enjoy web surf - or not

Unknown · May 2005

Rumor has it this is the place to go for help with those pesky spyware infestations, and I could definitely use some help. I have some sort of spyware on my computer that has given me a search engine for a homepage and lots of pop-up ads. Sometimes it lists the URL EnjoyWebSurf.com. I did a search in the archives here and found this thread whose author had a similar problem to mine. However, our HijackThis logs are sufficiently different that the advice offered in that thread isn't helping me.

Here is my log, and I will be very grateful to anyone who can help me exorcise my computer of this new evil! Thanks

Logfile of HijackThis v1.98.2
Scan saved at 1:07:55 AM, on 5/6/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\WINRZ.EXE
C:\WINDOWS\CRUS32.EXE
C:\WINDOWS\WINXG32.EXE
C:\WINDOWS\SYSTEM\SYSBV32.EXE
C:\WINDOWS\SYSTEM\CRTW32.EXE
C:\WINDOWS\SYSTEM\D3HZ.EXE
C:\WINDOWS\SYSTEM\MSXF32.EXE
C:\WINDOWS\JAVALL32.EXE
C:\WINDOWS\SYSTEM\WINBE32.EXE
C:\WINDOWS\SYSTEM\APPTL.EXE
C:\WINDOWS\SYSTEM\MSEM.EXE
C:\WINDOWS\MFCMK32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\THE CLEANER\TCA.EXE
C:\PROGRAM FILES\COMMON FILES\KODAK\KODAK_DR\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\JAVASQ32.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\IE NEW WINDOW MAXIMIZER\IEMAXIMIZER.EXE
C:\WINDOWS\SYSTEM\SYSBV32.EXE
C:\WINDOWS\SYSTEM\WINRZ.EXE
C:\PROGRAM FILES\SBC SELF SUPPORT TOOL\BIN\MPBTN.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\D3HZ.EXE
C:\WINDOWS\SYSTEM\D3UN32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SYSBV32.EXE
C:\WINDOWS\SYSTEM\SYSBV32.EXE
C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\NETSCAPE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\CRTW32.EXE
C:\WINDOWS\SYSTEM\CRTW32.EXE
C:\WINDOWS\SYSTEM\MSXF32.EXE
C:\WINDOWS\SYSTEM\MSXF32.EXE
C:\WINDOWS\WINXG32.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\tizuz.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\tizuz.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\tizuz.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\tizuz.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\tizuz.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\tizuz.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\tizuz.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_3.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Class - {FA741EB8-2839-DFA0-00E5-4D86BF6A6478} - C:\WINDOWS\SYSTEM\CRIM.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_3.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [tcactive] C:\PROGRAM FILES\THE CLEANER\tca.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [KodakCCS] C:\Program Files\Common Files\KODAK\KODAK_DR\KodakCCS.exe --pdr: "C:\Program Files\Common Files\KODAK\KODAK_DR\dcmnter.pdr"
O4 - HKLM\..\Run: [JAVASQ32.EXE] C:\WINDOWS\SYSTEM\JAVASQ32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [WINRZ.EXE] C:\WINDOWS\SYSTEM\WINRZ.EXE /s
O4 - HKLM\..\RunServices: [CRUS32.EXE] C:\WINDOWS\CRUS32.EXE /s
O4 - HKLM\..\RunServices: [WINXG32.EXE] C:\WINDOWS\WINXG32.EXE /s
O4 - HKLM\..\RunServices: [SYSBV32.EXE] C:\WINDOWS\SYSTEM\SYSBV32.EXE /s
O4 - HKLM\..\RunServices: [CRTW32.EXE] C:\WINDOWS\SYSTEM\CRTW32.EXE /s
O4 - HKLM\..\RunServices: [D3HZ.EXE] C:\WINDOWS\SYSTEM\D3HZ.EXE /s
O4 - HKLM\..\RunServices: [MSXF32.EXE] C:\WINDOWS\SYSTEM\MSXF32.EXE /s
O4 - HKLM\..\RunServices: [JAVALL32.EXE] C:\WINDOWS\JAVALL32.EXE /s
O4 - HKLM\..\RunServices: [WINBE32.EXE] C:\WINDOWS\SYSTEM\WINBE32.EXE /s
O4 - HKLM\..\RunServices: [APPTL.EXE] C:\WINDOWS\SYSTEM\APPTL.EXE /s
O4 - HKLM\..\RunServices: [MSEM.EXE] C:\WINDOWS\SYSTEM\MSEM.EXE /s
O4 - HKLM\..\RunServices: [MFCMK32.EXE] C:\WINDOWS\MFCMK32.EXE /s
O4 - HKLM\..\RunServices: [D3UN32.EXE] C:\WINDOWS\SYSTEM\D3UN32.EXE /s
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\PROGRAM FILES\IE NEW WINDOW MAXIMIZER\iemaximizer.exe
O4 - HKCU\..\Run: [\Pribi.exe] C:\WINDOWS\ALLUSE~1\APPLIC~1\PRIBI\Pribi.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMPANION\MODULES\MESSMOD2\V4\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMPANION\MODULES\MESSMOD2\V4\YHEXBMES.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {2E51B582-46FA-4DB2-8D5A-285FE8A29BC5} - (no file)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2E51B582-46FA-4DB2-8D5A-285FE8A29BC5} - (no file)
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2E51B582-46FA-4DB2-8D5A-285FE8A29BC5} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2E51B582-46FA-4DB2-8D5A-285FE8A29BC5} - (no file) (HKCU)
O12 - Plugin for .ivy: C:\PROGRA~1\INTERN~1\PLUGINS\nplvscrn.dll
O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nm1228.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0549b0501574a3099616/netzip/RdxIE2.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecurecare.net/rnt/rnl/java/RntX.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart.com/photo/upload/XUpload.ocx
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://medsvc.cats.ohiou.edu/AxisCamControl.ocx
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.com/save/makeover.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=3633a8bda782749821335ec60b4d86cedeb7022d192d176368b88f93d91d0edcb35ef3f9f9b23b90a9796d397bbe4f5639d92c6a2907e50ad2ecc6f9795e33:0fb107d03a280d2bcbe11b228149cb13
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab

nereidz · May 2005

I forgot to mention that I've already tried deleting the files containing anything about the Search Bar or Search Assistant - they just reappear the next time I run Hijack This. This thing is evil!

Buckeye_Sam · May 2005

Please download CWShredder but don't run it yet.

Download Ad-aware SE 1.05
Install the program and launch it. First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files. Exit Adaware for now.

Make sure that you can VIEW ALL HIDDEN FILES.

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\tizuz.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\tizuz.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\tizuz.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\tizuz.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\tizuz.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\tizuz.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\tizuz.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {FA741EB8-2839-DFA0-00E5-4D86BF6A6478} - C:\WINDOWS\SYSTEM\CRIM.DLL
O4 - HKLM\..\Run: [JAVASQ32.EXE] C:\WINDOWS\SYSTEM\JAVASQ32.EXE
O4 - HKLM\..\RunServices: [WINRZ.EXE] C:\WINDOWS\SYSTEM\WINRZ.EXE /s
O4 - HKLM\..\RunServices: [CRUS32.EXE] C:\WINDOWS\CRUS32.EXE /s
O4 - HKLM\..\RunServices: [WINXG32.EXE] C:\WINDOWS\WINXG32.EXE /s
O4 - HKLM\..\RunServices: [SYSBV32.EXE] C:\WINDOWS\SYSTEM\SYSBV32.EXE /s
O4 - HKLM\..\RunServices: [CRTW32.EXE] C:\WINDOWS\SYSTEM\CRTW32.EXE /s
O4 - HKLM\..\RunServices: [D3HZ.EXE] C:\WINDOWS\SYSTEM\D3HZ.EXE /s
O4 - HKLM\..\RunServices: [MSXF32.EXE] C:\WINDOWS\SYSTEM\MSXF32.EXE /s
O4 - HKLM\..\RunServices: [JAVALL32.EXE] C:\WINDOWS\JAVALL32.EXE /s
O4 - HKLM\..\RunServices: [WINBE32.EXE] C:\WINDOWS\SYSTEM\WINBE32.EXE /s
O4 - HKLM\..\RunServices: [APPTL.EXE] C:\WINDOWS\SYSTEM\APPTL.EXE /s
O4 - HKLM\..\RunServices: [MSEM.EXE] C:\WINDOWS\SYSTEM\MSEM.EXE /s
O4 - HKLM\..\RunServices: [MFCMK32.EXE] C:\WINDOWS\MFCMK32.EXE /s
O4 - HKLM\..\RunServices: [D3UN32.EXE] C:\WINDOWS\SYSTEM\D3UN32.EXE /s
O4 - HKCU\..\Run: [\Pribi.exe] C:\WINDOWS\ALLUSE~1\APPLIC~1\PRIBI\Pribi.exe
O9 - Extra button: Microsoft AntiSpyware helper - {2E51B582-46FA-4DB2-8D5A-285FE8A29BC5} - (no file)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2E51B582-46FA-4DB2-8D5A-285FE8A29BC5} - (no file)
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2E51B582-46FA-4DB2-8D5A-285FE8A29BC5} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2E51B582-46FA-4DB2-8D5A-285FE8A29BC5} - (no file) (HKCU)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0549b0501574a3...tzip/RdxIE2.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...11 b228149cb13
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

Reboot your computer into SAFE MODE

Now run CWShredder, making sure to click "Fix".

Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\SYSTEM\CRIM.DLL
C:\WINDOWS\SYSTEM\JAVASQ32.EXE
C:\WINDOWS\SYSTEM\WINRZ.EXE
C:\WINDOWS\CRUS32.EXE
C:\WINDOWS\WINXG32.EXE
C:\WINDOWS\SYSTEM\SYSBV32.EXE
C:\WINDOWS\SYSTEM\CRTW32.EXE
C:\WINDOWS\SYSTEM\D3HZ.EXE
C:\WINDOWS\SYSTEM\MSXF32.EXE
C:\WINDOWS\JAVALL32.EXE
C:\WINDOWS\SYSTEM\WINBE32.EXE
C:\WINDOWS\SYSTEM\APPTL.EXE
C:\WINDOWS\SYSTEM\MSEM.EXE
C:\WINDOWS\MFCMK32.EXE
C:\WINDOWS\SYSTEM\D3UN32.EXE
C:\WINDOWS\ALLUSE~1\APPLIC~1\PRIBI\Pribi.exe
c:\counter.cab

Run a full scan with Adaware.

Reboot your computer to go back to normal mode and post a new log.

enjoy web surf - or not

Comments