problem with homepage

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

hunttokill17

Thread Starter
Joined
Jun 22, 2005
Messages
1
Hi, I've got a problem with my homepage. It automatically is defaulted to "hhttp://213.159.117.134/index.php" I read some other posts and have already installed HiJackThis. I needed help on choosing what to delete. Here is the report:
Logfile of HijackThis v1.99.1
Scan saved at 1:58:23 PM, on 6/22/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\realplqyer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\DRIVERS\W32X86\2\printray.exe
C:\WINDOWS\system32\systime.exe
C:\WINDOWS\system32\msrexe.exe
C:\WINDOWS\wscmgr.exe
C:\DOCUME~1\pyzktyn\LOCALS~1\Temp\ICD4.tmp\svcmm32.exe
C:\Program Files\Nrxairq\Kihta.exe
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
C:\WINDOWS\system32\picsvr\picsvr.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\stjlh6ot.exe
C:\WINDOWS\system32\systime.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office\Osa.exe
C:\WINDOWS\system32\winupdt.exe
C:\Program Files\Evidence Eliminator\Ee.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R3 - Default URLSearchHook is missing
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (D:\Program Files\Netscape\Users\jim_d_moore\prefs.js)
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pizdato.biz
O1 - Hosts: 127.0.0.3 pizdato.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 45.151.20.208 downloads-eu1.kaspersky-labs.com
O1 - Hosts: 77.19.96.155 kaspersky-labs.com
O1 - Hosts: 233.206.25.116 www.networkassociates.com
O1 - Hosts: 38.86.187.30 us.mcafee.com
O1 - Hosts: 44.73.109.16 f-secure.com
O1 - Hosts: 32.7.244.3 networkassociates.com
O1 - Hosts: 5.23.103.12 secure.nai.com
O1 - Hosts: 185.219.30.144 downloads1.kaspersky-labs.com
O1 - Hosts: 99.21.158.156 downloads2.kaspersky-labs.com
O1 - Hosts: 229.68.129.112 downloads3.kaspersky-labs.com
O1 - Hosts: 67.249.132.68 avp.com
O1 - Hosts: 1.155.75.155 www.sophos.com
O1 - Hosts: 235.47.145.169 my-etrust.com
O1 - Hosts: 216.44.185.152 www.kaspersky.com
O1 - Hosts: 64.122.3.189 www.f-secure.com
O1 - Hosts: 199.253.223.9 dispatch.mcafee.com
O1 - Hosts: 33.116.33.51 update.symantec.com
O1 - Hosts: 213.119.251.134 nai.com
O1 - Hosts: 213.217.32.62 www.nai.com
O1 - Hosts: 243.210.89.207 sophos.com
O1 - Hosts: 148.153.133.174 www.ca.com
O1 - Hosts: 69.93.194.73 ca.com
O1 - Hosts: 9.202.43.87 securityresponse.symantec.com
O1 - Hosts: 115.136.136.196 symantec.com
O1 - Hosts: 250.90.196.188 mast.mcafee.com
O1 - Hosts: 21.203.17.165 liveupdate.symantec.com
O1 - Hosts: 248.157.252.32 www.avp.com
O1 - Hosts: 42.87.254.72 www.viruslist.com
O1 - Hosts: 29.168.34.211 viruslist.com
O1 - Hosts: 159.146.226.197 www.symantec.com
O1 - Hosts: 212.116.98.222 downloads4.kaspersky-labs.com
O1 - Hosts: 231.113.129.249 downloads-us1.kaspersky-labs.com
O1 - Hosts: 200.221.146.244 customer.symantec.com
O1 - Hosts: 161.147.161.231 mcafee.com
O1 - Hosts: 197.108.143.186 viruslist.com
O1 - Hosts: 81.55.119.100 www.my-etrust.com
O1 - Hosts: 191.235.38.91 download.mcafee.com
O1 - Hosts: 39.246.143.17 updates.symantec.com
O1 - Hosts: 224.213.142.110 kaspersky.com
O1 - Hosts: 213.97.90.176 www.trendmicro.com
O1 - Hosts: 168.138.123.44 rads.mcafee.com
O1 - Hosts: 123.86.56.187 trendmicro.com
O1 - Hosts: 25.93.175.243 liveupdate.symantecliveupdate.com
O1 - Hosts: 154.55.36.85 www.mcafee.com
O1 - Hosts: 185.41.49.83 downloads-eu1.kaspersky-labs.com
O1 - Hosts: 174.134.165.233 kaspersky-labs.com
O1 - Hosts: 83.94.107.194 www.networkassociates.com
O1 - Hosts: 76.146.129.199 us.mcafee.com
O1 - Hosts: 190.143.168.226 f-secure.com
O1 - Hosts: 253.214.117.184 networkassociates.com
O1 - Hosts: 48.83.87.196 secure.nai.com
O1 - Hosts: 205.121.95.58 downloads1.kaspersky-labs.com
O1 - Hosts: 53.101.218.64 downloads2.kaspersky-labs.com
O1 - Hosts: 164.122.255.95 downloads3.kaspersky-labs.com
O1 - Hosts: 111.55.69.79 avp.com
O1 - Hosts: 40.74.36.105 www.sophos.com
O1 - Hosts: 30.11.93.112 my-etrust.com
O1 - Hosts: 110.236.8.122 www.kaspersky.com
O1 - Hosts: 118.154.239.34 www.f-secure.com
O1 - Hosts: 125.173.28.87 dispatch.mcafee.com
O1 - Hosts: 205.88.122.105 update.symantec.com
O1 - Hosts: 159.95.14.49 nai.com
O1 - Hosts: 145.55.27.102 www.nai.com
O1 - Hosts: 130.52.40.139 sophos.com
O1 - Hosts: 20.11.218.1 www.ca.com
O1 - Hosts: 42.33.254.39 ca.com
O1 - Hosts: 35.107.65.155 securityresponse.symantec.com
O1 - Hosts: 176.203.110.2 symantec.com
O1 - Hosts: 115.55.58.221 mast.mcafee.com
O1 - Hosts: 216.21.230.107 liveupdate.symantec.com
O1 - Hosts: 214.157.74.138 www.avp.com
O1 - Hosts: 114.41.11.27 www.viruslist.com
O1 - Hosts: 74.183.22.102 viruslist.com
O1 - Hosts: 132.34.158.106 www.symantec.com
O1 - Hosts: 204.182.53.50 downloads4.kaspersky-labs.com
O1 - Hosts: 87.61.191.138 downloads-us1.kaspersky-labs.com
O1 - Hosts: 9.157.90.176 customer.symantec.com
O1 - Hosts: 62.158.121.220 mcafee.com
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [RealTray] d:\realplqyer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\system32\systime.exe
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\system32\msrexe.exe
O4 - HKLM\..\Run: [WfulSrv32] C:\WINDOWS\wfulsrv.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\system32\winupdtl.exe
O4 - HKLM\..\Run: [DgdSrv32] C:\WINDOWS\dgdsrv.exe
O4 - HKLM\..\Run: [WCSE Mgr] C:\WINDOWS\wscmgr.exe
O4 - HKLM\..\Run: [USB controller] "C:\DOCUME~1\pyzktyn\LOCALS~1\Temp\ICD4.tmp\svcmm32.exe" /startup
O4 - HKLM\..\Run: [Yrodz] C:\Program Files\Nrxairq\Kihta.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [stjlh6ot] C:\WINDOWS\system32\stjlh6ot.exe
O4 - HKLM\..\Run: [5s8j3pW] atld2x40.exe
O4 - HKLM\..\Run: [razin] C:\DOCUME~1\pyzktyn\LOCALS~1\Temp\rm05040901.Stub.exe
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\system32\systime.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: navapw32.lnk = C:\Program Files\Norton AntiVirus\navapw32.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .swf: D:\PROGRAM FILES\NETSCAPE\PROGRAM\PLUGINS\npswf32.dll
O13 - WWW. Prefix: http://
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 69.50.161.82
O15 - Trusted IP range: 69.50.161.82 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {3205E6DD-724B-0F8F-F5FD-79961EC1EB55} - http://213.159.117.150/1/rdgUS10.exe
O16 - DPF: {51EBE041-23D0-6D1C-A6EE-268A5A646B65} - http://213.159.117.150/1/rdgUS10.exe
O16 - DPF: {59299265-786A-0179-22BE-4191098424B5} - http://213.159.117.150/1/rdgUS10.exe
O16 - DPF: {5F8B4956-B980-49A3-19AE-3F6F7AB1B66E} - http://213.159.117.150/1/rdgUS10.exe
O16 - DPF: {623DE220-24E2-1683-E5B5-503D5D1E5AB0} - http://213.159.117.150/1/rdgUS10.exe
O16 - DPF: {6AC1F6BD-CF85-2FF2-115B-1957522D405C} - http://213.159.117.150/1/rdgUS10.exe
O16 - DPF: {719A468A-B167-211E-82E4-65312BD30FB1} - http://213.159.117.150/1/rdgUS10.exe
O16 - DPF: {74C663EC-3DF3-286D-2272-2AA678B31D62} - http://213.159.117.150/1/rdgUS10.exe
O16 - DPF: {7E85648B-2615-05D8-CF80-536868D04649} - http://213.159.117.150/1/rdgUS10.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
 
Joined
Sep 7, 2004
Messages
49,014
Download CWShredder http://www.intermute.com/products/cwshredder.html
Close all browser windows,
Open cwshredder.exe then click "Fix" and let it run.

Download Hoster from here:
www.funkytoad.com/download/hoster.zip
Run Hoster and press Restore Original Hosts, OK, and Exit Program.

download http://www.mvps.org/winhelp2002/DelDomains.inf

Right click the DelDomains.inf file and click Install, making sure Internet Explorer is closed. You won't see anything happen. Give it a minute.

Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.

Print this and boot to safe mode (Start tapping F8 at the first black screen after power up)
Fix these with HJT

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll

O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\system32\systime.exe

O4 - HKLM\..\Run: [System Service] C:\WINDOWS\system32\msrexe.exe

O4 - HKLM\..\Run: [WfulSrv32] C:\WINDOWS\wfulsrv.exe

O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\system32\winupdtl.exe

O4 - HKLM\..\Run: [DgdSrv32] C:\WINDOWS\dgdsrv.exe

O4 - HKLM\..\Run: [WCSE Mgr] C:\WINDOWS\wscmgr.exe

O4 - HKLM\..\Run: [USB controller] "C:\DOCUME~1\pyzktyn\LOCALS~1\Temp\ICD4.tmp\svcmm32.exe" /startup

O4 - HKLM\..\Run: [Yrodz] C:\Program Files\Nrxairq\Kihta.exe

O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe

O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [stjlh6ot] C:\WINDOWS\system32\stjlh6ot.exe

O4 - HKLM\..\Run: [5s8j3pW] atld2x40.exe

O4 - HKLM\..\Run: [razin] C:\DOCUME~1\pyzktyn\LOCALS~1\Temp\rm05040901.Stub.exe

O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\system32\systime.exe

O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone

O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone

O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)

O16 - DPF: {3205E6DD-724B-0F8F-F5FD-79961EC1EB55} - http://213.159.117.150/1/rdgUS10.exe

O16 - DPF: {51EBE041-23D0-6D1C-A6EE-268A5A646B65} - http://213.159.117.150/1/rdgUS10.exe

O16 - DPF: {59299265-786A-0179-22BE-4191098424B5} - http://213.159.117.150/1/rdgUS10.exe

O16 - DPF: {5F8B4956-B980-49A3-19AE-3F6F7AB1B66E} - http://213.159.117.150/1/rdgUS10.exe

O16 - DPF: {623DE220-24E2-1683-E5B5-503D5D1E5AB0} - http://213.159.117.150/1/rdgUS10.exe

O16 - DPF: {6AC1F6BD-CF85-2FF2-115B-1957522D405C} - http://213.159.117.150/1/rdgUS10.exe

O16 - DPF: {719A468A-B167-211E-82E4-65312BD30FB1} - http://213.159.117.150/1/rdgUS10.exe

O16 - DPF: {74C663EC-3DF3-286D-2272-2AA678B31D62} - http://213.159.117.150/1/rdgUS10.exe

O16 - DPF: {7E85648B-2615-05D8-CF80-536868D04649} - http://213.159.117.150/1/rdgUS10.exe

View Hidden Files
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Uncheck hide extensions
Now click "Apply to all folders", Click "Apply" then "OK"

Delete these files

c:\windows\system32\systime.exe
C:\Program Files\Aprps\cxtpls.dll
C:\WINDOWS\system32\msrexe.exe
C:\WINDOWS\wfulsrv.exe
C:\WINDOWS\system32\winupdtl.exe
C:\WINDOWS\dgdsrv.exe
C:\WINDOWS\wscmgr.exe
C:\DOCUMENT AND SETTING\pyzktyn\LOCAL SETTING\Temp – all files and folders

Delete these folders

C:\Program Files\Nrxairq
C:\WINDOWS\system32\nsvsvc
C:\WINDOWS\system32\picsvr
C:\Program Files\AutoUpdate
C:\WINDOWS\system32\stjlh6ot.exe

START – RUN – type in %temp% OK - Edit – Select all – File – Delete
Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
Empty the recycle bin
Boot

Run ActiveScan online virus scan

http://www.pandasoftware.com/activescan/

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan


Please give feedback on what worked/didn’t work and the current status of your system
 
Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top