| Please move Hjt to a permanent folder.
And i suggest you print this file.
Open your task manager (CTRL+ALT+DEL) and click the process tab. Highlight and 'END Process' on these items:
SYSKW.EXE
APILW.EXE
WINCY.EXE
SDKUY.EXE
NETEJ.EXE
SDKCQ.EXE
CRRR.EXE
IEMI32.EXE
APPVC32.EXE
WINPE32.EXE
D3RO32.EXE
Now navigate to and delete these files:
C:\WINDOWS\SYSTEM\SYSKW.EXE
C:\WINDOWS\SYSTEM\APILW.EXE
C:\WINDOWS\SYSTEM\WINCY.EXE
C:\WINDOWS\SDKUY.EXE
C:\WINDOWS\NETEJ.EXE
C:\WINDOWS\SYSTEM\SDKCQ.EXE
C:\WINDOWS\CRRR.EXE
C:\WINDOWS\IEMI32.EXE
C:\WINDOWS\SYSTEM\APPVC32.EXE
C:\WINDOWS\SYSTEM\WINPE32.EXE
C:\WINDOWS\D3RO32.EXE
If you can´t delete them, we´ll get them later.
Scan with HijackThis again, close all other windows and browsers, and place a checkmark next to these items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\nrlfq.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://nrlfq.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://nrlfq.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\nrlfq.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://nrlfq.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\nrlfq.dll/sp.html#96676
O2 - BHO: (no name) - {6BE5C394-AA25-266E-D794-88256569CD9D} - C:\WINDOWS\D3RO32.DLL (file missing)
O2 - BHO: (no name) - {F4A41C9A-A713-9C96-601E-1966003429F8} - C:\WINDOWS\ADDKE.DLL (file missing)
O2 - BHO: (no name) - {B368DFA6-172D-988C-124B-8A24C7FBA651} - C:\WINDOWS\SYSTEM\SYSYP32.DLL (file missing)
O2 - BHO: (no name) - {8F30B32A-F793-7B48-2B17-6EB4E169E8EB} - C:\WINDOWS\SDKHQ32.DLL (file missing)
O2 - BHO: (no name) - {2B86B621-D1DC-1979-E5BC-338CC5E8A0CD} - C:\WINDOWS\ATLKC.DLL (file missing)
O2 - BHO: (no name) - {1258EF1B-3DEF-334F-DB40-B3E344FFB374} - C:\WINDOWS\SYSTEM\APIWA32.DLL (file missing)
O2 - BHO: (no name) - {1DE16B10-FCB7-8977-CAF4-0AEB7D77FC72} - C:\WINDOWS\SYSTEM\MSZU32.DLL (file missing)
O2 - BHO: (no name) - {FB2785DC-6C8E-B839-61C8-3F6127DC95AB} - C:\WINDOWS\SYSTEM\NTPN.DLL (file missing)
O2 - BHO: (no name) - {4EB6319E-49FF-C8C6-FBBF-07BAC7CCFC75} - C:\WINDOWS\CRIC32.DLL (file missing)
O2 - BHO: (no name) - {697A7FE2-3B55-05DE-6F30-2EE710E7FFB2} - C:\WINDOWS\SYSTEM\ATLRT32.DLL (file missing)
O2 - BHO: (no name) - {F604D27D-2FA1-6463-FBD6-675B3EA2615B} - C:\WINDOWS\NETDB.DLL (file missing)
O2 - BHO: (no name) - {2CDF515F-066F-CDC9-46C7-30B30CE880BF} - C:\WINDOWS\SYSTEM\D3UK32.DLL (file missing)
O2 - BHO: (no name) - {8005338C-F6C8-1567-B7F1-510AA773BCF3} - C:\WINDOWS\JAVAUE32.DLL (file missing)
O2 - BHO: (no name) - {EF3E880A-AE91-DB11-D009-D00B6A0E94A7} - C:\WINDOWS\SYSTEM\IPGP32.DLL (file missing)
O2 - BHO: (no name) - {2F5D99FB-9063-BAAC-95E7-FEC0C3AF7BAB} - C:\WINDOWS\SDKVW32.DLL (file missing)
O2 - BHO: (no name) - {3EC51367-FA39-1261-3090-522B4BFA5214} - C:\WINDOWS\MFCML32.DLL (file missing)
O2 - BHO: (no name) - {4A741325-E903-BE06-381E-B35E597E3C6A} - C:\WINDOWS\D3VG.DLL (file missing)
O2 - BHO: (no name) - {FBC662AC-AA0D-1389-1431-40872CBDACA2} - C:\WINDOWS\MFCPW.DLL
O2 - BHO: (no name) - {BB60F1BB-CF25-D241-18BC-E21E7E46195C} - C:\WINDOWS\SYSTEM\SYSIP32.DLL
O2 - BHO: (no name) - {EFBC894E-C716-CF6F-30F0-1F1AE60E2401} - C:\WINDOWS\MFCAA.DLL
O2 - BHO: (no name) - {0F8EC515-3766-9410-E291-53457B589DCC} - C:\WINDOWS\SYSTEM\APIXZ32.DLL (file missing)
O2 - BHO: (no name) - {4A5122FD-E216-E8D5-D6CA-0AD5A2315D68} - C:\WINDOWS\SYSTEM\APIXR32.DLL (file missing)
O2 - BHO: (no name) - {B05401ED-FDEB-8A21-A5DA-21D057B7FF3C} - C:\WINDOWS\SYSTEM\IEUU32.DLL (file missing)
O2 - BHO: (no name) - {53EB571E-DF9B-C0FE-846E-402B5896036A} - C:\WINDOWS\MSJM.DLL
O4 - HKLM\..\RunServices: [WINPE32.EXE] C:\WINDOWS\SYSTEM\WINPE32.EXE
O4 - HKLM\..\RunServices: [SYSKW.EXE] C:\WINDOWS\SYSTEM\SYSKW.EXE
O4 - HKLM\..\RunServices: [APPVC32.EXE] C:\WINDOWS\SYSTEM\APPVC32.EXE
O4 - HKLM\..\RunServices: [APILW.EXE] C:\WINDOWS\SYSTEM\APILW.EXE
O4 - HKLM\..\RunServices: [CRRR.EXE] C:\WINDOWS\CRRR.EXE
O4 - HKLM\..\RunServices: [IEMI32.EXE] C:\WINDOWS\IEMI32.EXE
O4 - HKLM\..\RunServices: [WINCY.EXE] C:\WINDOWS\SYSTEM\WINCY.EXE
O4 - HKLM\..\RunServices: [NETEJ.EXE] C:\WINDOWS\NETEJ.EXE
O4 - HKLM\..\RunServices: [SDKUY.EXE] C:\WINDOWS\SDKUY.EXE
O4 - HKLM\..\RunServices: [SDKCQ.EXE] C:\WINDOWS\SYSTEM\SDKCQ.EXE
Boot into safe mode by tapping the F8 key and delete:
C:\WINDOWS\SYSTEM\WINPE32.EXE
C:\WINDOWS\SYSTEM\SYSKW.EXE
C:\WINDOWS\SYSTEM\APPVC32.EXE
C:\WINDOWS\SYSTEM\APILW.EXE
C:\WINDOWS\CRRR.EXE
C:\WINDOWS\IEMI32.EXE
C:\WINDOWS\SYSTEM\WINCY.EXE
C:\WINDOWS\NETEJ.EXE
C:\WINDOWS\SDKUY.EXE
C:\WINDOWS\SYSTEM\SDKCQ.EXE
Run Adware.
o to Start > Programs > Lavasoft and click on AdAware 6 to open the program
Look at the icons on the top right of the page and click on the ‘world’ and let AdAware update the spyware reference list
Once the update is finished click on the ‘Gear’ icon (second from the left) to access the preferences/settings window
In the "General" window make sure the following are selected:
Automatically save log-file
Automatically quarantine objects prior to removal
Safe Mode (always request confirmation)
Click on the "Scanning" button on the left and select :
Scan Within Archives
Scan Active Processes
Scan Registry
Deep Scan Registry
Scan my IE favorites for banned URL’s
Scan my Hosts file
Under ‘Click here to select drives + folders, choose:
All of your hard drives
Click on the "Advanced" button on the left and select:
Include additional process information
Include additional file information
Include environment information
Include additional object details
Click the "Tweak" button and select:
Under the "Scanning Engine":
Unload recognized processes during scanning
Include basic Ad-aware settings in logfile
Include additional Ad-aware settings in logfile
Under the ‘Cleaning Engine’:
Let Windows remove files in use at next reboot
Click on "Proceed" to save the settings.
Click -Start- and on the next screen choose "Activate in-depth Scan" at the bottom of the page and then choose:
Use Custom Scanning Options
Click -Next- and AdAware will scan your hard drive(s) with the options you have selected.
After scan,put a checkmark to all what it find, then click "finish"
Run regcleaner
Reboot, and run Ccleaner, post new log
| 
|
Forum Help Manual
