You might want to print these instructions for reference or copy and paste them into notepad and save them on your desktop, as you will be off the internet while using HijackThis.
If you have any questions before starting the fix, please don't hesitate to ask!
Please download CCleaner:
http://www.ccleaner.com
Install the program but do
Not run it yet!
Next...
Please download CWShredder:
http://cwshredder.net/bin/CWShredder.exe
Save it to the desktop but do
NOT run it yet.
Next...
Please download about
:Buster from here:
http://www.malwarebytes.biz/AboutBuster5.zip
Unzip it to the desktop, run it, Check for Updates, and update the files, but do
NOT run a scan yet.
Next...
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do
NOT run a scan yet.
Next...
Boot into Safe Mode. Restart your computer, start tapping F8 when your computer first starts booting, there will be a menu displayed > select Safe Mode.
Go to Start > Run > type “services.msc” (without the quotes) Locate
Network Security Service, right-click on it, and choose Properties. Click Stop, and set the "Startup Type" to Disabled.
Next...
please run CWShredder, and click Fix.
Next...
Then please run about
:Buster and click Start to begin the scan. If prompted to end the Explorer.exe process, click Yes. Your desktop may disappear --- this is normal. Allow the program to scan twice, and when complete click "Save Log". This will create a text file called "AB Logfile.txt" in the folder where about
:Buster is saved. I will want to see this logfile later.
Then please run Ewido, and run a full scan. Save the log from the scan for me.
Run HijackThis, click scan, place a checkmark next to the following items. Close all browsers and any other windows or the fix may not work! Click "fix checked".
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nswzf.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nswzf.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\nswzf.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nswzf.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nswzf.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\nswzf.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\nswzf.dll/sp.html#14044
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: Class - {D04B13F5-0E39-EE4E-D33A-14F3941F8539} - C:\WINDOWS\system32\d3ms.dll
O4 - HKLM\..\RunOnce: [addwq32.exe] C:\WINDOWS\addwq32.exe
O4 - HKLM\..\RunOnce: [addzr32.exe] C:\WINDOWS\system32\addzr32.exe
O4 - HKLM\..\RunOnce: [addxq.exe] C:\WINDOWS\addxq.exe
O4 - HKLM\..\RunOnce: [apizi.exe] C:\WINDOWS\apizi.exe
O4 - HKLM\..\RunOnce: [atlhd32.exe] C:\WINDOWS\atlhd32.exe
O4 - HKLM\..\RunOnce: [sdksz.exe] C:\WINDOWS\sdksz.exe
O4 - HKLM\..\RunOnce: [msus32.exe] C:\WINDOWS\msus32.exe
O4 - HKLM\..\RunOnce: [appno.exe] C:\WINDOWS\system32\appno.exe
O4 - HKLM\..\RunOnce: [ntgw.exe] C:\WINDOWS\ntgw.exe
O4 - HKLM\..\RunOnce: [appmq32.exe] C:\WINDOWS\appmq32.exe
O4 - HKLM\..\RunOnce: [winex32.exe] C:\WINDOWS\winex32.exe
O4 - HKLM\..\RunOnce: [winwz.exe] C:\WINDOWS\winwz.exe
O4 - HKLM\..\RunOnce: [apieu.exe] C:\WINDOWS\apieu.exe
O4 - HKLM\..\RunOnce: [ipwh.exe] C:\WINDOWS\ipwh.exe
O4 - HKLM\..\RunOnce: [nettc32.exe] C:\WINDOWS\system32\nettc32.exe
O4 - HKLM\..\RunOnce: [msaz32.exe] C:\WINDOWS\msaz32.exe
O4 - HKLM\..\RunOnce: [msxr.exe] C:\WINDOWS\system32\msxr.exe
O4 - HKLM\..\RunOnce: [sdkze32.exe] C:\WINDOWS\system32\sdkze32.exe
O4 - HKLM\..\RunOnce: [sysrq.exe] C:\WINDOWS\system32\sysrq.exe
O4 - HKLM\..\RunOnce: [mfcws.exe] C:\WINDOWS\mfcws.exe
O4 - HKLM\..\RunOnce: [sdkef.exe] C:\WINDOWS\sdkef.exe
O4 - HKLM\..\RunOnce: [appvh.exe] C:\WINDOWS\appvh.exe
O4 - HKLM\..\RunOnce: [d3sf.exe] C:\WINDOWS\system32\d3sf.exe
O4 - HKLM\..\RunOnce: [sysgl32.exe] C:\WINDOWS\sysgl32.exe
O4 - HKLM\..\RunOnce: [atlno32.exe] C:\WINDOWS\atlno32.exe
O4 - HKLM\..\RunOnce: [d3vs32.exe] C:\WINDOWS\system32\d3vs32.exe
O4 - HKLM\..\RunOnce: [d3lt.exe] C:\WINDOWS\d3lt.exe
O4 - HKLM\..\RunOnce: [addeh.exe] C:\WINDOWS\system32\addeh.exe
O4 - HKLM\..\RunOnce: [apiir.exe] C:\WINDOWS\system32\apiir.exe
O4 - HKLM\..\RunOnce: [syslc32.exe] C:\WINDOWS\system32\syslc32.exe
O4 - HKLM\..\RunOnce: [sdkaa.exe] C:\WINDOWS\sdkaa.exe
O4 - HKLM\..\RunOnce: [ntuf32.exe] C:\WINDOWS\ntuf32.exe
O4 - HKLM\..\RunOnce: [apiva.exe] C:\WINDOWS\system32\apiva.exe
O4 - HKLM\..\RunOnce: [atlzk32.exe] C:\WINDOWS\atlzk32.exe
O4 - HKLM\..\RunOnce: [ipix32.exe] C:\WINDOWS\ipix32.exe
O4 - HKLM\..\RunOnce: [apizn.exe] C:\WINDOWS\system32\apizn.exe
O4 - HKLM\..\RunOnce: [d3mb.exe] C:\WINDOWS\d3mb.exe
O4 - HKLM\..\RunOnce: [appoe.exe] C:\WINDOWS\system32\appoe.exe
O4 - HKLM\..\RunOnce: [iecn32.exe] C:\WINDOWS\system32\iecn32.exe
O4 - HKLM\..\RunOnce: [nthh.exe] C:\WINDOWS\nthh.exe
O4 - HKLM\..\RunOnce: [msqu32.exe] C:\WINDOWS\msqu32.exe
O4 - HKLM\..\RunOnce: [d3lj.exe] C:\WINDOWS\d3lj.exe
O4 - HKLM\..\RunOnce: [addsu.exe] C:\WINDOWS\system32\addsu.exe
O4 - HKLM\..\RunOnce: [crvh.exe] C:\WINDOWS\system32\crvh.exe
O4 - HKLM\..\RunOnce: [winfd32.exe] C:\WINDOWS\winfd32.exe
O4 - HKLM\..\RunOnce: [atlnr.exe] C:\WINDOWS\system32\atlnr.exe
O4 - HKLM\..\RunOnce: [apinu.exe] C:\WINDOWS\apinu.exe
O4 - HKLM\..\RunOnce: [crje.exe] C:\WINDOWS\crje.exe
O4 - HKLM\..\RunOnce: [ntde.exe] C:\WINDOWS\ntde.exe
O4 - HKLM\..\RunOnce: [sysrt32.exe] C:\WINDOWS\sysrt32.exe
O4 - HKLM\..\RunOnce: [ntrb.exe] C:\WINDOWS\system32\ntrb.exe
O4 - HKLM\..\RunOnce: [appwv32.exe] C:\WINDOWS\appwv32.exe
O4 - HKLM\..\RunOnce: [d3qu32.exe] C:\WINDOWS\system32\d3qu32.exe
O4 - HKLM\..\RunOnce: [ipvq.exe] C:\WINDOWS\ipvq.exe
O4 - HKLM\..\RunOnce: [atlzc.exe] C:\WINDOWS\system32\atlzc.exe
O4 - HKLM\..\RunOnce: [mfcul32.exe] C:\WINDOWS\mfcul32.exe
O4 - HKLM\..\RunOnce: [d3wl.exe] C:\WINDOWS\system32\d3wl.exe
O4 - HKLM\..\RunOnce: [adddo.exe] C:\WINDOWS\adddo.exe
O4 - HKLM\..\RunOnce: [msza.exe] C:\WINDOWS\msza.exe
O4 - HKLM\..\RunOnce: [atlvr.exe] C:\WINDOWS\atlvr.exe
O4 - HKLM\..\RunOnce: [iebu32.exe] C:\WINDOWS\system32\iebu32.exe
O4 - HKLM\..\RunOnce: [addni.exe] C:\WINDOWS\system32\addni.exe
O4 - HKLM\..\RunOnce: [mfcfz.exe] C:\WINDOWS\mfcfz.exe
O4 - HKLM\..\RunOnce: [systb32.exe] C:\WINDOWS\system32\systb32.exe
O4 - HKLM\..\RunOnce: [ntiz32.exe] C:\WINDOWS\ntiz32.exe
O4 - HKLM\..\RunOnce: [crmw.exe] C:\WINDOWS\system32\crmw.exe
O23 - Service: Network Security Service ( 11Fßä�#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\appzb32.exe
Please run CCleaner:
On the Windows tab, click Run cleaner.
On the Applications tab, click Run Cleaner.
Reboot normally.
Please post a fresh HijackThis log., and post a new HijackThis log, as well as the logs from AboutBuster and Ewido.
Tom
Dev Shed Forums Sponsor:
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
