Member Avatar for oxygengone

So ive been using spybot and adware... And "Cool Web Search.aaf.winshow" and "Trek Blue Error Nuker" always seem to pop up... And once they both get deleted... They pop up back again 5 min later when i scan my computer... And my homepage cant be changed either.... Everytime I do it goes back again to some weird page... Anyway heres my hijackthis report


MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\iesn32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MURDER~1\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ykzmr.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ykzmr.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ykzmr.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ykzmr.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ykzmr.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ykzmr.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ykzmr.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {C40122F1-A8B0-A3C3-6FB0-84B04256A6CB} - C:\WINDOWS\system32\atlxs32.dll
O2 - BHO: Class - {C74F8C59-7B4A-EAD1-B9DA-0FD02ABAE0E2} - C:\WINDOWS\system32\netku32.dll
O2 - BHO: Class - {E3BCE414-E67C-A5E2-B041-270AA8258696} - C:\WINDOWS\mfcre32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iesn32.exe] C:\WINDOWS\system32\iesn32.exe
O4 - HKLM\..\RunOnce: [atlvh32.exe] C:\WINDOWS\system32\atlvh32.exe
O4 - HKLM\..\RunOnce: [appam32.exe] C:\WINDOWS\appam32.exe
O4 - HKLM\..\RunOnce: [ipli.exe] C:\WINDOWS\system32\ipli.exe
O4 - HKLM\..\RunOnce: [ipdu32.exe] C:\WINDOWS\ipdu32.exe
O4 - HKLM\..\RunOnce: [ipdc.exe] C:\WINDOWS\system32\ipdc.exe
O4 - HKLM\..\RunOnce: [appif32.exe] C:\WINDOWS\appif32.exe
O4 - HKLM\..\RunOnce: [appca32.exe] C:\WINDOWS\appca32.exe
O4 - HKLM\..\RunOnce: [crno32.exe] C:\WINDOWS\crno32.exe
O4 - HKLM\..\RunOnce: [javaaz.exe] C:\WINDOWS\javaaz.exe
O4 - HKLM\..\RunOnce: [apinb32.exe] C:\WINDOWS\system32\apinb32.exe
O4 - HKLM\..\RunOnce: [ipnf.exe] C:\WINDOWS\ipnf.exe
O4 - HKLM\..\RunOnce: [javapu32.exe] C:\WINDOWS\javapu32.exe
O4 - HKLM\..\RunOnce: [mfccw.exe] C:\WINDOWS\mfccw.exe
O4 - HKLM\..\RunOnce: [addjf32.exe] C:\WINDOWS\addjf32.exe
O4 - HKLM\..\RunOnce: [javasl32.exe] C:\WINDOWS\system32\javasl32.exe
O4 - HKLM\..\RunOnce: [apixn32.exe] C:\WINDOWS\system32\apixn32.exe
O4 - HKLM\..\RunOnce: [apidc.exe] C:\WINDOWS\apidc.exe
O4 - HKLM\..\RunOnce: [winqe32.exe] C:\WINDOWS\winqe32.exe
O4 - HKLM\..\RunOnce: [ieqg.exe] C:\WINDOWS\system32\ieqg.exe
O4 - HKLM\..\RunOnce: [sdkva.exe] C:\WINDOWS\system32\sdkva.exe
O4 - HKLM\..\RunOnce: [addqm32.exe] C:\WINDOWS\addqm32.exe
O4 - HKLM\..\RunOnce: [crvo32.exe] C:\WINDOWS\crvo32.exe
O4 - HKLM\..\RunOnce: [mfcgt32.exe] C:\WINDOWS\mfcgt32.exe
O4 - HKLM\..\RunOnce: [appjf.exe] C:\WINDOWS\system32\appjf.exe
O4 - HKLM\..\RunOnce: [appeo.exe] C:\WINDOWS\appeo.exe
O4 - HKLM\..\RunOnce: [croe32.exe] C:\WINDOWS\croe32.exe
O4 - HKLM\..\RunOnce: [msin32.exe] C:\WINDOWS\msin32.exe
O4 - HKLM\..\RunOnce: [sdkfx.exe] C:\WINDOWS\system32\sdkfx.exe
O4 - HKLM\..\RunOnce: [sdkyc.exe] C:\WINDOWS\sdkyc.exe
O4 - HKLM\..\RunOnce: [netor.exe] C:\WINDOWS\netor.exe
O4 - HKLM\..\RunOnce: [netre32.exe] C:\WINDOWS\system32\netre32.exe
O4 - HKLM\..\RunOnce: [sdksy32.exe] C:\WINDOWS\system32\sdksy32.exe
O4 - HKLM\..\RunOnce: [atlxs32.exe] C:\WINDOWS\system32\atlxs32.exe
O4 - HKLM\..\RunOnce: [d3kj32.exe] C:\WINDOWS\d3kj32.exe
O4 - HKLM\..\RunOnce: [addqw.exe] C:\WINDOWS\system32\addqw.exe
O4 - HKLM\..\RunOnce: [iefd.exe] C:\WINDOWS\system32\iefd.exe
O4 - HKLM\..\RunOnce: [sdklg.exe] C:\WINDOWS\sdklg.exe
O4 - HKLM\..\RunOnce: [ipqr.exe] C:\WINDOWS\system32\ipqr.exe
O4 - HKLM\..\RunOnce: [addkg32.exe] C:\WINDOWS\system32\addkg32.exe
O4 - HKLM\..\RunOnce: [d3yi.exe] C:\WINDOWS\system32\d3yi.exe
O4 - HKLM\..\RunOnce: [ieos.exe] C:\WINDOWS\ieos.exe
O4 - HKLM\..\RunOnce: [ntum.exe] C:\WINDOWS\ntum.exe
O4 - HKLM\..\RunOnce: [apijd.exe] C:\WINDOWS\apijd.exe
O4 - HKLM\..\RunOnce: [winox.exe] C:\WINDOWS\system32\winox.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: LEC TranslateDotNet Server - Unknown owner - C:\Program Files\Power Translator\LogoMedia TranslateDotNet Server.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

  • 2 Contributors
  • 1 Reply
  • 149 Views
  • 6 Hours Discussion Span
  • Latest Post Latest Post by swatkat
Member Avatar for swatkat

Hi,
Before going to the HijackThis, please perform these steps:-

1] Download and install CCLeaner. Run it, click "Options" button and here go to "Settings" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours". Click OK to exit from the Options. Finally click "Run Cleaner" and click "OK" for the warning messge.

2] Run an online virus scan at Panda ActiveScan and save the log file it gives.

3] Download and install Ewido. When you run it for the first time, you receive the warning "No database found", click "OK" to this. Next in the main screen of the Ewido, click "Update" and click "Start update" button. After the update process, click the "Scanner" button, and click "Start".
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK. When the scan finishes, click on "Save Report".

4] Restart the PC, run HijackThis agian, and post a new log, along with this, please post the log files of Panda ActiveScan and Ewido.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.