re: Spyware problems Friday, May 27, 2005 at 1:56 pm Windows XP Annoyances Discussion Forum Posted by MrCharlie (4472 messages posted) Like I said it's going to take several steps to nail this hijacker. Try this in regular mode Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => Double-click the Image Name column header to alphabetically sort the processes => Scroll through the list and look for: windn32.exe If you find the files, click on them, and then click End Process => Exit the Task Manager. CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following, then click "Fix Checked" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrtqm.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrtqm.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\mrtqm.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrtqm.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrtqm.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrtqm.dll/sp.html#37049 R3 - Default URLSearchHook is missing O2 - BHO: Class - {172A767E-22AD-09EE-8C96-720970A7FA45} - C:\WINDOWS\system32\crqw32.dll O2 - BHO: Class - {CAEBAB9D-5B6A-D04D-3DF1-1992B30E11BB} - C:\WINDOWS\system32\appnh.dll O2 - BHO: Class - {FCBEFCA2-4337-C522-B757-2FED10040650} - C:\WINDOWS\apivy.dll O2 - BHO: Class - {FF5B4CBC-CE93-4290-8860-69D7C23478BE} - C:\WINDOWS\system32\mfcue32.dll O4 - HKLM\..\RunOnce: [mfcta.exe] C:\WINDOWS\mfcta.exe O4 - HKLM\..\RunOnce: [ietk.exe] C:\WINDOWS\system32\ietk.exe O4 - HKLM\..\RunOnce: [ipib.exe] C:\WINDOWS\ipib.exe O4 - HKLM\..\RunOnce: [d3rt.exe] C:\WINDOWS\d3rt.exe O4 - HKLM\..\RunOnce: [apihv.exe] C:\WINDOWS\apihv.exe O4 - HKLM\..\RunOnce: [netgv.exe] C:\WINDOWS\netgv.exe O4 - HKLM\..\RunOnce: [mssb32.exe] C:\WINDOWS\system32\mssb32.exe O4 - HKLM\..\RunOnce: [winbs32.exe] C:\WINDOWS\winbs32.exe O4 - HKLM\..\RunOnce: [ntjy.exe] C:\WINDOWS\system32\ntjy.exe O4 - HKLM\..\RunOnce: [netzn.exe] C:\WINDOWS\system32\netzn.exe O4 - HKLM\..\RunOnce: [sdkep.exe] C:\WINDOWS\sdkep.exe O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\d3rl32.exe" /s (file missing) Delete the following files if present: C:\WINDOWS\system32\windn32.exe<----Typical C:\WINDOWS\system32\crqw32.dll C:\WINDOWS\system32\appnh.dll C:\WINDOWS\system32\mfcue32.dll C:\WINDOWS\system32\ietk.exe C:\WINDOWS\system32\mssb32.exe C:\WINDOWS\system32\ntjy.exe C:\WINDOWS\system32\netzn.exe C:\WINDOWS\system32\d3rl32.exe C:\WINDOWS\mrtqm.dll C:\WINDOWS\apivy.dll C:\WINDOWS\mfcta.exe C:\WINDOWS\ipib.exe C:\WINDOWS\d3rt.exe C:\WINDOWS\apihv.exe C:\WINDOWS\netgv.exe C:\WINDOWS\sdkep.exe C:\WINDOWS\winbs32.exe (and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat) If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again. Run AboutBuster . This will scan your computer for the bad files and delete them. It will ask to scan the system again, let it. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds. Reboot and post a fresh HJT log back here and lets see how we did, MrC Written in response to: re: Spyware problems (Vincent: Friday, May 27, 2005 at 1:19 pm) Responses to this message: re: Spyware problems (Vincent: Friday, May 27, 2005 at 2:51 pm) All messages in this thread [show all] Spyware problems (Vincent: Fri, May 27, 2005, 10:39 am) re: Spyware problems (David: Fri, May 27, 2005, 10:56 am) re: Spyware problems (MrCharlie: Fri, May 27, 2005, 11:06 am) re: Spyware problems (Vincent: Fri, May 27, 2005, 11:22 am) re: Spyware problems (MrCharlie: Fri, May 27, 2005, 11:49 am) re: Spyware problems (Vincent: Fri, May 27, 2005, 1:19 pm) re: Spyware problems (MrCharlie: Fri, May 27, 2005, 1:56 pm) re: Spyware problems (Vincent: Fri, May 27, 2005, 2:51 pm) re: Spyware problems (MrCharlie: Fri, May 27, 2005, 3:10 pm) re: Spyware problems (Vincent: Fri, May 27, 2005, 3:31 pm) re: Spyware problems (MrCharlie: Fri, May 27, 2005, 3:59 pm) re: Spyware problems (Vincent: Fri, May 27, 2005, 4:18 pm) re: Spyware problems (MrCharlie: Fri, May 27, 2005, 4:43 pm) re: Spyware problems (Vincent: Fri, May 27, 2005, 4:53 pm) re: Spyware problems (MrCharlie: Fri, May 27, 2005, 5:41 pm) Reply or follow-up to this message Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows XP Discussion Forum