Member Avatar for bill786

It is time to settle this big problem once and for all. This is just crazy; I just noticed everyone is getting this problem, but now it is getting worse. Please help for all the people who are getting this res: problem.

Problem #1
I have Windows XP Service pack 1. I need help on how to fix this problem. I did a scan with spybot, ad-aware, CWShredder, and Norton Anti-Virus. I think this happened right after the installation of the google toolbar. I uninstalled it of course by now, but I need help. Please help me, the homepage keeps changing back no matter what.

Problem #2
Well, usually you have to type yahoo.com without www or http://, but now I have to type www before the name of the website. I never had this problem before, can somebody help me. I have tried everything.

Now, every time I fix this it changes to another of those annoying res: webpages. This is crazy, it is not being fixed. I need serious help. I did everything, but nothing helps. First, it was res:jx..., then res: g..., then ml......, and now res://zoxay.dll/index.html#37049. I need help. I tried everything that crunchie said in my old post (look below to see what crunchie said). Thanks for the help by the way, but I fixed the problem so another res keeps hijacking. ARGH!!!

Crunchie's advice:

  1. Make sure your settings allow you to view "Hidden files". Open up any explorer windows and click on "Tools" => "Folder Options" => "View" and be sure to check off "Show Hidden Files and Folders".
  2. Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => Double-click the Image Name column header to alphabetically sort the processes => Scroll through the list and look for "ntvl.exe" & "oiqpkqp.exe" & "wintsvsu.exe". If you find the files, click on them, and then click End Process => Exit the Task Manager.
  3. Next, go to Start->Run and type "Services.msc" (without quotes) then hit OK.
  4. Scroll down and find the service called "Network Security Service".
  5. When you find it, double-click on it. In the next window that opens, click the Stop button, then change the Startup Type to Disabled. Now hit Apply and then OK and close any open windows.
  6. Run HijackThis, click on "Scan" and then place a check mark in the following boxes, And click on "Fix Checked":

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jxusk.dll/sp.html#37049
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://jxusk.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://jxusk.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jxusk.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jxusk.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://jxusk.dll/index.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*

    O2 - BHO: (no name) - {34600972-BEC0-C0B6-E120-5AB9C0D60124} - C:\WINDOWS\javavs32.dll

    O4 - HKLM\..\Run: [mfcwx32.exe] C:\WINDOWS\mfcwx32.exe
    O4 - HKLM\..\RunOnce: [ntvl.exe] C:\WINDOWS\ntvl.exe
    O4 - HKLM\..\RunOnce: [addse32.exe] C:\WINDOWS\system32\addse32.exe
    O4 - HKLM\..\RunOnce: [d3bm32.exe] C:\WINDOWS\system32\d3bm32.exe
    O4 - HKLM\..\RunOnce: [sdksc32.exe] C:\WINDOWS\sdksc32.exe
    O4 - HKLM\..\RunOnce: [ipon.exe] C:\WINDOWS\ipon.exe
    O4 - HKLM\..\RunOnce: [syszo.exe] C:\WINDOWS\syszo.exe
    O4 - HKLM\..\RunOnce: [atlwu.exe] C:\WINDOWS\atlwu.exe
    O4 - HKLM\..\RunOnce: [winba32.exe] C:\WINDOWS\system32\winba32.exe
    O4 - HKLM\..\RunOnce: [javaoc32.exe] C:\WINDOWS\javaoc32.exe
    O4 - HKLM\..\RunOnce: [winbk.exe] C:\WINDOWS\winbk.exe
    O4 - HKLM\..\RunOnce: [appuj32.exe] C:\WINDOWS\appuj32.exe
    O4 - HKLM\..\RunOnce: [atlbj32.exe] C:\WINDOWS\system32\atlbj32.exe
    O4 - HKLM\..\RunOnce: [winpi.exe] C:\WINDOWS\winpi.exe
    O4 - HKLM\..\RunOnce: [appbj.exe] C:\WINDOWS\appbj.exe
    O4 - HKLM\..\RunOnce: [winss.exe] C:\WINDOWS\system32\winss.exe
    O4 - HKLM\..\RunOnce: [ntge.exe] C:\WINDOWS\ntge.exe
    O4 - HKLM\..\RunOnce: [mfcsi.exe] C:\WINDOWS\mfcsi.exe
    O4 - HKLM\..\RunOnce: [apizg.exe] C:\WINDOWS\system32\apizg.exe
    O4 - HKLM\..\RunOnce: [javasc.exe] C:\WINDOWS\javasc.exe
    O4 - HKLM\..\RunOnce: [sysvl32.exe] C:\WINDOWS\system32\sysvl32.exe
    O4 - HKLM\..\RunOnce: [atlzp.exe] C:\WINDOWS\atlzp.exe
    O4 - HKLM\..\RunOnce: [winap.exe] C:\WINDOWS\system32\winap.exe
    O4 - HKLM\..\RunOnce: [d3xy32.exe] C:\WINDOWS\system32\d3xy32.exe
    O4 - HKLM\..\RunOnce: [ipdt.exe] C:\WINDOWS\system32\ipdt.exe
    O4 - HKLM\..\RunOnce: [d3oe.exe] C:\WINDOWS\d3oe.exe
    O4 - HKLM\..\RunOnce: [addbl32.exe] C:\WINDOWS\addbl32.exe
    O4 - HKLM\..\RunOnce: [apibm32.exe] C:\WINDOWS\system32\apibm32.exe

  7. Reboot into Safe Mode - How do I boot into "Safe" mode?, and delete the following files:

    C:\WINDOWS\jxusk.dll< file

    C:\WINDOWS\javavs32.dll< file

    C:\WINDOWS\mfcwx32.exe
    C:\WINDOWS\ntvl.exe
    C:\WINDOWS\system32\addse32.exe
    C:\WINDOWS\system32\d3bm32.exe
    C:\WINDOWS\sdksc32.exe
    C:\WINDOWS\ipon.exe
    C:\WINDOWS\syszo.exe
    C:\WINDOWS\atlwu.exe
    C:\WINDOWS\system32\winba32.exe
    C:\WINDOWS\javaoc32.exe
    C:\WINDOWS\winbk.exe
    C:\WINDOWS\appuj32.exe
    C:\WINDOWS\system32\atlbj32.exe
    C:\WINDOWS\winpi.exe
    C:\WINDOWS\appbj.exe
    C:\WINDOWS\system32\winss.exe
    C:\WINDOWS\ntge.exe
    C:\WINDOWS\mfcsi.exe
    C:\WINDOWS\system32\apizg.exe
    C:\WINDOWS\javasc.exe
    C:\WINDOWS\system32\sysvl32.exe
    C:\WINDOWS\atlzp.exe
    C:\WINDOWS\system32\winap.exe
    C:\WINDOWS\system32\d3xy32.exe
    C:\WINDOWS\system32\ipdt.exe
    C:\WINDOWS\d3oe.exe
    C:\WINDOWS\addbl32.exe
    C:\WINDOWS\system32\apibm32.exe
    C:\WINDOWS\System32\wintsvsu.exe

    Reboot in Normal Mode.
    Download the file attached to this post and rename it to cwsuninst.reg
    Doubleclick it and confirm you want to merge it with the registry.
    Run HijackThis again and post a new log.

    File Attachment

    Extra notes
    If given full internet access this variant will delete:
    - your hosts file (good replacements can be found here or here)
    - Spybot S&D's BHO (download SDHelper.dll, put it in the Spybot folder (default is: C:\Program Files\Spybot - Search & Destroy\) and click Start > Run > regsvr32 "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" > OK
    - control.exe: follow instructions here: http://www.spywareinfo.com/~merijn/...es.html#control

  • 3 Contributors
  • 5 Replies
  • 226 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by caperjack
Member Avatar for caperjack

If this were my computer ,this is what i would do .Go to http://www.microsoft.com/downloads/search.aspx?displaylang=en and get SP1 and IE sp1 and critical updates for my version of windows ,burn to a cd and then Format hard drive ,reload windows ,stay disconnected from the internet and load all the windows patches and sp1s ,spyware blaster and spyguard ,IE-Spyad and trojanhunter and,connect to internet and get the rest of the windows updates and Enjoy my computer .

Member Avatar for crunchie

B4 I burned it to CD though, I would copy the OS installation CD to my hard drive, copy the service packs into a folder, then slipstream them together so that when I reinstalled my OS I would have ALL my service packs etc installed. :)

Member Avatar for caperjack

They wouldn't auto install would they ,just because they are on the cd in a folder .!???

Member Avatar for crunchie

Yes they would. Slipstreaming *slips* the service packs into the actual installation with no need to install them after. Apparently because they become integrated within the system the OS itself runs a lot better.
I have a slipstreamed CD here but I did it about a month or two after I reformatted, so I haven't actually tried it out yet.
If you want I can send you info/tool to instruct on how to (with screenshots)? The instructions are shown using Nero burning Rom.

Member Avatar for caperjack

Ok ,send away.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.