0

My brother must have downloaded SOMETHING. I have three entries in the add/remove programs that I cannot get rid of. I have tried in Safemode as well.
I have put HijackThis 1.99.1 on his computer and the following is a copy of the log file.
Please can someone help? I cannot even get his computer to get online....

Logfile of HijackThis v1.99.1
Scan saved at 1:33:13 PM, on 1/10/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\ierf32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\HPConfig.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\essspk.exe
C:\WINNT\system32\s3hotkey.exe
C:\WINNT\system32\S3trayhp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\addea.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\lcuuc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\lcuuc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\lcuuc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\lcuuc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\lcuuc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\lcuuc.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\lcuuc.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0072D796-0D8F-DC8B-A3DC-49F26EC3D261} - C:\WINNT\system32\crpk.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {08CC373A-C864-4F82-4F99-FBE38669AC07} - C:\WINNT\system32\ipxh32.dll
O2 - BHO: Class - {0B5713C0-2B84-2DA7-73A3-E4313C088568} - C:\WINNT\system32\javalr.dll
O2 - BHO: Class - {0C21C5D9-830D-4506-CD28-CF3D072D6F60} - C:\WINNT\system32\mfcoe.dll
O2 - BHO: Class - {0E29DB33-8569-5AC4-5430-19B85CCDC017} - C:\WINNT\iprm.dll
O2 - BHO: Class - {16BD6006-7A96-388E-EB26-F7C445215435} - C:\WINNT\system32\mfcbo32.dll
O2 - BHO: Class - {16CC5D07-ECD8-0251-4FA2-173D25674C8B} - C:\WINNT\system32\sdkmc32.dll
O2 - BHO: Class - {181C41A1-0B32-CBB7-36D4-1F24A75BCE33} - C:\WINNT\ntdv32.dll
O2 - BHO: Class - {22796450-B093-F800-8A5E-036AB0AC0939} - C:\WINNT\system32\ipye.dll
O2 - BHO: Class - {24A507DD-C24E-A826-6848-30DC8BCF199C} - C:\WINNT\system32\atlle32.dll
O2 - BHO: Class - {26255933-CE94-86BA-D76F-FC42B4D4846E} - C:\WINNT\winbd32.dll
O2 - BHO: Class - {27901DF5-8F23-CDED-976F-1DF5448E8795} - C:\WINNT\system32\atlog.dll
O2 - BHO: Class - {2ED68C74-39A1-BD30-033C-72B87966C8D1} - C:\WINNT\crsq32.dll
O2 - BHO: Class - {300E63EB-3BE6-A899-2A80-7B76629C95C5} - C:\WINNT\system32\mfclx.dll
O2 - BHO: Class - {313E868B-3DD5-6279-5C21-07FBD81A4537} - C:\WINNT\system32\addsv32.dll
O2 - BHO: Class - {32CEB83F-3E8B-199B-B30C-534172E3A6C7} - C:\WINNT\iemq32.dll
O2 - BHO: Class - {331BBC66-063E-9D76-07E5-81A232F98210} - C:\WINNT\system32\sdkcj.dll
O2 - BHO: Class - {33593731-DC80-738B-124F-F9FDF82575B9} - C:\WINNT\system32\netgy32.dll
O2 - BHO: Class - {337E3897-DE2F-0288-F235-DF9E68486F78} - C:\WINNT\system32\msze32.dll
O2 - BHO: Class - {33ADE22D-FEF2-D256-29E3-97F02838A3F9} - C:\WINNT\javaib.dll
O2 - BHO: Class - {39C061B8-BBEC-6601-C9C0-C3F3A0FF5FC4} - C:\WINNT\atlqi32.dll
O2 - BHO: Class - {3B85DB00-AAE2-550E-A44E-02FD55CE652F} - C:\WINNT\sysli32.dll
O2 - BHO: Class - {405B4B2C-A736-5143-35FF-EEAF3E5A0370} - C:\WINNT\system32\javael.dll
O2 - BHO: Class - {4061A3A1-EF0A-3ADD-6BBC-8EE8D4D3263F} - C:\WINNT\ntkk32.dll
O2 - BHO: Class - {43433E94-7430-6ABF-36CC-1C4F9B24A6FB} - C:\WINNT\system32\msga32.dll
O2 - BHO: Class - {490647DC-D2AB-D1BA-BC8C-041C5091F3DF} - C:\WINNT\system32\mskf32.dll
O2 - BHO: Class - {4A151488-72FE-EA8B-69AB-D51423F0D538} - C:\WINNT\system32\mfcyl.dll
O2 - BHO: (no name) - {4A3940FB-5EB7-1712-4D86-B910B3F26102} - (no file)
O2 - BHO: Class - {4A5E1E8D-C263-F6D2-5668-02BFB292E44D} - C:\WINNT\system32\winiq32.dll
O2 - BHO: Class - {4D55AE7E-5F55-B026-470B-55B61BD22B86} - C:\WINNT\system32\ntpt.dll
O2 - BHO: Class - {506F4824-2CDD-0BAB-0E74-38C675661D63} - C:\WINNT\system32\apiuh.dll
O2 - BHO: Class - {517ADE44-E5DD-A4C2-7853-DFA5F30C09E3} - C:\WINNT\netuu32.dll
O2 - BHO: Class - {52CFEA94-45A2-CA0D-A8BB-A23387F8EEBC} - C:\WINNT\system32\netal.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {53964538-2E6C-15F4-EDE3-42B484B586B1} - C:\WINNT\system32\netjs32.dll
O2 - BHO: Class - {570557B4-B66F-44EF-B2B9-F457397B1BB1} - C:\WINNT\system32\atlth32.dll
O2 - BHO: Class - {6004EEB9-32CA-7717-202B-8A261BFD7DFA} - C:\WINNT\atlkv.dll
O2 - BHO: Class - {63BAC647-2CE9-9906-3A23-EABA8E7E8028} - C:\WINNT\ntky32.dll
O2 - BHO: Class - {655C4043-7BC2-61F6-3929-A93204F9D9AA} - C:\WINNT\system32\sdkuo.dll
O2 - BHO: Class - {6A3A1151-B8A4-086A-0B83-1F24809A4005} - C:\WINNT\system32\winkk.dll
O2 - BHO: Class - {6FBC933A-42DD-2288-4127-9CEACA6FB1EB} - C:\WINNT\javakl.dll
O2 - BHO: Class - {72CB5421-8EC5-08B3-0DD8-35905AE99678} - C:\WINNT\ntkf32.dll
O2 - BHO: Class - {74CBD876-15B8-830D-6566-EC52277FF558} - C:\WINNT\apidq32.dll
O2 - BHO: Class - {74F74D7A-FB1F-72B6-0EF0-731522CE9602} - C:\WINNT\system32\crat32.dll
O2 - BHO: Class - {76853B92-544B-741E-4511-1A539C5FD4B1} - C:\WINNT\system32\atlck32.dll
O2 - BHO: Class - {78EF1590-7028-A203-A4B3-EC3C46DF8542} - C:\WINNT\system32\crsu32.dll
O2 - BHO: Class - {7CFF6F9F-A317-CB6B-1371-DB0ED80909FC} - C:\WINNT\system32\crqt32.dll
O2 - BHO: Class - {87592D99-D343-395A-FB07-852B36D4976F} - C:\WINNT\system32\ipzb32.dll
O2 - BHO: Class - {87AB6ED9-4B5A-3484-6986-529B24B05CE3} - C:\WINNT\system32\ntwz32.dll
O2 - BHO: Class - {88EA31D4-67C1-5427-CAB7-849F1F51798C} - C:\WINNT\system32\javayu.dll
O2 - BHO: Class - {8C42541B-7078-7DE0-7D6D-8C73363B610F} - C:\WINNT\system32\netxm32.dll
O2 - BHO: Class - {8F7A1956-A363-7564-8BEC-DD611DF3EC38} - C:\WINNT\system32\sdkpk.dll
O2 - BHO: Class - {936A2EDB-E166-C423-A721-BE3648539DFD} - C:\WINNT\system32\crpd32.dll
O2 - BHO: Class - {9571458B-B4DF-AC2F-8326-1BA399055D04} - C:\WINNT\system32\ntmv.dll
O2 - BHO: Class - {95BCDA44-7A8B-35D7-5621-7FD0D52D6D88} - C:\WINNT\ietv32.dll
O2 - BHO: Class - {962436EF-B29C-6800-08A6-F3080815F479} - C:\WINNT\system32\crvo32.dll
O2 - BHO: Class - {97F1D4B2-A5FE-50D0-FF5E-279371448324} - C:\WINNT\system32\atlax32.dll
O2 - BHO: Class - {9939822E-A720-C5B5-3389-1569B2600AD5} - C:\WINNT\ieds32.dll
O2 - BHO: Class - {9CB61C87-1D25-4758-F954-04E1464FEB3F} - C:\WINNT\system32\apief.dll
O2 - BHO: Class - {9E2FDF81-6BA4-FF77-A197-DA141BE10D85} - C:\WINNT\addgd.dll
O2 - BHO: Class - {A010C180-853B-BE16-1DD3-344A479E1151} - C:\WINNT\system32\apiho32.dll
O2 - BHO: Class - {A38B8E56-2335-9D4B-21D1-0634AD320C37} - C:\WINNT\system32\atlyt32.dll
O2 - BHO: Class - {A38C69AC-E35F-B292-FC64-1EBA966316CC} - C:\WINNT\iegu32.dll
O2 - BHO: Class - {A3DF9B7D-4B3D-F50A-8450-33B13E97DBD6} - C:\WINNT\msyh32.dll
O2 - BHO: Class - {AB844787-4B58-68ED-E7F3-C6B1EF18A3D1} - C:\WINNT\ietm32.dll
O2 - BHO: Class - {ABB28762-C0CF-C41A-757D-BD907DE07E86} - C:\WINNT\system32\javavu32.dll
O2 - BHO: Class - {ADF8EF33-ACCA-5F19-EE6B-04C66D1BDABD} - C:\WINNT\system32\netev32.dll
O2 - BHO: Class - {B36B2B4E-258D-4316-6912-02B535EA1D1B} - C:\WINNT\system32\msgp.dll
O2 - BHO: Class - {B6BC89AC-55D7-123F-064A-CAEE71479D55} - C:\WINNT\system32\apiix32.dll
O2 - BHO: Class - {BD580403-D86B-DED9-9E09-5A175C121F1A} - C:\WINNT\system32\iptt32.dll
O2 - BHO: Class - {BD9EF026-B04C-1F2F-907A-AA22C25AF0C9} - C:\WINNT\wincn32.dll
O2 - BHO: Class - {C149C15F-28B1-5400-02C9-BA720932E150} - C:\WINNT\system32\appbh.dll
O2 - BHO: Class - {C2A6A97D-A182-2684-339C-F9DB4EDF9603} - C:\WINNT\system32\netzn.dll
O2 - BHO: Class - {C3678D25-D9D6-5E2A-DB00-F69BB636E16E} - C:\WINNT\system32\crwa.dll
O2 - BHO: Class - {C66279FC-5FBA-9CD3-A02D-0E2A363BAA2E} - C:\WINNT\netmf.dll
O2 - BHO: Class - {C66F21F5-A684-C232-3199-090255DD914C} - C:\WINNT\javaum.dll
O2 - BHO: Class - {C8B07177-121F-C18A-A43F-9AA22F0109B3} - C:\WINNT\system32\winhz32.dll
O2 - BHO: Class - {CAEE8C90-CE36-D541-2B4D-97A72D4D83D2} - C:\WINNT\system32\ipru32.dll
O2 - BHO: Class - {CC478517-684A-908C-011A-C7729819B4D6} - C:\WINNT\d3zh32.dll
O2 - BHO: Class - {D3144CF5-61DF-63F0-5D80-292AB74B2CEB} - C:\WINNT\winpe32.dll
O2 - BHO: Class - {DAC89601-F4A4-F1A1-EB4D-8B80F1F6BBBE} - C:\WINNT\sdkgi32.dll
O2 - BHO: Class - {DBD3ABA8-8711-0B4F-C13E-A0FC97CE60D9} - C:\WINNT\system32\sdkqq.dll
O2 - BHO: Class - {DBFB9E65-CE98-818E-E35D-19926D224B10} - C:\WINNT\system32\sdknn.dll
O2 - BHO: Class - {DBFD49E6-AC7D-1BD4-847F-64BE059AF6CB} - C:\WINNT\addzu32.dll
O2 - BHO: Class - {DC938F8F-FF56-DF5E-904F-BEB3E9875A4A} - C:\WINNT\mfcjl32.dll
O2 - BHO: Class - {DD26AF2A-C0F2-B822-0126-C109C8769FED} - C:\WINNT\appus32.dll
O2 - BHO: Class - {DE14263E-454E-2928-B90B-682429F8C6CD} - C:\WINNT\system32\mswo32.dll
O2 - BHO: Class - {DEADD352-0A9B-BCB3-1697-9122CFE8A81A} - C:\WINNT\msfv.dll
O2 - BHO: Class - {E3ADD50A-986E-C16F-1F9A-72913D80069D} - C:\WINNT\system32\atlwf.dll
O2 - BHO: Class - {E40EE281-DEAD-F22C-F55C-2C0913B82E0A} - C:\WINNT\iems32.dll
O2 - BHO: Class - {F29EE32E-3172-0F1E-0B3F-9407D86C8B10} - C:\WINNT\apimt.dll
O2 - BHO: Class - {F46F711D-B4CA-E58D-3F1E-33EC35E8EB22} - C:\WINNT\d3hp32.dll
O2 - BHO: Class - {F6CD1EB6-DCD0-EFBE-1506-82436CC8D4EF} - C:\WINNT\system32\ipck.dll
O2 - BHO: Class - {F794CAF3-80A8-3771-3CE3-F7A0A5D05565} - C:\WINNT\mfcmq.dll
O2 - BHO: Class - {F9FEDACB-EE6A-410F-C0E3-B003772EFD61} - C:\WINNT\system32\sysje32.dll
O2 - BHO: Class - {FC44EE64-7882-5ADF-BB6F-1DD6F9FECC17} - C:\WINNT\iesa32.dll
O2 - BHO: Class - {FEB61A08-AB6A-DFB0-767C-2BD1A35B9CD0} - C:\WINNT\system32\netkz.dll
O2 - BHO: Class - {FEBC16AA-50D9-849D-6C64-BD86002AEDFE} - C:\WINNT\system32\crmt.dll
O2 - BHO: Class - {FF2375F6-EC14-97CF-F61D-A427C091D2A7} - C:\WINNT\system32\d3tl32.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [S3TRAYHP] S3trayhp.exe
O4 - HKLM\..\Run: [tibs5] C:\WINNT\system32\tibs5.exe
O4 - HKLM\..\Run: [9.tmp] C:\DOCUME~1\Mike\LOCALS~1\Temp\9.tmp.exe 2 10001
O4 - HKLM\..\Run: [9.tmp.exe] C:\DOCUME~1\Mike\LOCALS~1\Temp\9.tmp.exe 5 10001
O4 - HKLM\..\Run: [ipec32.exe] C:\WINNT\ipec32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sdksl.exe] C:\WINNT\sdksl.exe
O4 - HKLM\..\Run: [sysze.exe] C:\WINNT\system32\sysze.exe
O4 - HKLM\..\Run: [addea.exe] C:\WINNT\addea.exe
O4 - HKLM\..\Run: [crpo32.exe] C:\WINNT\crpo32.exe
O4 - HKLM\..\Run: [sysdh.exe] C:\WINNT\system32\sysdh.exe
O4 - HKLM\..\Run: [syswr.exe] C:\WINNT\syswr.exe
O4 - HKLM\..\Run: [ieel32.exe] C:\WINNT\ieel32.exe
O4 - HKLM\..\Run: [apitx.exe] C:\WINNT\system32\apitx.exe
O4 - HKLM\..\Run: [cruv32.exe] C:\WINNT\system32\cruv32.exe
O4 - HKLM\..\Run: [crix.exe] C:\WINNT\crix.exe
O4 - HKLM\..\Run: [addsl32.exe] C:\WINNT\addsl32.exe
O4 - HKLM\..\Run: [appfo.exe] C:\WINNT\system32\appfo.exe
O4 - HKLM\..\Run: [d3oj.exe] C:\WINNT\d3oj.exe
O4 - HKLM\..\Run: [javayw32.exe] C:\WINNT\system32\javayw32.exe
O4 - HKLM\..\Run: [d3tf.exe] C:\WINNT\d3tf.exe
O4 - HKLM\..\Run: [d3xt.exe] C:\WINNT\d3xt.exe
O4 - HKLM\..\Run: [netrx.exe] C:\WINNT\netrx.exe
O4 - HKLM\..\Run: [ieyg.exe] C:\WINNT\ieyg.exe
O4 - HKLM\..\Run: [sysgp.exe] C:\WINNT\sysgp.exe
O4 - HKLM\..\Run: [mfcor32.exe] C:\WINNT\mfcor32.exe
O4 - HKLM\..\Run: [atlmr32.exe] C:\WINNT\atlmr32.exe
O4 - HKLM\..\Run: [netqv.exe] C:\WINNT\system32\netqv.exe
O4 - HKLM\..\Run: [atlvr.exe] C:\WINNT\system32\atlvr.exe
O4 - HKLM\..\Run: [sdkkb32.exe] C:\WINNT\system32\sdkkb32.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\system32\ierf32.exe" /s (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINNT\system32\HPConfig.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

1
Contributor
1
Reply
2
Views
11 Years
Discussion Span
Last Post by stljorj
0

I just wanted to add... I am currently following directions from the others that seem to have the same issue. I will post a log when I have completed it. I am currently only on step 2 of .... alot ;-)

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.