
O4 - HKLM\..\RunServices: [CRPG.EXE] C:\WINDOWS\SYSTEM\CRPG.EXE /s
O4 - HKLM\..\RunServices: [NTUV.EXE] C:\WINDOWS\SYSTEM\NTUV.EXE /s
O4 - HKLM\..\RunServices: [NETJC.EXE] C:\WINDOWS\SYSTEM\NETJC.EXE /s
O4 - HKLM\..\RunServices: [ATLUV32.EXE] C:\WINDOWS\SYSTEM\ATLUV32.EXE /s
O4 - HKLM\..\RunServices: [APIOX.EXE] C:\WINDOWS\SYSTEM\APIOX.EXE /s

-------------------------------------------

Check that you have carried out all the above steps/fixes and then reboot into Normal Mode and download Cleanup This will  clean out your tempory files.

 
Restart your computer and post a new HijackThis log

« Last Edit: May 15, 2005, 02:26:02 AM by Pancake » Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 18, 2018, 08:55:19 AM