Can't remove CoolWebSearch and About:Blank

BJ,

See my updated steps for running Ewido in message # 23 of the following thread. The steps posted no longer fit for the newer versions.

http://forums.majorgeeks.com/showthread.php?t=67486

 

Since BJ is not around I will try to get you moving on a fix.

For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\WINDOWS\IPMH.EXE
C:\WINDOWS\JAVAKJ32.EXE
C:\WINDOWS\CRWQ.EXE
C:\WINDOWS\APPXD.EXE


After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {9CB61A3B-8A17-49AD-560E-9569A5C10DD7} - C:\WINDOWS\SYSTEM\JAVAQW32.DLL
O4 - HKLM\..\Run: [JAVAKJ32.EXE] C:\WINDOWS\JAVAKJ32.EXE
O4 - HKLM\..\RunServices: [IPMH.EXE] C:\WINDOWS\IPMH.EXE /s
O4 - HKLM\..\RunServices: [CRWQ.EXE] C:\WINDOWS\CRWQ.EXE /s
O4 - HKLM\..\RunServices: [APPXD.EXE] C:\WINDOWS\APPXD.EXE /s
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://82.179.166.2/78ce58de/v2/msits.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\SYSTEM\JAVAQW32.DLL
C:\WINDOWS\IPMH.EXE
C:\WINDOWS\JAVAKJ32.EXE
C:\WINDOWS\CRWQ.EXE
C:\WINDOWS\APPXD.EXE

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.


Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Well it is not clean yet. More of the infection has now show itself. Some of it was hiding before. Let's try the simple approach first.

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\WINDOWS\SYSTEM\APPYK.EXE
C:\WINDOWS\APIOE32.EXE

After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\dshyz.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\dshyz.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\dshyz.dll/sp.html#28129
O4 - HKLM\..\Run: [APIOE32.EXE] C:\WINDOWS\APIOE32.EXE
O4 - HKLM\..\RunServices: [APPYK.EXE] C:\WINDOWS\SYSTEM\APPYK.EXE /s

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\system\dshyz.dll
C:\WINDOWS\APIOE32.EXE
C:\WINDOWS\SYSTEM\APPYK.EXE

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run empty your Recyle Bin.

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.


Have you downloaded, updated, and run About:Buster (listed in the READ ME FIRST)? If not, please do so and save and post a log from it when you come back. Immediately after running About:Buster, reboot the PC in normal mode.

Now after reboot, post a new HJT log (and the About:Buster log). And tell us how things are working.

 

Why are you putting the logs in zip files? Just attach the log file as hijackthis creates it. The only thing you may need to do is give it a different name each time before uploading.

Also HJT logs should always be posted from normal boot mode unless otherwise specified.

 

Do you know how to use the MS-DOS prompt and how to boot to an MS-DOS Prompt?

You will need to know how to change directories (also called folders) using the cd command, possibly how to change file attributes (using the attrib command) and how to delete file using the del command.

Here is how to boot to an MS-DOS prompt:

Click Start and select Shutdown and in the Window that comes up choose the one that says Restart the computer in MD-DOS mode. When it boots you will be at the command prompt (full screen).

Let me know if you understand how to get the command prompt and whether you know how to use it.

Also did you download and update about:Buster? Have you run it? I would run it a few times in safe mode and a few times in normal boot mode. Each time you run it, you should immediately reboot afte it completes the scan. This may clean up some of the problems. There are a few hundred files that I see in the log that need to be deleted. For example, here are the ones (as shown in the HJT log) that need deletion:

C:\WINDOWS\JAVAPU32.EXE
C:\WINDOWS\SYSTEM\APPPO32.EXE
C:\WINDOWS\SYSTEM\NTWP.EXE
C:\WINDOWS\ATLRI32.EXE
C:\WINDOWS\SYSTEM\ATLYC32.EXE
C:\WINDOWS\MFCAD.EXE
C:\WINDOWS\APIKK32.EXE
C:\WINDOWS\SYSTEM\APPVT32.EXE
C:\WINDOWS\APINY.EXE
C:\WINDOWS\SYSTEM\NETHF32.EXE
C:\WINDOWS\MSTG.EXE
C:\WINDOWS\SYSTEM\NETLX32.EXE
C:\WINDOWS\WINMM32.EXE
C:\WINDOWS\SYSTEM\IPWT32.EXE
C:\WINDOWS\IPKF32.EXE
C:\WINDOWS\IEFU.EXE
C:\WINDOWS\SYSTEM\MSJI.EXE
C:\WINDOWS\IETX.EXE
C:\WINDOWS\SYSTEM\SDKIG32.EXE
C:\WINDOWS\SYSTEM\ADDJH.EXE
C:\WINDOWS\APIMF32.EXE
C:\WINDOWS\SYSTEM\APIWU.EXE
C:\WINDOWS\CRZT.EXE
C:\WINDOWS\SYSTEM\MSMV.EXE
C:\WINDOWS\ADDKV32.EXE
C:\WINDOWS\SYSTEM\SDKUQ.EXE
C:\WINDOWS\APPMF.EXE
C:\WINDOWS\SYSTEM\WINLE.EXE
C:\WINDOWS\SYSTEM\SDKXK.EXE
C:\WINDOWS\ATLWI.EXE
C:\WINDOWS\MSIY32.EXE
C:\WINDOWS\JAVAMY32.EXE
C:\WINDOWS\SYSTEM\APPAD.EXE
C:\WINDOWS\SYSTEM\IECH32.EXE
C:\WINDOWS\MFCCR.EXE
C:\WINDOWS\SDKUW32.EXE
C:\WINDOWS\SDKUC32.EXE
C:\WINDOWS\ADDZB.EXE
C:\WINDOWS\SYSTEM\CRYP32.EXE
C:\WINDOWS\ADDSH32.EXE
C:\WINDOWS\IEDW32.EXE
C:\WINDOWS\SYSTEM\IEKA.EXE
C:\WINDOWS\SYSTEM\APILR.EXE
C:\WINDOWS\SYSTEM\APPHH.EXE
C:\WINDOWS\MFCWM.DLL
C:\WINDOWS\APPMH.DLL
C:\WINDOWS\IPDX32.DLL
C:\WINDOWS\APPEV32.DLL
C:\WINDOWS\SYSTEM\APIFE32.DLL
C:\WINDOWS\SYSTEM\SDKJW32.DLL
C:\WINDOWS\SYSTEM\D3EA32.DLL
C:\WINDOWS\SYSTEM\SYSUK.DLL
C:\WINDOWS\SYSTEM\WINNZ32.DLL
C:\WINDOWS\APILB32.DLL
C:\WINDOWS\IPAC32.DLL
C:\WINDOWS\CRJZ32.DLL
C:\WINDOWS\SYSTEM\JAVAYX.DLL
C:\WINDOWS\SYSTEM\NTFR.DLL
C:\WINDOWS\SYSTEM\ATLSZ.DLL
C:\WINDOWS\APIRU32.DLL
C:\WINDOWS\SYSTEM\SDKQA.DLL
C:\WINDOWS\SYSTEM\APITJ.DLL
C:\WINDOWS\SYSTEM\APIAD.DLL
C:\WINDOWS\CRZC.DLL
C:\WINDOWS\SYSTEM\D3DC32.DLL
C:\WINDOWS\NETPN.DLL
C:\WINDOWS\SYSTEM\JAVAMP.DLL
C:\WINDOWS\SYSTEM\NETTS32.DLL
C:\WINDOWS\SYSTEM\APPPO.DLL
C:\WINDOWS\ATLFK32.DLL
C:\WINDOWS\MSTK.DLL
C:\WINDOWS\WINRA.DLL
C:\WINDOWS\JAVARG.DLL
C:\WINDOWS\SYSKS32.DLL
C:\WINDOWS\SYSTEM\CRIR32.DLL
C:\WINDOWS\SYSTEM\APPBX.DLL
C:\WINDOWS\SYSTEM\ADDRG32.DLL
C:\WINDOWS\SYSTEM\D3LU32.DLL
C:\WINDOWS\SYSTEM\APIII32.DLL
C:\WINDOWS\CRCY32.DLL
C:\WINDOWS\ADDIJ32.DLL
C:\WINDOWS\SYSTEM\MFCJA32.DLL
C:\WINDOWS\APPYN.DLL
C:\WINDOWS\NTNS.DLL
C:\WINDOWS\SDKZG32.DLL
C:\WINDOWS\JAVAIS32.DLL
C:\WINDOWS\SDKQL.DLL
C:\WINDOWS\APPVZ32.DLL
C:\WINDOWS\SYSTEM\JAVAZC.DLL
C:\WINDOWS\NTWJ.DLL
C:\WINDOWS\SDKYO.DLL
C:\WINDOWS\APPED32.DLL
C:\WINDOWS\SDKDR32.DLL
C:\WINDOWS\SYSTEM\ADDDJ32.DLL
C:\WINDOWS\JAVAVP32.DLL
C:\WINDOWS\IECQ32.DLL
C:\WINDOWS\SYSTEM\NTAS.DLL
C:\WINDOWS\MSPT32.DLL
C:\WINDOWS\SYSTEM\APICA32.DLL
C:\WINDOWS\SYSTEM\APPWS32.DLL
C:\WINDOWS\MSMR32.DLL
C:\WINDOWS\SYSTEM\JAVAVE.DLL
C:\WINDOWS\APPZP.DLL
C:\WINDOWS\MFCPJ32.DLL
C:\WINDOWS\SYSTEM\JAVAWQ32.DLL
C:\WINDOWS\NTXI.DLL
C:\WINDOWS\SYSTEM\MSER32.DLL
C:\WINDOWS\APIRQ32.DLL
C:\WINDOWS\CRRC32.DLL
C:\WINDOWS\APPQR32.DLL
C:\WINDOWS\SYSTEM\NTXX32.DLL
C:\WINDOWS\NTDS32.DLL
C:\WINDOWS\SYSTEM\APPGV.DLL
C:\WINDOWS\MFCPW.DLL
C:\WINDOWS\NTSK.DLL
C:\WINDOWS\D3AT32.DLL
C:\WINDOWS\WINBY32.DLL
C:\WINDOWS\SYSTEM\WINGH32.DLL
C:\WINDOWS\SYSTEM\APIUI.DLL
C:\WINDOWS\SYSTEM\MFCYH32.DLL
C:\WINDOWS\NETCY32.DLL
C:\WINDOWS\SYSTEM\SDKFG32.DLL
C:\WINDOWS\NTFO32.DLL
C:\WINDOWS\SYSTEM\MSCV.DLL
C:\WINDOWS\WINDA.DLL
C:\WINDOWS\JAVAAQ.DLL
C:\WINDOWS\SYSTEM\NETLX32.DLL
C:\WINDOWS\ADDSA32.DLL
C:\WINDOWS\SDKDY.DLL
C:\WINDOWS\MFCZR32.DLL
C:\WINDOWS\ATLUK32.DLL
C:\WINDOWS\SYSTEM\ADDUZ.DLL
C:\WINDOWS\SYSTEM\MSWS32.DLL
C:\WINDOWS\ADDGA.DLL
C:\WINDOWS\SYSTEM\SDKHY.DLL
C:\WINDOWS\MSMQ32.DLL
C:\WINDOWS\NETIY32.DLL
C:\WINDOWS\ADDUP32.DLL
C:\WINDOWS\CRUS32.DLL
C:\WINDOWS\CRJK.DLL
C:\WINDOWS\SYSTEM\ADDHO.DLL
C:\WINDOWS\SYSTEM\IEGW.DLL
C:\WINDOWS\SYSTEM\SDKVA32.DLL
C:\WINDOWS\SYSTEM\CRCW32.DLL
C:\WINDOWS\ADDWQ32.DLL
C:\WINDOWS\SYSTEM\SYSYU.DLL
C:\WINDOWS\MFCSM.DLL
C:\WINDOWS\SYSTEM\MSBL.DLL
C:\WINDOWS\NETXG.DLL
C:\WINDOWS\MSNR32.DLL
C:\WINDOWS\SYSOA32.DLL
C:\WINDOWS\IPHY32.DLL
C:\WINDOWS\NETDK.DLL
C:\WINDOWS\SYSTEM\APPLU.DLL
C:\WINDOWS\WINBH.DLL
C:\WINDOWS\SYSTEM\NETAX32.DLL
C:\WINDOWS\WINKK.DLL
C:\WINDOWS\SYSTEM\JAVAMR.DLL
C:\WINDOWS\SYSTEM\NETJR32.DLL
C:\WINDOWS\SYSTEM\APPQU.DLL
C:\WINDOWS\SYSTEM\NETTT32.DLL
C:\WINDOWS\ATLBG.DLL
C:\WINDOWS\SYSTEM\ADDDV32.DLL
C:\WINDOWS\APIXR32.DLL
C:\WINDOWS\SYSTEM\WINRP.DLL
C:\WINDOWS\SYSTEM\CRPH.DLL
C:\WINDOWS\NETMY.DLL
C:\WINDOWS\ADDBW.DLL
C:\WINDOWS\APIEQ32.DLL
C:\WINDOWS\SYSTEM\MFCKR32.DLL
C:\WINDOWS\SYSTEM\NETFE32.DLL
C:\WINDOWS\IESL32.DLL
C:\WINDOWS\MFCNG32.DLL
C:\WINDOWS\SYSTEM\D3XQ.DLL
C:\WINDOWS\SYSTEM\MFCYK32.DLL
C:\WINDOWS\SYSTEM\ATLYE.DLL
C:\WINDOWS\APPOO.DLL
C:\WINDOWS\MFCHP32.DLL
C:\WINDOWS\SYSTEM\CRHP.DLL
C:\WINDOWS\SYSTEM\JAVATF32.DLL
C:\WINDOWS\SYSTEM\SDKOQ.DLL
C:\WINDOWS\SYSTEM\CREI32.DLL
C:\WINDOWS\MSTG.DLL
C:\WINDOWS\SYSTEM\MFCRH32.DLL
C:\WINDOWS\SYSTEM\ATLHZ32.DLL
C:\WINDOWS\MFCKK32.DLL
C:\WINDOWS\SYSTEM\APPZR32.DLL
C:\WINDOWS\NTOY32.DLL
C:\WINDOWS\JAVAQD32.DLL
C:\WINDOWS\SYSLZ32.DLL
C:\WINDOWS\NETVT32.DLL
C:\WINDOWS\SYSTEM\IPMU32.DLL
C:\WINDOWS\SYSTEM\JAVAHP32.DLL
C:\WINDOWS\SYSTEM\WINIZ.DLL
C:\WINDOWS\IPXS32.DLL
C:\WINDOWS\SYSTEM\WINJV32.DLL
C:\WINDOWS\SDKEP.DLL
C:\WINDOWS\SYSTEM\NETAL32.DLL
C:\WINDOWS\SYSTEM\SYSUS32.DLL
C:\WINDOWS\SYSTEM\WINXZ32.DLL
C:\WINDOWS\SYSTEM\CRMB32.DLL
C:\WINDOWS\SYSTEM\APIXM.DLL
C:\WINDOWS\SYSTEM\NETOM.DLL
C:\WINDOWS\APIEO.DLL
C:\WINDOWS\SYSTEM\D3ZP32.DLL
C:\WINDOWS\IPKI32.DLL
C:\WINDOWS\SYSTEM\D3UY.DLL
C:\WINDOWS\SYSTEM\MFCKU32.DLL
C:\WINDOWS\SYSTEM\D3DS.DLL
C:\WINDOWS\JAVAEM32.DLL
C:\WINDOWS\SYSTEM\IEFZ32.DLL
C:\WINDOWS\SYSTEM\NETRU.DLL
C:\WINDOWS\ADDHD32.DLL
C:\WINDOWS\ATLRG.DLL
C:\WINDOWS\APPJV32.DLL
C:\WINDOWS\MFCTF32.DLL
C:\WINDOWS\SYSGA.DLL
C:\WINDOWS\SYSTEM\WINYX32.DLL
C:\WINDOWS\SYSTEM\MFCTQ32.DLL
C:\WINDOWS\SYSTEM\CRUL.DLL
C:\WINDOWS\WINFC32.DLL
C:\WINDOWS\SYSTEM\IEPO32.DLL
C:\WINDOWS\APPRG32.DLL
C:\WINDOWS\MSQD.DLL
C:\WINDOWS\IEWY32.DLL
C:\WINDOWS\SYSTEM\CROG32.DLL
C:\WINDOWS\D3NE.DLL
C:\WINDOWS\IPVI32.DLL
C:\WINDOWS\SYSTEM\WINPP32.DLL
C:\WINDOWS\APISV32.DLL
C:\WINDOWS\WINJA.DLL
C:\WINDOWS\CRCO.DLL
C:\WINDOWS\SYSTEM\MFCSK.DLL
C:\WINDOWS\SYSTEM\IESQ.DLL
C:\WINDOWS\WINOG32.DLL
C:\WINDOWS\NETUK.DLL
C:\WINDOWS\SYSTEM\SDKMN.DLL
C:\WINDOWS\SYSTEM\APIVF32.DLL
C:\WINDOWS\SYSTEM\JAVAOE32.DLL
C:\WINDOWS\SYSTEM\NETXW.DLL
C:\WINDOWS\MSAY32.DLL
C:\WINDOWS\CRNB.DLL
C:\WINDOWS\ADDOC32.DLL
C:\WINDOWS\SYSTEM\MFCKS.DLL
C:\WINDOWS\IPSB.DLL
C:\WINDOWS\ATLQH32.DLL
C:\WINDOWS\SYSTEM\IPAT.DLL
C:\WINDOWS\SYSTEM\D3HA.DLL
C:\WINDOWS\MSGA.DLL
C:\WINDOWS\ADDCO.DLL
C:\WINDOWS\SYSTEM\CREL32.DLL
C:\WINDOWS\IPAH.DLL
C:\WINDOWS\SYSGV.DLL
C:\WINDOWS\SYSTEM\APPZS.DLL
C:\WINDOWS\SYSTEM\CRTV32.DLL
C:\WINDOWS\NTRY32.DLL
C:\WINDOWS\ATLHG.DLL
C:\WINDOWS\SYSTEM\WINCL.DLL
C:\WINDOWS\SYSTEM\WINJW.DLL
C:\WINDOWS\ATLGZ.DLL
C:\WINDOWS\CRSS.DLL
C:\WINDOWS\ATLTY32.DLL
C:\WINDOWS\IPTN.DLL
C:\WINDOWS\NTGB32.DLL
C:\WINDOWS\SYSTEM\IPSZ.DLL
C:\WINDOWS\ATLJA.DLL
C:\WINDOWS\SYSTEM\D3XE32.DLL
C:\WINDOWS\MSUN.DLL
C:\WINDOWS\MFCPW32.DLL
C:\WINDOWS\SYSTEM\NTWX.DLL
C:\WINDOWS\SYSTEM\NTQJ32.DLL
C:\WINDOWS\IPLK32.DLL
C:\WINDOWS\ATLHI32.DLL
C:\WINDOWS\MFCND.DLL
C:\WINDOWS\SYSTEM\JAVAYE32.DLL
C:\WINDOWS\APIKL32.DLL
C:\WINDOWS\SYSJR32.DLL
C:\WINDOWS\MFCBZ.DLL
C:\WINDOWS\SYSTEM\IPUJ32.DLL
C:\WINDOWS\ADDIG32.DLL
C:\WINDOWS\SYSTEM\ATLHG.DLL
C:\WINDOWS\SYSTEM\APPXW.DLL
C:\WINDOWS\ADDUH.DLL
C:\WINDOWS\SDKHO32.DLL
C:\WINDOWS\CREF32.DLL

 

Don't bother. Just read the below message again and see what I just added.

 

Do not waste your time running Ad-Aware or Spybot anymore. They will not nothing for this problem. Only run what I tell you to run and avoid rebooting unless I tell you to do so.

The below procedure is going to be very long because you are so badly infected. It is a wonder your PC runs at all. Please do not run anything except what I request. You should copy these steps to your PC or print them so you can run them while offline (disconnect from the internet by unplugging your cable and also exit ALL browsers).

Okay after saving the below, exit browsers and disconnect before continuing.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\WINDOWS\ADDSH32.EXE
C:\WINDOWS\SYSTEM\CRYP32.EXE
C:\WINDOWS\ADDZB.EXE
C:\WINDOWS\SDKUC32.EXE
C:\WINDOWS\SDKUW32.EXE
C:\WINDOWS\MFCCR.EXE
C:\WINDOWS\SYSTEM\IECH32.EXE
C:\WINDOWS\SYSTEM\APPAD.EXE
C:\WINDOWS\JAVAMY32.EXE
C:\WINDOWS\MSIY32.EXE
C:\WINDOWS\ATLWI.EXE
C:\WINDOWS\SYSTEM\SDKXK.EXE
C:\WINDOWS\SYSTEM\WINLE.EXE
C:\WINDOWS\APPMF.EXE
C:\WINDOWS\SYSTEM\SDKUQ.EXE
C:\WINDOWS\ADDKV32.EXE
C:\WINDOWS\SYSTEM\MSMV.EXE
C:\WINDOWS\CRZT.EXE
C:\WINDOWS\SYSTEM\APIWU.EXE
C:\WINDOWS\APIMF32.EXE
C:\WINDOWS\SYSTEM\ADDJH.EXE
C:\WINDOWS\SYSTEM\SDKIG32.EXE
C:\WINDOWS\IETX.EXE
C:\WINDOWS\SYSTEM\MSJI.EXE
C:\WINDOWS\IEFU.EXE
C:\WINDOWS\IPKF32.EXE
C:\WINDOWS\SYSTEM\IPWT32.EXE
C:\WINDOWS\WINMM32.EXE
C:\WINDOWS\SYSTEM\NETLX32.EXE
C:\WINDOWS\MSTG.EXE
C:\WINDOWS\SYSTEM\NETHF32.EXE
C:\WINDOWS\APINY.EXE
C:\WINDOWS\SYSTEM\APPVT32.EXE
C:\WINDOWS\APIKK32.EXE
C:\WINDOWS\MFCAD.EXE
C:\WINDOWS\SYSTEM\ATLYC32.EXE
C:\WINDOWS\ATLRI32.EXE
C:\WINDOWS\SYSTEM\NTWP.EXE
C:\WINDOWS\SYSTEM\APPPO32.EXE
C:\WINDOWS\JAVAPU32.EXE
C:\WINDOWS\SYSTEM\NTVY32.EXE
C:\WINDOWS\SYSTEM\NETFA32.EXE
C:\WINDOWS\WINGJ.EXE
C:\WINDOWS\SYSTEM\APILR.EXE
C:\WINDOWS\SYSTEM\APPAD.EXE
C:\WINDOWS\SDKUC32.EXE
C:\WINDOWS\SDKUW32.EXE
C:\WINDOWS\WINGJ.EXE
C:\WINDOWS\SYSTEM\APIWU.EXE
C:\WINDOWS\SYSTEM\APIWU.EXE
C:\WINDOWS\D3NP32.EXE

After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ixcrc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ixcrc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ixcrc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ixcrc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ixcrc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ixcrc.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ixcrc.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {19CF205A-66C8-D11C-227A-DF98204598D7} - C:\WINDOWS\CREF32.DLL
O2 - BHO: Class - {3C151A68-188A-0D75-77E2-FFCC5E29D857} - C:\WINDOWS\SDKHO32.DLL
O2 - BHO: Class - {28510C06-A16B-091E-FA46-4DB58B0A0432} - C:\WINDOWS\ADDUH.DLL
O2 - BHO: Class - {42AC5B8B-E907-6268-BAD4-55C5239B633B} - C:\WINDOWS\SYSTEM\APPXW.DLL
O2 - BHO: Class - {15E28534-5479-FF48-C0C0-53B853647C17} - C:\WINDOWS\SYSTEM\ATLHG.DLL
O2 - BHO: Class - {08BCB6C5-94A9-56B1-A201-207E4F3D194B} - C:\WINDOWS\ADDIG32.DLL
O2 - BHO: Class - {EB84B012-4632-FBFB-2FFC-592CEAD4D6D0} - C:\WINDOWS\SYSTEM\IPUJ32.DLL
O2 - BHO: Class - {DBDAC7FD-3720-F79E-C153-83A184D9DA3A} - C:\WINDOWS\MFCBZ.DLL
O2 - BHO: Class - {E8A39625-B6BE-1D18-1BE0-EDB00316FA68} - C:\WINDOWS\SYSJR32.DLL
O2 - BHO: Class - {8349086E-3F47-DF2F-515E-324A161E8B39} - C:\WINDOWS\APIKL32.DLL
O2 - BHO: Class - {A44A74F9-3DA2-18D6-89CD-4BEDD510C478} - C:\WINDOWS\SYSTEM\JAVAYE32.DLL
O2 - BHO: Class - {27F1DFCA-7AE7-4E50-E913-D6D263086DEB} - C:\WINDOWS\MFCND.DLL
O2 - BHO: Class - {C903452D-F242-5368-3A53-B53766C88F7C} - C:\WINDOWS\ATLHI32.DLL
O2 - BHO: Class - {0B649B1D-1991-3800-5A4C-D99061C9C13A} - C:\WINDOWS\IPLK32.DLL
O2 - BHO: Class - {36831713-F302-4755-78D3-A8F257D74FEF} - C:\WINDOWS\SYSTEM\NTQJ32.DLL
O2 - BHO: Class - {623E5DF9-CC25-2935-D4FF-B90A1C705AE7} - C:\WINDOWS\SYSTEM\NTWX.DLL
O2 - BHO: Class - {5C335C11-F3C4-1C7D-F736-792A9AAF1A3B} - C:\WINDOWS\MFCPW32.DLL
O2 - BHO: Class - {535C0AC4-7A9A-D625-3C05-BD827CE8A41E} - C:\WINDOWS\MSUN.DLL
O2 - BHO: Class - {E1544B4C-80FE-4978-4D7B-064822DA8985} - C:\WINDOWS\SYSTEM\D3XE32.DLL
O2 - BHO: Class - {4A7092F2-F9BF-A53C-E367-544BBE138D4B} - C:\WINDOWS\ATLJA.DLL
O2 - BHO: Class - {5DF7655C-7684-2659-1EDD-9779C8A8F86E} - C:\WINDOWS\SYSTEM\IPSZ.DLL
O2 - BHO: Class - {6D58C8C3-0A00-0929-E359-77C521C2D819} - C:\WINDOWS\NTGB32.DLL
O2 - BHO: Class - {729087AF-F985-6D35-58ED-1A52E73988DF} - C:\WINDOWS\IPTN.DLL
O2 - BHO: Class - {88A0DFAF-D127-0E42-9723-AC5C6B593177} - C:\WINDOWS\ATLTY32.DLL
O2 - BHO: Class - {5FBA805B-F201-88C4-DB31-EC6A83084856} - C:\WINDOWS\CRSS.DLL
O2 - BHO: Class - {EDB351A4-66C4-592C-4D6E-5DA4F46F6A5C} - C:\WINDOWS\ATLGZ.DLL
O2 - BHO: Class - {763ADD3C-7B26-280D-0E09-6A458BCC44E2} - C:\WINDOWS\SYSTEM\WINJW.DLL
O2 - BHO: Class - {117941E9-9B27-77EF-DB55-8CBAA2F96C40} - C:\WINDOWS\SYSTEM\WINCL.DLL
O2 - BHO: Class - {17409720-5ED0-FD1E-30CC-A5B875F49EE6} - C:\WINDOWS\ATLHG.DLL
O2 - BHO: Class - {50CEBE40-0931-C174-0942-791226F19C0F} - C:\WINDOWS\NTRY32.DLL
O2 - BHO: Class - {68C6AA6A-4778-AC3E-3F9D-AC8A546288F3} - C:\WINDOWS\SYSTEM\CRTV32.DLL
O2 - BHO: Class - {BEE41A21-E58B-B9A5-ADED-47566EFF22AC} - C:\WINDOWS\SYSTEM\APPZS.DLL
O2 - BHO: Class - {7DE152D8-309F-6788-9563-DF3BA708A2CC} - C:\WINDOWS\SYSGV.DLL
O2 - BHO: Class - {20043697-EF16-80E8-D345-5DC1961EAEAD} - C:\WINDOWS\IPAH.DLL
O2 - BHO: Class - {49D79343-8AF0-E18F-1F68-3EBABD9EFC8E} - C:\WINDOWS\SYSTEM\CREL32.DLL
O2 - BHO: Class - {1713182A-5092-DD29-01DB-F0D69793396C} - C:\WINDOWS\ADDCO.DLL
O2 - BHO: Class - {B8680B1D-2686-D979-4A88-9E2B028772F1} - C:\WINDOWS\MSGA.DLL
O2 - BHO: Class - {C1BF8E7C-1DED-94CD-B9DB-77FF6BE17635} - C:\WINDOWS\SYSTEM\D3HA.DLL
O2 - BHO: Class - {9E11A364-818B-61DC-ADA3-FCB9FB027B7A} - C:\WINDOWS\SYSTEM\IPAT.DLL
O2 - BHO: Class - {C4256F17-9F19-07CD-4CC8-B9CB62945BD8} - C:\WINDOWS\ATLQH32.DLL
O2 - BHO: Class - {2DD8499E-F50B-754E-6EAF-429E150C3C8E} - C:\WINDOWS\IPSB.DLL
O2 - BHO: Class - {681FA96D-6F15-8739-96F3-BC15F0F1D348} - C:\WINDOWS\SYSTEM\MFCKS.DLL
O2 - BHO: Class - {D8B75631-FC5A-770C-FEB6-B6EE7D86FB2F} - C:\WINDOWS\ADDOC32.DLL

O2 - BHO: Class - {212369CB-F3F6-8742-D3D1-58CD02D51232} - C:\WINDOWS\CRNB.DLL
O2 - BHO: Class - {CBBEC243-B125-F6CB-20B6-4A6446E07C07} - C:\WINDOWS\MSBA32.DLL
O2 - BHO: Class - {B881B765-89FF-CE92-AE6F-F766EAF788EC} - C:\WINDOWS\SYSTEM\NETXW.DLL
O2 - BHO: Class - {21E850CF-5A09-0AF5-66B1-F1F5DB1DC8BB} - C:\WINDOWS\SYSTEM\JAVAOE32.DLL
O2 - BHO: Class - {97DB42AA-550F-63DF-AE90-197E36BD4BC7} - C:\WINDOWS\SYSTEM\APIVF32.DLL
O2 - BHO: Class - {57735AF3-729E-E963-686F-450AEB89CFBB} - C:\WINDOWS\SYSTEM\SDKMN.DLL
O2 - BHO: Class - {D321F1B2-258B-8BA4-5BA7-B58A457F3391} - C:\WINDOWS\NETUK.DLL
O2 - BHO: Class - {877B338B-0B25-FB35-72B8-272EF3FF6CDC} - C:\WINDOWS\WINOG32.DLL
O2 - BHO: Class - {0AC2FBEE-D449-CA03-0630-EADD513C5AD4} - C:\WINDOWS\SYSTEM\IESQ.DLL
O2 - BHO: Class - {8BD846C5-4E3D-6F7B-5393-8BCE97D492E2} - C:\WINDOWS\SYSTEM\MFCSK.DLL
O2 - BHO: Class - {33A91ECF-F829-DFA8-9851-A9542E8C427A} - C:\WINDOWS\CRCO.DLL
O2 - BHO: Class - {6DF792E2-E465-9370-BF80-0572AA228138} - C:\WINDOWS\WINJA.DLL
O2 - BHO: Class - {679FBC90-9CFF-0EE3-49C1-BCDA522B0F8F} - C:\WINDOWS\APISV32.DLL
O2 - BHO: Class - {9F0FB147-4D6E-FF9B-41FA-9D4944F72B27} - C:\WINDOWS\SYSTEM\WINPP32.DLL
O2 - BHO: Class - {64A70346-6FA4-EA8B-7DD1-5A4B17FBDA8B} - C:\WINDOWS\IPVI32.DLL
O2 - BHO: Class - {0B4CB86F-D21A-B1C2-381D-61FA9B55F603} - C:\WINDOWS\D3NE.DLL
O2 - BHO: Class - {BF8BB1DF-5D06-CF3D-61A2-C4572371188D} - C:\WINDOWS\SYSTEM\CROG32.DLL
O2 - BHO: Class - {408A38D3-8F90-3682-07E0-801204F76847} - C:\WINDOWS\IEWY32.DLL
O2 - BHO: Class - {D26AE4F7-8228-80E6-B5BD-8F1418D6EC44} - C:\WINDOWS\MSQD.DLL
O2 - BHO: Class - {7E138803-B04F-E7FE-F90D-174F78CA6C63} - C:\WINDOWS\APPRG32.DLL
O2 - BHO: Class - {65148F3D-7C0A-BD4A-3BAC-4792CE9F9906} - C:\WINDOWS\SYSTEM\IEPO32.DLL
O2 - BHO: Class - {16BD821E-5751-423E-4850-6CC5D07FECD8} - C:\WINDOWS\WINFC32.DLL
O2 - BHO: Class - {39F81973-6574-4564-2541-A739AF45736D} - C:\WINDOWS\SYSTEM\CRUL.DLL
O2 - BHO: Class - {BC8CA085-07E3-21F2-DA8F-E587284CCE40} - C:\WINDOWS\SYSTEM\MFCTQ32.DLL
O2 - BHO: Class - {1B0320C5-7962-CAB8-4631-794CE95AEAA2} - C:\WINDOWS\SYSTEM\WINYX32.DLL
O2 - BHO: Class - {C14A63C4-80B0-D977-7CCE-440563F34821} - C:\WINDOWS\SYSGA.DLL
O2 - BHO: Class - {9D6CA933-5DD8-2C94-38B3-72D318BE2E40} - C:\WINDOWS\MFCTF32.DLL
O2 - BHO: Class - {3C7FB04E-255B-74C8-0E5F-D8E57CAAC3BC} - C:\WINDOWS\APPJV32.DLL
O2 - BHO: Class - {1710DA8B-904F-0713-6DAB-2DCE844A53CB} - C:\WINDOWS\ATLRG.DLL
O2 - BHO: Class - {064CE72F-402C-6FA9-72C8-ADF5FEC210AD} - C:\WINDOWS\ADDHD32.DLL
O2 - BHO: Class - {0C46C72F-75AC-E403-AC2F-A5CE6740682F} - C:\WINDOWS\SYSTEM\NETRU.DLL
O2 - BHO: Class - {563BADF4-B92C-E9EE-8603-7AC32CC25C50} - C:\WINDOWS\SYSTEM\IEFZ32.DLL
O2 - BHO: Class - {C2E0B279-5970-A3D1-B0AB-50937597E089} - C:\WINDOWS\JAVAEM32.DLL
O2 - BHO: Class - {713F144B-5898-618A-4E0D-6EE7143F514B} - C:\WINDOWS\SYSTEM\D3DS.DLL
O2 - BHO: Class - {CB815E94-BCDA-D961-BB29-B79246A53BCE} - C:\WINDOWS\SYSTEM\MFCKU32.DLL
O2 - BHO: Class - {A99F9B30-3955-2A6A-81D0-F7595C4037EE} - C:\WINDOWS\SYSTEM\D3UY.DLL
O2 - BHO: Class - {F1EFE927-B84C-7C17-C3D4-7AC684B24CC4} - C:\WINDOWS\IPKI32.DLL
O2 - BHO: Class - {3D1EDC97-1535-F712-2560-F53C655C2E3A} - C:\WINDOWS\SYSTEM\D3ZP32.DLL
O2 - BHO: Class - {8C80055A-2ABA-C2FE-A88F-5EB80B4FBF81} - C:\WINDOWS\APIEO.DLL
O2 - BHO: Class - {42591F48-5938-46D1-B6DE-6A4542AEEAE7} - C:\WINDOWS\SYSTEM\NETOM.DLL
O2 - BHO: Class - {195BB02B-4008-2F27-063D-AEAD3798CA0C} - C:\WINDOWS\SYSTEM\APIXM.DLL
O2 - BHO: Class - {E4D3C2D4-43E8-6EBA-F575-624030B77E11} - C:\WINDOWS\SYSTEM\CRMB32.DLL
O2 - BHO: Class - {CDDABFD3-90AF-3505-3DF4-F8DF446C5C4F} - C:\WINDOWS\SYSTEM\WINXZ32.DLL
O2 - BHO: Class - {7F4CE956-85DB-C94B-632E-0F990624338D} - C:\WINDOWS\SYSTEM\SYSUS32.DLL
O2 - BHO: Class - {5147DCF6-5BA6-86BB-18A0-32322B005A96} - C:\WINDOWS\SYSTEM\NETAL32.DLL
O2 - BHO: Class - {52CCDCC2-DD0E-F0FC-BD6E-D4A46E9FB156} - C:\WINDOWS\SDKEP.DLL
O2 - BHO: Class - {97AC3B80-36B3-A671-61A4-A082376633B5} - C:\WINDOWS\SYSTEM\WINJV32.DLL
O2 - BHO: Class - {5402AB12-1E57-8C5A-52A7-9FECEBE735E7} - C:\WINDOWS\IPXS32.DLL
O2 - BHO: Class - {DACC5AF0-CB53-4D9E-964B-C1A3A6FB2CB3} - C:\WINDOWS\SYSTEM\WINIZ.DLL
O2 - BHO: Class - {72AA53A4-B5AC-5E43-6698-8815A98A4915} - C:\WINDOWS\SYSTEM\JAVAHP32.DLL
O2 - BHO: Class - {12405A54-7E5C-D9E3-C492-9DB13E5563E6} - C:\WINDOWS\SYSTEM\IPMU32.DLL
O2 - BHO: Class - {2793398C-63BA-9933-FF75-7C0CDD7AC593} - C:\WINDOWS\NETVT32.DLL
O2 - BHO: Class - {F18949DB-2CBC-81C3-5DC7-B25366CB61D4} - C:\WINDOWS\SYSLZ32.DLL
O2 - BHO: Class - {66B2F006-8D10-B63E-B2AB-28BE00E949E9} - C:\WINDOWS\JAVAQD32.DLL
O2 - BHO: Class - {47E7FB99-9433-5DC9-C75A-A370C44C2593} - C:\WINDOWS\NTOY32.DLL
O2 - BHO: Class - {D01458BE-A8C8-8EDC-19AA-844D8150E2BF} - C:\WINDOWS\SYSTEM\APPZR32.DLL
O2 - BHO: Class - {25D04347-1703-1261-677F-2F9538E86B36} - C:\WINDOWS\MFCKK32.DLL
O2 - BHO: Class - {492D9FD5-82FB-DA97-F86D-363F788ECDA7} - C:\WINDOWS\SYSTEM\ATLHZ32.DLL
O2 - BHO: Class - {E7B5B80E-5488-9B50-227D-41B9A402E405} - C:\WINDOWS\SYSTEM\MFCRH32.DLL
O2 - BHO: Class - {A7061A54-AA48-8E85-6226-29B40686EB26} - C:\WINDOWS\MSTG.DLL
O2 - BHO: Class - {A178C8EE-CDB1-EE34-6193-4875937FBC1A} - C:\WINDOWS\SYSTEM\CREI32.DLL
O2 - BHO: Class - {AB1F2469-424C-0E58-738F-2149079121EF} - C:\WINDOWS\SYSTEM\SDKOQ.DLL
O2 - BHO: Class - {4F52FBE4-19CE-6D90-8D3F-7C5181690838} - C:\WINDOWS\SYSTEM\JAVATF32.DLL
O2 - BHO: Class - {95A94D63-B037-4534-0339-EADC719C1CC7} - C:\WINDOWS\SYSTEM\CRHP.DLL
O2 - BHO: Class - {F53EC50C-1736-5E28-E668-CFFB2AA3AE8D} - C:\WINDOWS\MFCHP32.DLL
O2 - BHO: Class - {152ECDD8-5431-E0A6-52CD-447AF55F61DC} - C:\WINDOWS\APPOO.DLL
O2 - BHO: Class - {5BBF8236-347C-D4BB-9535-C22A70AE8A41} - C:\WINDOWS\SYSTEM\ATLYE.DLL
O2 - BHO: Class - {6D31B2A8-16A2-A5FC-3013-852DD5FDF6CF} - C:\WINDOWS\SYSTEM\MFCYK32.DLL
O2 - BHO: Class - {E2FEE2C3-0100-448E-5AF5-AB6F96102DB3} - C:\WINDOWS\SYSTEM\D3XQ.DLL
O2 - BHO: Class - {96391DD3-6D4A-2FEE-7D92-0320407E3BFE} - C:\WINDOWS\MFCNG32.DLL
O2 - BHO: Class - {07DCAC36-045B-45B8-22CE-A449FF8F0C93} - C:\WINDOWS\IESL32.DLL
O2 - BHO: Class - {A7062350-102D-9365-9933-EC3C432D30F0} - C:\WINDOWS\SYSTEM\NETFE32.DLL
O2 - BHO: Class - {4AADCC72-5D6B-DD82-3227-0B1C9AC4510E} - C:\WINDOWS\SYSTEM\MFCKR32.DLL
O2 - BHO: Class - {CA46CB74-D4B2-9E7F-A17F-D83F0FCBE44D} - C:\WINDOWS\APIEQ32.DLL
O2 - BHO: Class - {4476003E-1C4F-1EF2-097F-B2D801824FD1} - C:\WINDOWS\ADDBW.DLL
O2 - BHO: Class - {6C9AE9E1-D36B-85B4-1F25-941CA52D764A} - C:\WINDOWS\NETMY.DLL
O2 - BHO: Class - {624D5D5F-AD31-FC73-18EC-CDFA0783C957} - C:\WINDOWS\SYSTEM\CRPH.DLL
O2 - BHO: Class - {4D508BC6-E602-22E5-786F-6D1016C70595} - C:\WINDOWS\SYSTEM\WINRP.DLL
O2 - BHO: Class - {846F9A8E-E7DB-6F52-C00E-3F1ED8F8566C} - C:\WINDOWS\APIXR32.DLL
O2 - BHO: Class - {A8D3DED7-7071-7D7A-EDA5-B13F1BEFDF43} - C:\WINDOWS\SYSTEM\ADDDV32.DLL
O2 - BHO: Class - {AE89618D-83F7-9088-15B6-CAAE92C0CF26} - C:\WINDOWS\ATLBG.DLL
O2 - BHO: Class - {DEE5A8CC-681C-69DA-0594-D75A210D6FC9} - C:\WINDOWS\SYSTEM\NETTT32.DLL
O2 - BHO: Class - {0AB14B0F-893F-29DB-B01D-5EB7929375EA} - C:\WINDOWS\SYSTEM\APPQU.DLL
O2 - BHO: Class - {EC3C5AED-E2DA-73C6-5F7A-34AD56601D04} - C:\WINDOWS\SYSTEM\NETJR32.DLL
O2 - BHO: Class - {7E7E564B-AB87-9CE8-1B6D-B588C2C0D77D} - C:\WINDOWS\SYSTEM\JAVAMR.DLL
O2 - BHO: Class - {85CC1685-0441-3212-9DC9-3C658F9C15E6} - C:\WINDOWS\WINKK.DLL
O2 - BHO: Class - {49AD18BC-BD54-A38C-60CA-80FECFDD013F} - C:\WINDOWS\SYSTEM\NETAX32.DLL
O2 - BHO: Class - {35E75B60-AF25-B5D1-421C-D4D30CDE44B5} - C:\WINDOWS\WINBH.DLL
O2 - BHO: Class - {88C2CD25-74FA-F38B-0123-D36D8516B291} - C:\WINDOWS\SYSTEM\APPLU.DLL
O2 - BHO: Class - {EA0CB9FE-97B4-B061-6CB7-E205B89CDFA5} - C:\WINDOWS\NETDK.DLL
O2 - BHO: Class - {62627DBF-EDEE-7FF3-A979-5704D24B341F} - C:\WINDOWS\IPHY32.DLL
O2 - BHO: Class - {7E1181D1-3C72-2402-8167-9DC0FB9A9570} - C:\WINDOWS\SYSOA32.DLL
O2 - BHO: Class - {BFAA3D4F-3121-6765-035E-63AE94A824A9} - C:\WINDOWS\MSNR32.DLL
O2 - BHO: Class - {2B33EA89-1D32-F522-553E-7D97ADB095BC} - C:\WINDOWS\NETXG.DLL
O2 - BHO: Class - {78BDA9AC-5B7C-DF76-EB74-464C7B32E142} - C:\WINDOWS\SYSTEM\MSBL.DLL
O2 - BHO: Class - {1BA20843-72E1-0CD0-07FC-B063B761934B} - C:\WINDOWS\MFCSM.DLL
O2 - BHO: Class - {2874F5E4-4E22-02E1-3EB9-95C683EBB89D} - C:\WINDOWS\SYSTEM\SYSYU.DLL
O2 - BHO: Class - {01E4E0CC-8390-738E-DCC2-DEFBA2BEAA16} - C:\WINDOWS\ADDWQ32.DLL
O2 - BHO: Class - {1A085177-20C3-3E8C-A684-F75B481990AC} - C:\WINDOWS\SYSTEM\CRCW32.DLL
O2 - BHO: Class - {454350B4-B790-0791-A1C8-80FEADC5C373} - C:\WINDOWS\SYSTEM\SDKVA32.DLL
O2 - BHO: Class - {24EA7147-8ADE-60FB-9A87-0CDC80283EB6} - C:\WINDOWS\SYSTEM\IEGW.DLL
O2 - BHO: Class - {0FEE5D2A-A195-D731-04FB-088BCDFE1605} - C:\WINDOWS\SYSTEM\ADDHO.DLL
O2 - BHO: Class - {A1707E57-97E3-8002-818D-CFC7285515EB} - C:\WINDOWS\CRJK.DLL
O2 - BHO: Class - {C5844CBD-D015-394D-8C9A-B52CFEA94E45} - C:\WINDOWS\CRUS32.DLL
O2 - BHO: Class - {C3DFD60C-F72B-47B4-D7B9-54227AB606A9} - C:\WINDOWS\ADDUP32.DLL
O2 - BHO: Class - {7C121035-5121-FC97-9150-A3A543AADFC9} - C:\WINDOWS\NETIY32.DLL
O2 - BHO: Class - {377FC94D-A085-2B89-B543-C2E033EE98D3} - C:\WINDOWS\MSMQ32.DLL
O2 - BHO: Class - {05BA6786-BD18-0F32-22B0-5A96569D79FC} - C:\WINDOWS\SYSTEM\SDKHY.DLL
O2 - BHO: Class - {9E37589B-6037-730A-AAF5-DB565653BA71} - C:\WINDOWS\ADDGA.DLL
O2 - BHO: Class - {CF3AB6EC-D193-5BB6-FA30-2F78E15DD4A2} - C:\WINDOWS\SYSTEM\MSWS32.DLL
O2 - BHO: Class - {FBCF6059-ADF3-D81A-569F-B5418D18F77B} - C:\WINDOWS\SYSTEM\ADDUZ.DLL
O2 - BHO: Class - {AC9C4885-7656-D10D-70A9-3D0592AAE898} - C:\WINDOWS\ATLUK32.DLL
O2 - BHO: Class - {EC3B8259-77D9-2F68-6B2A-AF9FF9CF5147} - C:\WINDOWS\MFCZR32.DLL
O2 - BHO: Class - {EE37178B-E57C-4045-A483-E895595C72A5} - C:\WINDOWS\SDKDY.DLL
O2 - BHO: Class - {8C4D260B-1E41-DA14-F55E-71DD630C18DD} - C:\WINDOWS\ADDSA32.DLL
O2 - BHO: Class - {FC1E5A00-A475-6F23-C75B-AF391DF9A652} - C:\WINDOWS\SYSTEM\NETLX32.DLL
O2 - BHO: Class - {B088BB03-A955-DF80-4E09-5DC8A264B0FB} - C:\WINDOWS\JAVAAQ.DLL
O2 - BHO: Class - {E3C75ADD-28CA-1552-C53A-CB5117FD483C} - C:\WINDOWS\WINDA.DLL
O2 - BHO: Class - {05C385B6-7FC4-E925-8D56-57E4883FEB91} - C:\WINDOWS\SYSTEM\MSCV.DLL
O2 - BHO: Class - {DD4E4285-FC77-25C4-758D-88C44D92F004} - C:\WINDOWS\NTFO32.DLL
O2 - BHO: Class - {B6D1DBD7-7CE0-C7E1-FD3E-3A085699CA02} - C:\WINDOWS\SYSTEM\SDKFG32.DLL
O2 - BHO: Class - {97D8529E-8426-8A47-0FBD-F6E161E949B6} - C:\WINDOWS\NETCY32.DLL
O2 - BHO: Class - {EAC8EAAD-1677-492B-64A3-508A6BCC2A6B} - C:\WINDOWS\SYSTEM\MFCYH32.DLL
O2 - BHO: Class - {D063FD03-077E-B4D0-938C-2830B005C678} - C:\WINDOWS\SYSTEM\APIUI.DLL
O2 - BHO: Class - {D11C942D-5FEC-5BB1-DBC6-80399011BFD4} - C:\WINDOWS\SYSTEM\WINGH32.DLL
O2 - BHO: Class - {5B86A516-4121-F602-C428-DD7BCCE4EE39} - C:\WINDOWS\WINBY32.DLL
O2 - BHO: Class - {51704C8A-007A-8362-32D7-C2EE36CE9214} - C:\WINDOWS\D3AT32.DLL
O2 - BHO: Class - {5F54EB56-ABB3-1965-610E-A3DF515F7AB9} - C:\WINDOWS\NTSK.DLL
O2 - BHO: Class - {FBC662AC-AA0D-1389-1431-40872CBDACA2} - C:\WINDOWS\MFCPW.DLL
O2 - BHO: Class - {C150DCAF-9AA1-954F-F789-F83FF58EDA51} - C:\WINDOWS\SYSTEM\APPGV.DLL
O2 - BHO: Class - {DB34B7F0-D490-5205-7CAE-49DCC4F42315} - C:\WINDOWS\NTDS32.DLL
O2 - BHO: Class - {CF0FE0B4-B899-8E95-6314-65A22C19F1A0} - C:\WINDOWS\SYSTEM\NTXX32.DLL
O2 - BHO: Class - {47A26272-7206-89FE-DA48-D1E7E5F2563D} - C:\WINDOWS\APPQR32.DLL
O2 - BHO: Class - {5E4F3BA8-8431-6734-64CD-822C3E86697B} - C:\WINDOWS\CRRC32.DLL
O2 - BHO: Class - {4907C9FA-B308-2D69-C19A-9B28CC732FD5} - C:\WINDOWS\APIRQ32.DLL
O2 - BHO: Class - {D77CE876-830C-3395-C57C-BB0351681BA9} - C:\WINDOWS\SYSTEM\MSER32.DLL
O2 - BHO: Class - {595B6F97-0EE2-D3B5-71F3-2C7A5AC2B4E1} - C:\WINDOWS\NTXI.DLL
O2 - BHO: Class - {C957F4B1-2AD0-BEA8-7783-322AC8B7897A} - C:\WINDOWS\SYSTEM\JAVAWQ32.DLL
O2 - BHO: Class - {AA0B70B4-0585-98FF-591D-792B7C365368} - C:\WINDOWS\MFCPJ32.DLL
O2 - BHO: Class - {7A26499E-DD3F-7DE5-369D-A77FC5967AE5} - C:\WINDOWS\APPZP.DLL
O2 - BHO: Class - {6EFFA990-F22A-F3C6-CCFB-DFC709EE2D61} - C:\WINDOWS\SYSTEM\JAVAVE.DLL
O2 - BHO: Class - {CFEE94A2-6DC5-1DD4-6319-B8255C0DD757} - C:\WINDOWS\MSMR32.DLL
O2 - BHO: Class - {377E2D23-5942-CAEA-8A18-786C8A551704} - C:\WINDOWS\SYSTEM\APPWS32.DLL
O2 - BHO: Class - {989AC10B-33A1-404F-8E60-393487B79570} - C:\WINDOWS\SYSTEM\APICA32.DLL
O2 - BHO: Class - {D319ADC9-32F9-B509-BC94-C0B30CFDEB91} - C:\WINDOWS\MSPT32.DLL
O2 - BHO: Class - {145A0E5A-DD34-84C0-277C-9312EFBCE41F} - C:\WINDOWS\SYSTEM\NTAS.DLL
O2 - BHO: Class - {55E6CF7B-F013-B32D-B116-5147DD5BB2CC} - C:\WINDOWS\IECQ32.DLL
O2 - BHO: Class - {CD99EFBB-CCE5-EB8A-B92D-0D84C1A54262} - C:\WINDOWS\JAVAVP32.DLL
O2 - BHO: Class - {367AF43B-3A39-60ED-D791-CDB4035A008B} - C:\WINDOWS\SYSTEM\ADDDJ32.DLL
O2 - BHO: Class - {DAC94D83-35DB-56CB-E0DC-071478A46ECF} - C:\WINDOWS\SDKDR32.DLL
O2 - BHO: Class - {93746255-B5DE-D30D-5090-EA932B2CE594} - C:\WINDOWS\APPED32.DLL
O2 - BHO: Class - {5427C122-41DC-07F0-770B-7D0652D91511} - C:\WINDOWS\SDKYO.DLL
O2 - BHO: Class - {44C00AED-8BA8-470B-A15F-CC829401DF86} - C:\WINDOWS\NTWJ.DLL
O2 - BHO: Class - {1EABA962-FA74-9FEF-7542-4F72CB88F550} - C:\WINDOWS\SYSTEM\JAVAZC.DLL
O2 - BHO: Class - {CC492B23-D765-1168-B1BB-2E0624A5E876} - C:\WINDOWS\APPVZ32.DLL
O2 - BHO: Class - {16A67573-5153-0344-B04A-BF8F43B5057F} - C:\WINDOWS\SDKQL.DLL
O2 - BHO: Class - {010A99FA-9882-49E3-F544-44129592A646} - C:\WINDOWS\JAVAIS32.DLL
O2 - BHO: Class - {45515FC7-AD26-6A2F-C22C-EB596043181A} - C:\WINDOWS\SDKZG32.DLL
O2 - BHO: Class - {B8758CB9-31CB-EDCD-9E5A-307A8A0E5851} - C:\WINDOWS\NTNS.DLL
O2 - BHO: Class - {920ADE20-FD1B-1B77-04D7-CF62AAF0FE93} - C:\WINDOWS\APPYN.DLL
O2 - BHO: Class - {828524ED-ED6D-A20C-6F14-FC74EFF49372} - C:\WINDOWS\SYSTEM\MFCJA32.DLL
O2 - BHO: Class - {B6F8DB98-4F82-F737-62AB-FCA0E147B64B} - C:\WINDOWS\ADDIJ32.DLL
O2 - BHO: Class - {ECD9AFAB-0E4B-31BD-F3E9-72B83A4A7053} - C:\WINDOWS\CRCY32.DLL
O2 - BHO: Class - {9E8EB271-18B9-DD29-62BA-735D7647C115} - C:\WINDOWS\SYSTEM\APIII32.DLL
O2 - BHO: Class - {AC669ABF-5B57-0E33-118A-F9FF8DFB0F99} - C:\WINDOWS\SYSTEM\D3LU32.DLL
O2 - BHO: Class - {789F2606-FEA9-3116-F794-795DD3D064A8} - C:\WINDOWS\SYSTEM\ADDRG32.DLL
O2 - BHO: Class - {CB92CAF2-BB6F-2EFA-3B81-0B9E054D0152} - C:\WINDOWS\SYSTEM\APPBX.DLL
O2 - BHO: Class - {CD9A6771-C46F-33AE-F3E8-73805E624B37} - C:\WINDOWS\SYSTEM\CRIR32.DLL
O2 - BHO: Class - {A50865E4-41F3-A6FC-9B1B-A396EC13BEFB} - C:\WINDOWS\SYSKS32.DLL
O2 - BHO: Class - {2624E088-2428-1219-3E4B-3BBF81BB1CA2} - C:\WINDOWS\JAVARG.DLL
O2 - BHO: Class - {D4CEABA9-D63F-68BC-E883-62B7A95340FA} - C:\WINDOWS\WINRA.DLL
O2 - BHO: Class - {674D012F-6A8F-3061-C6A3-EAEE4CA2D4CA} - C:\WINDOWS\MSTK.DLL
O2 - BHO: Class - {EE588249-89FE-CC0C-5F52-8B9B0349363A} - C:\WINDOWS\ATLFK32.DLL
O2 - BHO: Class - {1E4FA091-2610-BB11-D977-E8D62618F6A1} - C:\WINDOWS\SYSTEM\APPPO.DLL
O2 - BHO: Class - {281B123F-4C98-C682-AA2C-5C22B63F01EA} - C:\WINDOWS\SYSTEM\NETTS32.DLL
O2 - BHO: Class - {5E93BFA4-E3A3-A490-38A3-35AC461BD0D4} - C:\WINDOWS\SYSTEM\JAVAMP.DLL
O2 - BHO: Class - {0846276E-4539-F77E-477A-1EF23204BFBA} - C:\WINDOWS\NETPN.DLL
O2 - BHO: Class - {24D83F4B-5E67-7414-3146-E8C955AD1DC5} - C:\WINDOWS\SYSTEM\D3DC32.DLL
O2 - BHO: Class - {C35F786F-B794-DD3B-6CB7-09E465737D74} - C:\WINDOWS\CRZC.DLL
O2 - BHO: Class - {17102DB6-A6D5-F007-A996-BB48F49B041B} - C:\WINDOWS\SYSTEM\APIAD.DLL
O2 - BHO: Class - {78207E3B-9435-63F5-AAB9-07AD40708C94} - C:\WINDOWS\SYSTEM\APITJ.DLL
O2 - BHO: Class - {99CF8546-BC86-3DA0-6B8E-2653966D4EFE} - C:\WINDOWS\SYSTEM\SDKQA.DLL
O2 - BHO: Class - {9D982F9D-035B-FE7A-252A-1E960E1F3E5A} - C:\WINDOWS\APIRU32.DLL
O2 - BHO: Class - {27B5350B-649B-63FF-1B2C-479661DBD6C6} - C:\WINDOWS\SYSTEM\ATLSZ.DLL
O2 - BHO: Class - {BCE91F60-1199-9788-372A-9B4D8255E7E3} - C:\WINDOWS\SYSTEM\NTFR.DLL
O2 - BHO: Class - {CE7D80D8-7E43-3A25-CDE0-27CB6EC4F44B} - C:\WINDOWS\SYSTEM\JAVAYX.DLL
O2 - BHO: Class - {2FDECE36-9908-3C07-94EF-739590374096} - C:\WINDOWS\CRJZ32.DLL
O2 - BHO: Class - {4D6349C9-DB1F-F1BC-CA27-1B9D604C7F02} - C:\WINDOWS\IPAC32.DLL
O2 - BHO: Class - {A3A1D3DD-CE5C-50A8-BB1C-D6D51301175C} - C:\WINDOWS\APILB32.DLL
O2 - BHO: Class - {02B85060-C545-704B-69E4-1538E94BC63B} - C:\WINDOWS\SYSTEM\WINNZ32.DLL
O2 - BHO: Class - {A0B55625-9B28-3982-4F9A-95AADD2571E9} - C:\WINDOWS\SYSTEM\SYSUK.DLL
O2 - BHO: Class - {208BD52E-0FBE-1A74-EDD3-17AF2F8C6991} - C:\WINDOWS\SYSTEM\D3EA32.DLL
O2 - BHO: Class - {37FCAE93-3DD3-0DA5-57E3-33AB79711548} - C:\WINDOWS\SYSTEM\SDKJW32.DLL
O2 - BHO: Class - {3732FBFA-6A47-1C64-47E4-B6B9A9902850} - C:\WINDOWS\SYSTEM\APIFE32.DLL
O2 - BHO: Class - {82928524-2796-D201-7EF9-9AD26C680B62} - C:\WINDOWS\APPEV32.DLL
O2 - BHO: Class - {3E9299CE-589B-4D8F-1BB7-1BB410CBAC8C} - C:\WINDOWS\IPDX32.DLL
O2 - BHO: Class - {B1C677B3-B411-DB4C-5060-4FBCDCDEE682} - C:\WINDOWS\APPMH.DLL
O2 - BHO: Class - {A39532FF-4A6C-D2B8-33EC-0AF5DB34793A} - C:\WINDOWS\MFCWM.DLL
O2 - BHO: Class - {704E16AA-C13C-C3D3-02A7-38BA672B853A} - C:\WINDOWS\SYSTEM\D3JD.DLL
O2 - BHO: Class - {7AF9B025-A80E-75C2-AC93-2B24CF7C4231} - C:\WINDOWS\SDKWW.DLL
O2 - BHO: Class - {6FA3BCDE-9CB2-3DEF-6909-0B2629F9CE74} - C:\WINDOWS\MSLK32.DLL
O2 - BHO: Class - {C3A39351-DEB8-8E15-2A5F-CAD2770B4E07} - C:\WINDOWS\SYSTEM\APIEW.DLL
O2 - BHO: Class - {8BD83B7D-5449-6BE0-8A30-69CEB9CF5FA1} - C:\WINDOWS\IEAO.DLL
O2 - BHO: Class - {6F4B23DA-F796-90AD-CDF9-FF9C25D11F73} - C:\WINDOWS\MFCAI.DLL
O2 - BHO: Class - {34594EF1-CE58-7AA1-A505-4C0DA46EDB2B} - C:\WINDOWS\NETUE32.DLL
O2 - BHO: Class - {75C66E0B-A0B4-0E63-2432-962290285149} - C:\WINDOWS\CRGM.DLL
O2 - BHO: Class - {82116C96-F9F0-3770-8D52-5A0E6907D828} - C:\WINDOWS\SYSTEM\NETLQ.DLL
O2 - BHO: Class - {2DB30CDE-FFBE-F482-C684-1183F1D1F6D2} - C:\WINDOWS\SDKIH32.DLL
O2 - BHO: Class - {294004EC-8516-B818-1303-0C44B60178A0} - C:\WINDOWS\WINPW32.DLL
O2 - BHO: Class - {BDA708A5-8020-F30C-6759-546F47B30DFD} - C:\WINDOWS\APPKL.DLL
O2 - BHO: Class - {F46BFBE4-74D6-8A19-EF8B-A8BBD569B571} - C:\WINDOWS\NETRG32.DLL
O2 - BHO: Class - {32647596-213A-8327-EDB5-24A45C5C5E36} - C:\WINDOWS\SDKIG.DLL
O2 - BHO: Class - {7AB77F55-C5F3-B1C6-589B-BDCDBBD58BCD} - C:\WINDOWS\SYSTEM\APPAV32.DLL
O2 - BHO: Class - {830DA3C7-9364-45BB-7D13-E8A6BFF98461} - C:\WINDOWS\SYSTEM\SYSRL32.DLL
O2 - BHO: Class - {72E5ADE9-1A9D-119A-E0D8-FC41D7E58CA2} - C:\WINDOWS\SYSTEM\SDKKU.DLL
O4 - HKLM\..\Run: [APPHH.EXE] C:\WINDOWS\SYSTEM\APPHH.EXE
O4 - HKLM\..\Run: [APILR.EXE] C:\WINDOWS\SYSTEM\APILR.EXE
O4 - HKLM\..\Run: [IEKA.EXE] C:\WINDOWS\SYSTEM\IEKA.EXE
O4 - HKLM\..\Run: [IEDW32.EXE] C:\WINDOWS\IEDW32.EXE
O4 - HKLM\..\RunServices: [ADDSH32.EXE] C:\WINDOWS\ADDSH32.EXE /s
O4 - HKLM\..\RunServices: [CRYP32.EXE] C:\WINDOWS\SYSTEM\CRYP32.EXE /s
O4 - HKLM\..\RunServices: [ADDZB.EXE] C:\WINDOWS\ADDZB.EXE /s
O4 - HKLM\..\RunServices: [SDKUC32.EXE] C:\WINDOWS\SDKUC32.EXE /s
O4 - HKLM\..\RunServices: [SDKUW32.EXE] C:\WINDOWS\SDKUW32.EXE /s
O4 - HKLM\..\RunServices: [MFCCR.EXE] C:\WINDOWS\MFCCR.EXE /s
O4 - HKLM\..\RunServices: [IECH32.EXE] C:\WINDOWS\SYSTEM\IECH32.EXE /s
O4 - HKLM\..\RunServices: [APPAD.EXE] C:\WINDOWS\SYSTEM\APPAD.EXE /s
O4 - HKLM\..\RunServices: [JAVAMY32.EXE] C:\WINDOWS\JAVAMY32.EXE /s
O4 - HKLM\..\RunServices: [MSIY32.EXE] C:\WINDOWS\MSIY32.EXE /s
O4 - HKLM\..\RunServices: [ATLWI.EXE] C:\WINDOWS\ATLWI.EXE /s
O4 - HKLM\..\RunServices: [SDKXK.EXE] C:\WINDOWS\SYSTEM\SDKXK.EXE /s
O4 - HKLM\..\RunServices: [WINLE.EXE] C:\WINDOWS\SYSTEM\WINLE.EXE /s
O4 - HKLM\..\RunServices: [APPMF.EXE] C:\WINDOWS\APPMF.EXE /s
O4 - HKLM\..\RunServices: [SDKUQ.EXE] C:\WINDOWS\SYSTEM\SDKUQ.EXE /s
O4 - HKLM\..\RunServices: [ADDKV32.EXE] C:\WINDOWS\ADDKV32.EXE /s
O4 - HKLM\..\RunServices: [MSMV.EXE] C:\WINDOWS\SYSTEM\MSMV.EXE /s
O4 - HKLM\..\RunServices: [CRZT.EXE] C:\WINDOWS\CRZT.EXE /s
O4 - HKLM\..\RunServices: [APIWU.EXE] C:\WINDOWS\SYSTEM\APIWU.EXE /s
O4 - HKLM\..\RunServices: [APIMF32.EXE] C:\WINDOWS\APIMF32.EXE /s
O4 - HKLM\..\RunServices: [ADDJH.EXE] C:\WINDOWS\SYSTEM\ADDJH.EXE /s
O4 - HKLM\..\RunServices: [SDKIG32.EXE] C:\WINDOWS\SYSTEM\SDKIG32.EXE /s
O4 - HKLM\..\RunServices: [IETX.EXE] C:\WINDOWS\IETX.EXE /s
O4 - HKLM\..\RunServices: [MSJI.EXE] C:\WINDOWS\SYSTEM\MSJI.EXE /s
O4 - HKLM\..\RunServices: [IEFU.EXE] C:\WINDOWS\IEFU.EXE /s
O4 - HKLM\..\RunServices: [IPKF32.EXE] C:\WINDOWS\IPKF32.EXE /s
O4 - HKLM\..\RunServices: [IPWT32.EXE] C:\WINDOWS\SYSTEM\IPWT32.EXE /s
O4 - HKLM\..\RunServices: [WINMM32.EXE] C:\WINDOWS\WINMM32.EXE /s
O4 - HKLM\..\RunServices: [NETLX32.EXE] C:\WINDOWS\SYSTEM\NETLX32.EXE /s
O4 - HKLM\..\RunServices: [MSTG.EXE] C:\WINDOWS\MSTG.EXE /s
O4 - HKLM\..\RunServices: [NETHF32.EXE] C:\WINDOWS\SYSTEM\NETHF32.EXE /s
O4 - HKLM\..\RunServices: [APINY.EXE] C:\WINDOWS\APINY.EXE /s
O4 - HKLM\..\RunServices: [APPVT32.EXE] C:\WINDOWS\SYSTEM\APPVT32.EXE /s
O4 - HKLM\..\RunServices: [APIKK32.EXE] C:\WINDOWS\APIKK32.EXE /s
O4 - HKLM\..\RunServices: [MFCAD.EXE] C:\WINDOWS\MFCAD.EXE /s
O4 - HKLM\..\RunServices: [ATLYC32.EXE] C:\WINDOWS\SYSTEM\ATLYC32.EXE /s
O4 - HKLM\..\RunServices: [ATLRI32.EXE] C:\WINDOWS\ATLRI32.EXE /s
O4 - HKLM\..\RunServices: [NTWP.EXE] C:\WINDOWS\SYSTEM\NTWP.EXE /s
O4 - HKLM\..\RunServices: [APPPO32.EXE] C:\WINDOWS\SYSTEM\APPPO32.EXE /s
O4 - HKLM\..\RunServices: [JAVAPU32.EXE] C:\WINDOWS\JAVAPU32.EXE /s
O4 - HKLM\..\RunServices: [NTVY32.EXE] C:\WINDOWS\SYSTEM\NTVY32.EXE /s
O4 - HKLM\..\RunServices: [NETFA32.EXE] C:\WINDOWS\SYSTEM\NETFA32.EXE /s
O4 - HKLM\..\RunServices: [WINGJ.EXE] C:\WINDOWS\WINGJ.EXE /s
O4 - HKLM\..\RunServices: [D3NP32.EXE] C:\WINDOWS\D3NP32.EXE /s

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\ADDOC32.DLL << This file
C:\WINDOWS\SYSTEM\MFCKS.DLL << This file
C:\WINDOWS\IPSB.DLL << This file
C:\WINDOWS\ATLQH32.DLL << This file
C:\WINDOWS\SYSTEM\IPAT.DLL << This file
C:\WINDOWS\SYSTEM\D3HA.DLL << This file
C:\WINDOWS\MSGA.DLL << This file
C:\WINDOWS\ADDCO.DLL << This file
C:\WINDOWS\SYSTEM\CREL32.DLL << This file
C:\WINDOWS\IPAH.DLL << This file
C:\WINDOWS\SYSGV.DLL << This file
C:\WINDOWS\SYSTEM\APPZS.DLL << This file
C:\WINDOWS\SYSTEM\CRTV32.DLL << This file
C:\WINDOWS\NTRY32.DLL << This file
C:\WINDOWS\ATLHG.DLL << This file
C:\WINDOWS\SYSTEM\WINCL.DLL << This file
C:\WINDOWS\SYSTEM\WINJW.DLL << This file
C:\WINDOWS\ATLGZ.DLL << This file
C:\WINDOWS\CRSS.DLL << This file
C:\WINDOWS\ATLTY32.DLL << This file
C:\WINDOWS\IPTN.DLL << This file
C:\WINDOWS\NTGB32.DLL << This file
C:\WINDOWS\SYSTEM\IPSZ.DLL << This file
C:\WINDOWS\ATLJA.DLL << This file
C:\WINDOWS\SYSTEM\D3XE32.DLL << This file
C:\WINDOWS\MSUN.DLL << This file
C:\WINDOWS\MFCPW32.DLL << This file
C:\WINDOWS\SYSTEM\NTWX.DLL << This file
C:\WINDOWS\SYSTEM\NTQJ32.DLL << This file
C:\WINDOWS\IPLK32.DLL << This file
C:\WINDOWS\ATLHI32.DLL << This file
C:\WINDOWS\MFCND.DLL << This file
C:\WINDOWS\SYSTEM\JAVAYE32.DLL << This file
C:\WINDOWS\APIKL32.DLL << This file
C:\WINDOWS\SYSJR32.DLL << This file
C:\WINDOWS\MFCBZ.DLL << This file
C:\WINDOWS\SYSTEM\IPUJ32.DLL << This file
C:\WINDOWS\ADDIG32.DLL << This file
C:\WINDOWS\SYSTEM\ATLHG.DLL << This file
C:\WINDOWS\SYSTEM\APPXW.DLL << This file
C:\WINDOWS\ADDUH.DLL << This file
C:\WINDOWS\SDKHO32.DLL << This file
C:\WINDOWS\CREF32.DLL << This file
C:\WINDOWS\SYSTEM\SDKKU.DLL << This file
C:\WINDOWS\SYSTEM\SYSRL32.DLL << This file
C:\WINDOWS\SYSTEM\APPAV32.DLL << This file
C:\WINDOWS\SDKIG.DLL << This file
C:\WINDOWS\NETRG32.DLL << This file
C:\WINDOWS\APPKL.DLL << This file
C:\WINDOWS\WINPW32.DLL << This file
C:\WINDOWS\SDKIH32.DLL << This file
C:\WINDOWS\SYSTEM\NETLQ.DLL << This file
C:\WINDOWS\CRGM.DLL << This file
C:\WINDOWS\NETUE32.DLL << This file
C:\WINDOWS\MFCAI.DLL << This file
C:\WINDOWS\IEAO.DLL << This file
C:\WINDOWS\SYSTEM\APIEW.DLL << This file
C:\WINDOWS\MSLK32.DLL << This file
C:\WINDOWS\SDKWW.DLL << This file
C:\WINDOWS\SYSTEM\D3JD.DLL << This file
C:\WINDOWS\MFCWM.DLL << This file
C:\WINDOWS\APPMH.DLL << This file
C:\WINDOWS\IPDX32.DLL << This file
C:\WINDOWS\APPEV32.DLL << This file
C:\WINDOWS\SYSTEM\APIFE32.DLL << This file
C:\WINDOWS\SYSTEM\SDKJW32.DLL << This file
C:\WINDOWS\SYSTEM\D3EA32.DLL << This file
C:\WINDOWS\SYSTEM\SYSUK.DLL << This file
C:\WINDOWS\SYSTEM\WINNZ32.DLL << This file
C:\WINDOWS\APILB32.DLL << This file
C:\WINDOWS\IPAC32.DLL << This file
C:\WINDOWS\CRJZ32.DLL << This file
C:\WINDOWS\SYSTEM\JAVAYX.DLL << This file
C:\WINDOWS\SYSTEM\NTFR.DLL << This file
C:\WINDOWS\SYSTEM\ATLSZ.DLL << This file
C:\WINDOWS\APIRU32.DLL << This file
C:\WINDOWS\SYSTEM\SDKQA.DLL << This file
C:\WINDOWS\SYSTEM\APITJ.DLL << This file
C:\WINDOWS\SYSTEM\APIAD.DLL << This file
C:\WINDOWS\CRZC.DLL << This file
C:\WINDOWS\SYSTEM\D3DC32.DLL << This file
C:\WINDOWS\NETPN.DLL << This file
C:\WINDOWS\SYSTEM\JAVAMP.DLL << This file
C:\WINDOWS\SYSTEM\NETTS32.DLL << This file
C:\WINDOWS\SYSTEM\APPPO.DLL << This file
C:\WINDOWS\ATLFK32.DLL << This file
C:\WINDOWS\MSTK.DLL << This file
C:\WINDOWS\WINRA.DLL << This file
C:\WINDOWS\JAVARG.DLL << This file
C:\WINDOWS\SYSKS32.DLL << This file
C:\WINDOWS\SYSTEM\CRIR32.DLL << This file
C:\WINDOWS\SYSTEM\APPBX.DLL << This file
C:\WINDOWS\SYSTEM\ADDRG32.DLL << This file
C:\WINDOWS\SYSTEM\D3LU32.DLL << This file
C:\WINDOWS\SYSTEM\APIII32.DLL << This file
C:\WINDOWS\CRCY32.DLL << This file
C:\WINDOWS\ADDIJ32.DLL << This file
C:\WINDOWS\SYSTEM\MFCJA32.DLL << This file
C:\WINDOWS\APPYN.DLL << This file
C:\WINDOWS\NTNS.DLL << This file
C:\WINDOWS\SDKZG32.DLL << This file
C:\WINDOWS\JAVAIS32.DLL << This file
C:\WINDOWS\SDKQL.DLL << This file
C:\WINDOWS\APPVZ32.DLL << This file
C:\WINDOWS\SYSTEM\JAVAZC.DLL << This file
C:\WINDOWS\NTWJ.DLL << This file
C:\WINDOWS\SDKYO.DLL << This file
C:\WINDOWS\APPED32.DLL << This file
C:\WINDOWS\SDKDR32.DLL << This file
C:\WINDOWS\SYSTEM\ADDDJ32.DLL << This file
C:\WINDOWS\JAVAVP32.DLL << This file
C:\WINDOWS\IECQ32.DLL << This file
C:\WINDOWS\SYSTEM\NTAS.DLL << This file
C:\WINDOWS\MSPT32.DLL << This file
C:\WINDOWS\SYSTEM\APICA32.DLL << This file
C:\WINDOWS\SYSTEM\APPWS32.DLL << This file
C:\WINDOWS\MSMR32.DLL << This file
C:\WINDOWS\SYSTEM\JAVAVE.DLL << This file
C:\WINDOWS\APPZP.DLL << This file
C:\WINDOWS\MFCPJ32.DLL << This file
C:\WINDOWS\SYSTEM\JAVAWQ32.DLL << This file
C:\WINDOWS\NTXI.DLL << This file
C:\WINDOWS\SYSTEM\MSER32.DLL << This file
C:\WINDOWS\APIRQ32.DLL << This file
C:\WINDOWS\CRRC32.DLL << This file
C:\WINDOWS\APPQR32.DLL << This file
C:\WINDOWS\SYSTEM\NTXX32.DLL << This file
C:\WINDOWS\NTDS32.DLL << This file
C:\WINDOWS\SYSTEM\APPGV.DLL << This file
C:\WINDOWS\MFCPW.DLL << This file
C:\WINDOWS\NTSK.DLL << This file
C:\WINDOWS\D3AT32.DLL << This file
C:\WINDOWS\WINBY32.DLL << This file
C:\WINDOWS\SYSTEM\WINGH32.DLL << This file
C:\WINDOWS\SYSTEM\APIUI.DLL << This file
C:\WINDOWS\SYSTEM\MFCYH32.DLL << This file
C:\WINDOWS\NETCY32.DLL << This file
C:\WINDOWS\SYSTEM\SDKFG32.DLL << This file
C:\WINDOWS\NTFO32.DLL << This file
C:\WINDOWS\SYSTEM\MSCV.DLL << This file
C:\WINDOWS\WINDA.DLL << This file
C:\WINDOWS\JAVAAQ.DLL << This file
C:\WINDOWS\SYSTEM\NETLX32.DLL << This file
C:\WINDOWS\ADDSA32.DLL << This file
C:\WINDOWS\SDKDY.DLL << This file
C:\WINDOWS\MFCZR32.DLL << This file
C:\WINDOWS\ATLUK32.DLL << This file
C:\WINDOWS\SYSTEM\ADDUZ.DLL << This file
C:\WINDOWS\SYSTEM\MSWS32.DLL << This file
C:\WINDOWS\ADDGA.DLL << This file
C:\WINDOWS\SYSTEM\SDKHY.DLL << This file
C:\WINDOWS\MSMQ32.DLL << This file
C:\WINDOWS\NETIY32.DLL << This file
C:\WINDOWS\ADDUP32.DLL << This file
C:\WINDOWS\CRUS32.DLL << This file
C:\WINDOWS\CRJK.DLL << This file
C:\WINDOWS\SYSTEM\ADDHO.DLL << This file
C:\WINDOWS\SYSTEM\IEGW.DLL << This file
C:\WINDOWS\SYSTEM\SDKVA32.DLL << This file
C:\WINDOWS\SYSTEM\CRCW32.DLL << This file
C:\WINDOWS\ADDWQ32.DLL << This file
C:\WINDOWS\SYSTEM\SYSYU.DLL << This file
C:\WINDOWS\MFCSM.DLL << This file
C:\WINDOWS\SYSTEM\MSBL.DLL << This file
C:\WINDOWS\NETXG.DLL << This file
C:\WINDOWS\MSNR32.DLL << This file
C:\WINDOWS\SYSOA32.DLL << This file
C:\WINDOWS\IPHY32.DLL << This file
C:\WINDOWS\NETDK.DLL << This file
C:\WINDOWS\SYSTEM\APPLU.DLL << This file
C:\WINDOWS\WINBH.DLL << This file
C:\WINDOWS\SYSTEM\NETAX32.DLL << This file
C:\WINDOWS\WINKK.DLL << This file
C:\WINDOWS\SYSTEM\JAVAMR.DLL << This file
C:\WINDOWS\SYSTEM\NETJR32.DLL << This file
C:\WINDOWS\SYSTEM\APPQU.DLL << This file
C:\WINDOWS\SYSTEM\NETTT32.DLL << This file
C:\WINDOWS\ATLBG.DLL << This file
C:\WINDOWS\SYSTEM\ADDDV32.DLL << This file
C:\WINDOWS\APIXR32.DLL << This file
C:\WINDOWS\SYSTEM\WINRP.DLL << This file
C:\WINDOWS\SYSTEM\CRPH.DLL << This file
C:\WINDOWS\NETMY.DLL << This file
C:\WINDOWS\ADDBW.DLL << This file
C:\WINDOWS\APIEQ32.DLL << This file
C:\WINDOWS\SYSTEM\MFCKR32.DLL << This file
C:\WINDOWS\SYSTEM\NETFE32.DLL << This file
C:\WINDOWS\IESL32.DLL << This file
C:\WINDOWS\MFCNG32.DLL << This file
C:\WINDOWS\SYSTEM\D3XQ.DLL << This file
C:\WINDOWS\SYSTEM\MFCYK32.DLL << This file
C:\WINDOWS\SYSTEM\ATLYE.DLL << This file
C:\WINDOWS\APPOO.DLL << This file
C:\WINDOWS\MFCHP32.DLL << This file
C:\WINDOWS\SYSTEM\CRHP.DLL << This file
C:\WINDOWS\SYSTEM\JAVATF32.DLL << This file
C:\WINDOWS\SYSTEM\SDKOQ.DLL << This file
C:\WINDOWS\SYSTEM\CREI32.DLL << This file
C:\WINDOWS\MSTG.DLL << This file
C:\WINDOWS\SYSTEM\MFCRH32.DLL << This file
C:\WINDOWS\SYSTEM\ATLHZ32.DLL << This file
C:\WINDOWS\MFCKK32.DLL << This file
C:\WINDOWS\SYSTEM\APPZR32.DLL << This file
C:\WINDOWS\NTOY32.DLL << This file
C:\WINDOWS\JAVAQD32.DLL << This file
C:\WINDOWS\SYSLZ32.DLL << This file
C:\WINDOWS\NETVT32.DLL << This file
C:\WINDOWS\SYSTEM\IPMU32.DLL << This file
C:\WINDOWS\SYSTEM\JAVAHP32.DLL << This file
C:\WINDOWS\SYSTEM\WINIZ.DLL << This file
C:\WINDOWS\IPXS32.DLL << This file
C:\WINDOWS\SYSTEM\WINJV32.DLL << This file
C:\WINDOWS\SDKEP.DLL << This file
C:\WINDOWS\SYSTEM\NETAL32.DLL << This file
C:\WINDOWS\SYSTEM\SYSUS32.DLL << This file
C:\WINDOWS\SYSTEM\WINXZ32.DLL << This file
C:\WINDOWS\SYSTEM\CRMB32.DLL << This file
C:\WINDOWS\SYSTEM\APIXM.DLL << This file
C:\WINDOWS\SYSTEM\NETOM.DLL << This file
C:\WINDOWS\APIEO.DLL << This file
C:\WINDOWS\SYSTEM\D3ZP32.DLL << This file
C:\WINDOWS\IPKI32.DLL << This file
C:\WINDOWS\SYSTEM\D3UY.DLL << This file
C:\WINDOWS\SYSTEM\MFCKU32.DLL << This file
C:\WINDOWS\SYSTEM\D3DS.DLL << This file
C:\WINDOWS\JAVAEM32.DLL << This file
C:\WINDOWS\SYSTEM\IEFZ32.DLL << This file
C:\WINDOWS\SYSTEM\NETRU.DLL << This file
C:\WINDOWS\ADDHD32.DLL << This file
C:\WINDOWS\ATLRG.DLL << This file
C:\WINDOWS\APPJV32.DLL << This file
C:\WINDOWS\MFCTF32.DLL << This file
C:\WINDOWS\SYSGA.DLL << This file
C:\WINDOWS\SYSTEM\WINYX32.DLL << This file
C:\WINDOWS\SYSTEM\MFCTQ32.DLL << This file
C:\WINDOWS\SYSTEM\CRUL.DLL << This file
C:\WINDOWS\WINFC32.DLL << This file
C:\WINDOWS\SYSTEM\IEPO32.DLL << This file
C:\WINDOWS\APPRG32.DLL << This file
C:\WINDOWS\MSQD.DLL << This file
C:\WINDOWS\IEWY32.DLL << This file
C:\WINDOWS\SYSTEM\CROG32.DLL << This file
C:\WINDOWS\D3NE.DLL << This file
C:\WINDOWS\IPVI32.DLL << This file
C:\WINDOWS\SYSTEM\WINPP32.DLL << This file
C:\WINDOWS\APISV32.DLL << This file
C:\WINDOWS\WINJA.DLL << This file
C:\WINDOWS\CRCO.DLL << This file
C:\WINDOWS\SYSTEM\MFCSK.DLL << This file
C:\WINDOWS\SYSTEM\IESQ.DLL << This file
C:\WINDOWS\WINOG32.DLL << This file
C:\WINDOWS\NETUK.DLL << This file
C:\WINDOWS\SYSTEM\SDKMN.DLL << This file
C:\WINDOWS\SYSTEM\APIVF32.DLL << This file
C:\WINDOWS\SYSTEM\JAVAOE32.DLL << This file
C:\WINDOWS\SYSTEM\NETXW.DLL << This file
C:\WINDOWS\MSBA32.DLL << This file
C:\WINDOWS\CRNB.DLL << This file
C:\WINDOWS\D3NP32.EXE << This file
C:\WINDOWS\WINGJ.EXE << This file
C:\WINDOWS\SYSTEM\NETFA32.EXE << This file
C:\WINDOWS\SYSTEM\NTVY32.EXE << This file
C:\WINDOWS\JAVAPU32.EXE << This file
C:\WINDOWS\SYSTEM\APPPO32.EXE << This file
C:\WINDOWS\SYSTEM\NTWP.EXE << This file
C:\WINDOWS\ATLRI32.EXE << This file
C:\WINDOWS\SYSTEM\ATLYC32.EXE << This file
C:\WINDOWS\MFCAD.EXE << This file
C:\WINDOWS\APIKK32.EXE << This file
C:\WINDOWS\SYSTEM\APPVT32.EXE << This file
C:\WINDOWS\APINY.EXE << This file
C:\WINDOWS\SYSTEM\NETHF32.EXE << This file
C:\WINDOWS\MSTG.EXE << This file
C:\WINDOWS\SYSTEM\NETLX32.EXE << This file
C:\WINDOWS\WINMM32.EXE << This file
C:\WINDOWS\SYSTEM\IPWT32.EXE << This file
C:\WINDOWS\IPKF32.EXE << This file
C:\WINDOWS\IEFU.EXE << This file
C:\WINDOWS\SYSTEM\MSJI.EXE << This file
C:\WINDOWS\IETX.EXE << This file
C:\WINDOWS\SYSTEM\SDKIG32.EXE << This file
C:\WINDOWS\SYSTEM\ADDJH.EXE << This file
C:\WINDOWS\APIMF32.EXE << This file
C:\WINDOWS\SYSTEM\APIWU.EXE << This file
C:\WINDOWS\CRZT.EXE << This file
C:\WINDOWS\SYSTEM\MSMV.EXE << This file
C:\WINDOWS\ADDKV32.EXE << This file
C:\WINDOWS\SYSTEM\SDKUQ.EXE << This file
C:\WINDOWS\APPMF.EXE << This file
C:\WINDOWS\SYSTEM\WINLE.EXE << This file
C:\WINDOWS\SYSTEM\SDKXK.EXE << This file
C:\WINDOWS\ATLWI.EXE << This file
C:\WINDOWS\MSIY32.EXE << This file
C:\WINDOWS\JAVAMY32.EXE << This file
C:\WINDOWS\SYSTEM\APPAD.EXE << This file
C:\WINDOWS\SYSTEM\IECH32.EXE << This file
C:\WINDOWS\MFCCR.EXE << This file
C:\WINDOWS\SDKUW32.EXE << This file
C:\WINDOWS\SDKUC32.EXE << This file
C:\WINDOWS\ADDZB.EXE << This file
C:\WINDOWS\SYSTEM\CRYP32.EXE << This file
C:\WINDOWS\ADDSH32.EXE << This file
C:\WINDOWS\IEDW32.EXE << This file
C:\WINDOWS\SYSTEM\IEKA.EXE << This file
C:\WINDOWS\SYSTEM\APILR.EXE << This file
C:\WINDOWS\SYSTEM\APPHH.EXE << This file

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST).
Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Important:

Do Not Reboot Or Power Down After Posting Your Follow Up Log!

 

I hope you are not online with the infected PC!!

Many of those files may not exist at all or it could also be the HJT was able to delete them while fixing the O4 entries.

You're correct that would be a nice option but no one expected anyone to have literally hundreds of entries likes this. It just shows you how bad malware can get.

 

Sometimes you can make it easier by having Windows Explorer sort the folder by date. This way the problem DLLs and EXE files may all group closely together into a bunch with newer dates than good files from your OS. But that is nor fool proof. Malware can change their file dates too. And you could assume something that looks like a bad name (could be very similar to a bad file name) should be deleted when it should not be touch. This is all very tricky.

The key is to not let yourself get infected. Especially this bad!

 

Okay! Looks a lot better already. I'll bet it is even noticably running better!

Our recommended things to do is in a sticky thread: How to Protect yourself from malware!

You need to get steps 1 and steps 3 in that thread immediately after doing the below. Then later complete the rest of the steps.

Let's continue!
Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: Class - {4EF173C7-37FB-764C-4EE2-D86CB880FB29} - C:\WINDOWS\SYSOI32.DLL
O2 - BHO: Class - {92568E8A-F478-6736-7E2F-EAA1C8C33681} - C:\WINDOWS\SYSTEM\IPPG32.DLL
O2 - BHO: Class - {7676F3C7-AF22-0FBA-43EC-F6F7A2599104} - C:\WINDOWS\NETEB.DLL
O2 - BHO: Class - {B1C7F97B-C462-44CD-2091-C3B74CAEA318} - C:\WINDOWS\SYSTEM\APPPI32.DLL
O2 - BHO: Class - {DA50B851-33CA-06EB-529C-7E0AD96F9CAC} - C:\WINDOWS\ATLAV.DLL
O2 - BHO: Class - {8BCBFC4E-F7DC-458B-C874-4070B7A87054} - C:\WINDOWS\CRPY.DLL
O2 - BHO: Class - {41F3CA6F-89B1-AA39-EC13-EFBD507CB60F} - C:\WINDOWS\SYSTEM\D3VK.DLL
O2 - BHO: Class - {0E3D6563-EB93-696E-CFF4-2B4335DEB3F0} - C:\WINDOWS\ATLBA.DLL
O2 - BHO: Class - {7E683C8C-197E-94D7-411A-BF5180CDEE02} - C:\WINDOWS\SYSTEM\D3ZB.DLL

After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\SYSTEM\D3ZB.DLL
C:\WINDOWS\ATLBA.DLL
C:\WINDOWS\SYSTEM\D3VK.DLL
C:\WINDOWS\CRPY.DLL
C:\WINDOWS\ATLAV.DLL
C:\WINDOWS\SYSTEM\APPPI32.DLL
C:\WINDOWS\NETEB.DLL
C:\WINDOWS\SYSTEM\IPPG32.DLL
C:\WINDOWS\SYSOI32.DLL

Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode and post a new HJT log. Make sure you let me know how things are working now.

 

Okay assuming http://www.dejazzd.com/ is the desired start page, everything looks okay now. How are things working?

If everything is okay then complete all remaining steps of the How to Protect thread.