Home Search Assistant-drorhagadol
hello
please,i need help with telliing me what to delete
the log is attached
thank you
Logfile of HijackThis v1.99.1
Scan saved at 12:06:28, on 23/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\winfw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xvxyl.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xvxyl.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xvxyl.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xvxyl.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xvxyl.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xvxyl.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xvxyl.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.26.10.71:3128
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {2A70656C-8CDF-3715-42B5-E643EB99E370} - C:\WINDOWS\system32\javaly.dll
O2 - BHO: Class - {A6AB0709-374D-2F77-3E70-0DE0910A9568} - C:\WINDOWS\sysyw32.dll
O2 - BHO: Class - {B255CF17-988E-8993-4B11-EE0312E09D84} - C:\WINDOWS\javaqm.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [winfw.exe] C:\WINDOWS\system32\winfw.exe
O4 - HKLM\..\RunOnce: [winhg.exe] C:\WINDOWS\system32\winhg.exe
O4 - HKLM\..\RunOnce: [sdkcl.exe] C:\WINDOWS\system32\sdkcl.exe
O4 - HKLM\..\RunOnce: [javabi32.exe] C:\WINDOWS\javabi32.exe
O4 - HKLM\..\RunOnce: [atlqh32.exe] C:\WINDOWS\system32\atlqh32.exe
O4 - HKLM\..\RunOnce: [iedt32.exe] C:\WINDOWS\iedt32.exe
O4 - HKLM\..\RunOnce: [appug.exe] C:\WINDOWS\appug.exe
O4 - HKLM\..\RunOnce: [winsz32.exe] C:\WINDOWS\winsz32.exe
O4 - HKLM\..\RunOnce: [crbq.exe] C:\WINDOWS\crbq.exe
O4 - HKLM\..\RunOnce: [nteo32.exe] C:\WINDOWS\nteo32.exe
O4 - HKLM\..\RunOnce: [javaly.exe] C:\WINDOWS\system32\javaly.exe
O4 - HKLM\..\RunOnce: [mfcko32.exe] C:\WINDOWS\mfcko32.exe
O4 - HKLM\..\RunOnce: [sdkkf32.exe] C:\WINDOWS\sdkkf32.exe
O4 - HKLM\..\RunOnce: [appbp32.exe] C:\WINDOWS\system32\appbp32.exe
O4 - HKLM\..\RunOnce: [addkn.exe] C:\WINDOWS\addkn.exe
O4 - HKLM\..\RunOnce: [sysii.exe] C:\WINDOWS\sysii.exe
O4 - HKLM\..\RunOnce: [crtj32.exe] C:\WINDOWS\crtj32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nechasim.com
O17 - HKLM\Software\..\Telephony: DomainName = nechasim.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nechasim.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Network Security Service ( 11Fה#·÷ִײ`I) - Unknown owner - C:\WINDOWS\system32\winhg.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
please,i need help with telliing me what to delete
the log is attached
thank you
Logfile of HijackThis v1.99.1
Scan saved at 12:06:28, on 23/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\winfw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xvxyl.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xvxyl.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xvxyl.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xvxyl.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xvxyl.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xvxyl.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xvxyl.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.26.10.71:3128
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {2A70656C-8CDF-3715-42B5-E643EB99E370} - C:\WINDOWS\system32\javaly.dll
O2 - BHO: Class - {A6AB0709-374D-2F77-3E70-0DE0910A9568} - C:\WINDOWS\sysyw32.dll
O2 - BHO: Class - {B255CF17-988E-8993-4B11-EE0312E09D84} - C:\WINDOWS\javaqm.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [winfw.exe] C:\WINDOWS\system32\winfw.exe
O4 - HKLM\..\RunOnce: [winhg.exe] C:\WINDOWS\system32\winhg.exe
O4 - HKLM\..\RunOnce: [sdkcl.exe] C:\WINDOWS\system32\sdkcl.exe
O4 - HKLM\..\RunOnce: [javabi32.exe] C:\WINDOWS\javabi32.exe
O4 - HKLM\..\RunOnce: [atlqh32.exe] C:\WINDOWS\system32\atlqh32.exe
O4 - HKLM\..\RunOnce: [iedt32.exe] C:\WINDOWS\iedt32.exe
O4 - HKLM\..\RunOnce: [appug.exe] C:\WINDOWS\appug.exe
O4 - HKLM\..\RunOnce: [winsz32.exe] C:\WINDOWS\winsz32.exe
O4 - HKLM\..\RunOnce: [crbq.exe] C:\WINDOWS\crbq.exe
O4 - HKLM\..\RunOnce: [nteo32.exe] C:\WINDOWS\nteo32.exe
O4 - HKLM\..\RunOnce: [javaly.exe] C:\WINDOWS\system32\javaly.exe
O4 - HKLM\..\RunOnce: [mfcko32.exe] C:\WINDOWS\mfcko32.exe
O4 - HKLM\..\RunOnce: [sdkkf32.exe] C:\WINDOWS\sdkkf32.exe
O4 - HKLM\..\RunOnce: [appbp32.exe] C:\WINDOWS\system32\appbp32.exe
O4 - HKLM\..\RunOnce: [addkn.exe] C:\WINDOWS\addkn.exe
O4 - HKLM\..\RunOnce: [sysii.exe] C:\WINDOWS\sysii.exe
O4 - HKLM\..\RunOnce: [crtj32.exe] C:\WINDOWS\crtj32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nechasim.com
O17 - HKLM\Software\..\Telephony: DomainName = nechasim.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nechasim.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Network Security Service ( 11Fה#·÷ִײ`I) - Unknown owner - C:\WINDOWS\system32\winhg.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
0
This discussion has been closed.
Comments
Much of this fix has to be performed in Safe Mode where you won't be able to access the Internet.
Please print out these instructions.
Step 1
Download CWShredder but don't run it yet.
Step 2
Download AboutBuster
Unzip it to your desktop but don't run it yet.
Step 3
Download Ad-aware SE 1.05
Install the program and launch it. First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files. Exit Adaware for now.
Step 5
Make sure that you can VIEW ALL HIDDEN FILES.
Step 6
Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xvxyl.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xvxyl.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xvxyl.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xvxyl.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xvxyl.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xvxyl.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xvxyl.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {2A70656C-8CDF-3715-42B5-E643EB99E370} - C:\WINDOWS\system32\javaly.dll
O2 - BHO: Class - {A6AB0709-374D-2F77-3E70-0DE0910A9568} - C:\WINDOWS\sysyw32.dll
O2 - BHO: Class - {B255CF17-988E-8993-4B11-EE0312E09D84} - C:\WINDOWS\javaqm.dll
O4 - HKLM\..\Run: [winfw.exe] C:\WINDOWS\system32\winfw.exe
O4 - HKLM\..\RunOnce: [winhg.exe] C:\WINDOWS\system32\winhg.exe
O4 - HKLM\..\RunOnce: [sdkcl.exe] C:\WINDOWS\system32\sdkcl.exe
O4 - HKLM\..\RunOnce: [javabi32.exe] C:\WINDOWS\javabi32.exe
O4 - HKLM\..\RunOnce: [atlqh32.exe] C:\WINDOWS\system32\atlqh32.exe
O4 - HKLM\..\RunOnce: [iedt32.exe] C:\WINDOWS\iedt32.exe
O4 - HKLM\..\RunOnce: [appug.exe] C:\WINDOWS\appug.exe
O4 - HKLM\..\RunOnce: [winsz32.exe] C:\WINDOWS\winsz32.exe
O4 - HKLM\..\RunOnce: [crbq.exe] C:\WINDOWS\crbq.exe
O4 - HKLM\..\RunOnce: [nteo32.exe] C:\WINDOWS\nteo32.exe
O4 - HKLM\..\RunOnce: [javaly.exe] C:\WINDOWS\system32\javaly.exe
O4 - HKLM\..\RunOnce: [mfcko32.exe] C:\WINDOWS\mfcko32.exe
O4 - HKLM\..\RunOnce: [sdkkf32.exe] C:\WINDOWS\sdkkf32.exe
O4 - HKLM\..\RunOnce: [appbp32.exe] C:\WINDOWS\system32\appbp32.exe
O4 - HKLM\..\RunOnce: [addkn.exe] C:\WINDOWS\addkn.exe
O4 - HKLM\..\RunOnce: [sysii.exe] C:\WINDOWS\sysii.exe
O4 - HKLM\..\RunOnce: [crtj32.exe] C:\WINDOWS\crtj32.exe
O23 - Service: Network Security Service ( 11Fה#·÷ִײ`I) - Unknown owner - C:\WINDOWS\system32\winhg.exe
Step 7
Reboot your computer into SAFE MODE
Step 8
Now run CWShredder, making sure to click "Fix".
Step 9
Then delete these files or directories (Do not be concerned if they do not exist)
C:\WINDOWS\system32\appbp32.exe
C:\WINDOWS\system32\winhg.exe
C:\WINDOWS\system32\javaly.dll
C:\WINDOWS\system32\javaly.exe
C:\WINDOWS\system32\winfw.exe
C:\WINDOWS\system32\winhg.exe
C:\WINDOWS\system32\sdkcl.exe
C:\WINDOWS\system32\atlqh32.exe
C:\WINDOWS\system32\xvxyl.dll
C:\WINDOWS\javabi32.exe
C:\WINDOWS\iedt32.exe
C:\WINDOWS\appug.exe
C:\WINDOWS\winsz32.exe
C:\WINDOWS\crbq.exe
C:\WINDOWS\nteo32.exe
C:\WINDOWS\mfcko32.exe
C:\WINDOWS\sdkkf32.exe
C:\WINDOWS\sysyw32.dll
C:\WINDOWS\javaqm.dll
C:\WINDOWS\addkn.exe
C:\WINDOWS\sysii.exe
C:\WINDOWS\crtj32.exe
Step 10
Double click AboutBuster.exe that you downloaded earlier. Click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report(copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.
Step 11
Run a full scan with Adaware.
Reboot your computer to go back to normal mode and post a new hijackthis log and the log from About Buster.
Thant you for your time but i already formated the computer.
it was in my workplace and i could not wait for the solution.
Thank's again