Jump to content


Photo

my internet is hijcaked


  • Please log in to reply
6 replies to this topic

#1 jehudit

jehudit

    Member

  • New Member
  • Pip
  • 4 posts

Posted 10 July 2004 - 04:07 AM

Please help me! I am not very good with the computer. I know something but I dont want to erase filles from the windows that I need and I do not know whichone that are. Somebody hijcaked my internet information. I did try all the spyware programs your recommond here alredy before and it couldn't fixed the problem. spyboot says to me that there are files which are not a right Windows copy. How can I know? Spysweeper says that there are software running in the memory but I will never be able to find them.
Here is the hijcaklist.
If anyone can help me I'll be happy again. Thanks Jitka

Logfile of HijackThis v1.97.7
Scan saved at 11:19:58, on 9-7-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Antivirus\Firewall\PavFires.exe
C:\Program Files\Panda Antivirus\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\addwq.exe
C:\Program Files\Panda Antivirus\AVENGINE.EXE
C:\Program Files\Panda Antivirus\apvxdwin.exe
C:\Program Files\Panda Antivirus\pavProxy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\addzh32.exe
C:\WINDOWS\System32\run_21.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\NDrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Browser Hijack Blaster\bhblaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\peypa.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://peypa.dll/index.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://peypa.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\peypa.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://peypa.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\peypa.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/First2Enter/Portal/portal.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startpagina.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat Reader\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FEC81D35-E086-4102-D235-8A516A66EB22} - C:\WINDOWS\system32\atlfy32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Antivirus\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Antivirus\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [addzh32.exe] C:\WINDOWS\system32\addzh32.exe
O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\run_21.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.5.2.32\I -a
O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKLM\..\RunOnce: [addwq.exe] C:\WINDOWS\addwq.exe
O4 - HKLM\..\RunOnce: [appci32.exe] C:\WINDOWS\system32\appci32.exe
O4 - HKLM\..\RunOnce: [mscx32.exe] C:\WINDOWS\system32\mscx32.exe
O4 - HKLM\..\RunOnce: [crto.exe] C:\WINDOWS\crto.exe
O4 - HKLM\..\RunOnce: [javant32.exe] C:\WINDOWS\system32\javant32.exe
O4 - HKLM\..\RunOnce: [syssg32.exe] C:\WINDOWS\syssg32.exe
O4 - HKLM\..\RunOnce: [iegf.exe] C:\WINDOWS\iegf.exe
O4 - HKLM\..\RunOnce: [ipff32.exe] C:\WINDOWS\ipff32.exe
O4 - HKLM\..\RunOnce: [iegx.exe] C:\WINDOWS\iegx.exe
O4 - HKLM\..\RunOnce: [apiuu.exe] C:\WINDOWS\apiuu.exe
O4 - HKLM\..\RunOnce: [ntyx32.exe] C:\WINDOWS\system32\ntyx32.exe
O4 - HKLM\..\RunOnce: [javaex32.exe] C:\WINDOWS\javaex32.exe
O4 - HKLM\..\RunOnce: [ntti.exe] C:\WINDOWS\system32\ntti.exe
O4 - HKLM\..\RunOnce: [ipzt32.exe] C:\WINDOWS\system32\ipzt32.exe
O4 - HKLM\..\RunOnce: [sysho.exe] C:\WINDOWS\sysho.exe
O4 - HKLM\..\RunOnce: [crhn.exe] C:\WINDOWS\system32\crhn.exe
O4 - HKLM\..\RunOnce: [mfcjf.exe] C:\WINDOWS\system32\mfcjf.exe
O4 - HKLM\..\RunOnce: [ntof32.exe] C:\WINDOWS\ntof32.exe
O4 - HKLM\..\RunOnce: [sdknv.exe] C:\WINDOWS\sdknv.exe
O4 - HKLM\..\RunOnce: [atlnv32.exe] C:\WINDOWS\atlnv32.exe
O4 - HKLM\..\RunOnce: [javafd.exe] C:\WINDOWS\javafd.exe
O4 - HKLM\..\RunOnce: [d3hy32.exe] C:\WINDOWS\d3hy32.exe
O4 - HKLM\..\RunOnce: [addpl.exe] C:\WINDOWS\addpl.exe
O4 - HKLM\..\RunOnce: [apptv32.exe] C:\WINDOWS\system32\apptv32.exe
O4 - HKLM\..\RunOnce: [javavx.exe] C:\WINDOWS\javavx.exe
O4 - HKLM\..\RunOnce: [crrq.exe] C:\WINDOWS\crrq.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} (SBITAX7Ctrl Class) - http://movie-browser.com/tl7000.dll
O16 - DPF: {037B3D58-D14A-4C41-BDFD-BD779B0B97BA} (vxiewer control) - http://www.thepaymen...ild/vxiewer.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downlo..._1015_EN_XP.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.c.../one2oneSvc.cab
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downlo...040_pack_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo...thv32_EN_XP.cab
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.e-sexcash...livesexopnl.exe
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downlo...ice_5_EN_XP.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://www.pussyhare.../stream/mmp.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.co...ltInstaller.ocx
O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downlo...ice_4_EN_XP.cab
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://access.phonec...36;_0002/nl.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C} (Cltbuilder Class) - http://akamai.downlo...ne2oneSvcEN.cab
O16 - DPF: {B73BC7C7-858B-49FA-BBDB-74DD77D1D9F3} ({B73BC7C7-858B-49FA-BBDB-74DD77D1D9F3}) - http://camz.tintel.nl/installcab.php
O16 - DPF: {C809C390-A77E-45DD-8C35-379D9431658D} (dialer_iptower.Class1) - http://www.ipxs.nl/php/ipxs.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downlo...tpe32_EN_XP.cab

#2 jwbirdsong

jwbirdsong

    Slasher O' spyware

  • Emeritus
  • PipPipPipPipPip
  • 2,045 posts

Posted 11 July 2004 - 09:36 AM

Move HijackThis to it's own permanent folder such as c:\HJT\HijackThis.exe <-----Very important; needed to keep/maintain backups in

Download the tool About:Buster created by Rubber Ducky. Atri's Stie or Sub's Site

Unzip it to your desktop.

Now start Hijack this and tick the boxes next to these items..
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/First2Enter/Portal/portal.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startpagina.nl/
O2 - BHO: (no name) - {FEC81D35-E086-4102-D235-8A516A66EB22} - C:\WINDOWS\system32\atlfy32.dll
O4 - HKLM\..\Run: [addzh32.exe] C:\WINDOWS\system32\addzh32.exe
O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\run_21.exe
O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe
O4 - HKLM\..\RunOnce: [addwq.exe] C:\WINDOWS\addwq.exe
O4 - HKLM\..\RunOnce: [appci32.exe] C:\WINDOWS\system32\appci32.exe
O4 - HKLM\..\RunOnce: [mscx32.exe] C:\WINDOWS\system32\mscx32.exe
O4 - HKLM\..\RunOnce: [crto.exe] C:\WINDOWS\crto.exe
O4 - HKLM\..\RunOnce: [javant32.exe] C:\WINDOWS\system32\javant32.exe
O4 - HKLM\..\RunOnce: [syssg32.exe] C:\WINDOWS\syssg32.exe
O4 - HKLM\..\RunOnce: [iegf.exe] C:\WINDOWS\iegf.exe
O4 - HKLM\..\RunOnce: [ipff32.exe] C:\WINDOWS\ipff32.exe
O4 - HKLM\..\RunOnce: [iegx.exe] C:\WINDOWS\iegx.exe
O4 - HKLM\..\RunOnce: [apiuu.exe] C:\WINDOWS\apiuu.exe
O4 - HKLM\..\RunOnce: [ntyx32.exe] C:\WINDOWS\system32\ntyx32.exe
O4 - HKLM\..\RunOnce: [javaex32.exe] C:\WINDOWS\javaex32.exe
O4 - HKLM\..\RunOnce: [ntti.exe] C:\WINDOWS\system32\ntti.exe
O4 - HKLM\..\RunOnce: [ipzt32.exe] C:\WINDOWS\system32\ipzt32.exe
O4 - HKLM\..\RunOnce: [sysho.exe] C:\WINDOWS\sysho.exe
O4 - HKLM\..\RunOnce: [crhn.exe] C:\WINDOWS\system32\crhn.exe
O4 - HKLM\..\RunOnce: [mfcjf.exe] C:\WINDOWS\system32\mfcjf.exe
O4 - HKLM\..\RunOnce: [ntof32.exe] C:\WINDOWS\ntof32.exe
O4 - HKLM\..\RunOnce: [sdknv.exe] C:\WINDOWS\sdknv.exe
O4 - HKLM\..\RunOnce: [atlnv32.exe] C:\WINDOWS\atlnv32.exe
O4 - HKLM\..\RunOnce: [javafd.exe] C:\WINDOWS\javafd.exe
O4 - HKLM\..\RunOnce: [d3hy32.exe] C:\WINDOWS\d3hy32.exe
O4 - HKLM\..\RunOnce: [addpl.exe] C:\WINDOWS\addpl.exe
O4 - HKLM\..\RunOnce: [apptv32.exe] C:\WINDOWS\system32\apptv32.exe
O4 - HKLM\..\RunOnce: [javavx.exe] C:\WINDOWS\javavx.exe
O4 - HKLM\..\RunOnce: [crrq.exe] C:\WINDOWS\crrq.exe
O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} (SBITAX7Ctrl Class) - http://movie-browser.com/tl7000.dll
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.e-sexcash...livesexopnl.exe
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://www.pussyhare.../stream/mmp.cab
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://access.phonec...36;_0002/nl.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C} (Cltbuilder Class) - http://akamai.downlo...ne2oneSvcEN.cab

Now close ALL other windows and hit "fix checked".

Start About:Buster >OK>Start>Ok. Let it run; when done it will give you a log, save a copy of it.
Run About:Buster again save the log again (use a different name)

You'll need to turn off the System Restore. It may have a copy of the virus. This can be done by following the instructions of your OS here.
Run an online virus scan at Housecall and/or Panda Online. Please note any virus found and report back with new log.
Turn SystemRestore back on.

Check for the new version (1.98)of HijkackThis by using Config>Misc Tools>"check for online update" button.
Restart your computer and post both About:Buster reports and a new Hijack this log.
Things you need(all FREE)
Anti-Virus (Only One of these)
AVG Avast
Firewall (Only One here too)
Kerio(Direct Download) Zone Alarm
Misc. (Use all 3 together)
IE Spyads SpywareBlaster Spyware Guard
Windows Update (Once a week)
get all CRITICAL Updates

Things you want(Still Free)
Mozillia Firefox
Google Toolbar (stops pop-ups)
Ad-Aware
Spybot S&D
MS MVP Hosts file

Please donate to the site to help us help you. Info found HERE

Posted Image
PROUD member Since 2004

#3 jehudit

jehudit

    Member

  • New Member
  • Pip
  • 4 posts

Posted 13 July 2004 - 02:36 PM

Thank you very much for answering me. I don't know if this is the way how to post the follow up log filles. But I hope it is o.k. I have done everything what was told to me to do and I hope I've done it right.

Now, I have fond 2 virus with Panda scan online:
Exploit/MIE.CHM
W32/Netsky.P.worm (this one had been problem for me to find. I didn't know it was in my e-mail) I'm happy its gone.
They had been both remoeved.

This is the log from about:buster
-- Scan 1 --------
About:Buster Version 1.26
Removed! : C:\WINDOWS\addpl.exe
Removed! : C:\WINDOWS\addwq.exe
Removed! : C:\WINDOWS\ahfgfa.dat
Removed! : C:\WINDOWS\ahukor.dat
Removed! : C:\WINDOWS\ajlurs.dat
Removed! : C:\WINDOWS\aldbkv.dat
Removed! : C:\WINDOWS\alibez.dat
Removed! : C:\WINDOWS\apiuu.exe
Removed! : C:\WINDOWS\apixf32.exe
Removed! : C:\WINDOWS\atlnv32.exe
Removed! : C:\WINDOWS\bdudcw.dat
Removed! : C:\WINDOWS\bkpglv.dat
Removed! : C:\WINDOWS\bljyyc.dat
Removed! : C:\WINDOWS\bpuojo.dat
Removed! : C:\WINDOWS\btzqep.dat
Removed! : C:\WINDOWS\bvivts.dat
Removed! : C:\WINDOWS\bxgoom.dat
Removed! : C:\WINDOWS\cbmlwv.dat
Removed! : C:\WINDOWS\cllfnc.dat
Removed! : C:\WINDOWS\cmtywk.dat
Removed! : C:\WINDOWS\crrg32.exe
Removed! : C:\WINDOWS\crrq.exe
Removed! : C:\WINDOWS\crto.exe
Removed! : C:\WINDOWS\cseisw.dat
Removed! : C:\WINDOWS\cunlgf.dat
Removed! : C:\WINDOWS\d3hy32.exe
Removed! : C:\WINDOWS\d3iv32.exe
Removed! : C:\WINDOWS\d3zp32.exe
Removed! : C:\WINDOWS\ddialb.dat
Removed! : C:\WINDOWS\desoqt.dat
Removed! : C:\WINDOWS\dfcqoj.dat
Removed! : C:\WINDOWS\dvbnue.dat
Removed! : C:\WINDOWS\dwgtzj.dat
Removed! : C:\WINDOWS\edmgzz.dat
Removed! : C:\WINDOWS\etdjjg.dat
Removed! : C:\WINDOWS\etdlwc.dat
Removed! : C:\WINDOWS\evkkts.dat
Removed! : C:\WINDOWS\evskhn.dat
Removed! : C:\WINDOWS\exjsju.dat
Removed! : C:\WINDOWS\exzprr.dat
Removed! : C:\WINDOWS\faqtps.dat
Removed! : C:\WINDOWS\fdkohz.dat
Removed! : C:\WINDOWS\fliltj.dat
Removed! : C:\WINDOWS\fufjcq.dat
Removed! : C:\WINDOWS\fupqtj.dat
Removed! : C:\WINDOWS\fywevc.dat
Removed! : C:\WINDOWS\gcffsv.dat
Removed! : C:\WINDOWS\gedisf.dat
Removed! : C:\WINDOWS\gjncam.dat
Removed! : C:\WINDOWS\gkxmrq.dat
Removed! : C:\WINDOWS\gladyh.dat
Removed! : C:\WINDOWS\gmsrex.dat
Removed! : C:\WINDOWS\gvsydo.dat
Removed! : C:\WINDOWS\hlrbwv.dat
Removed! : C:\WINDOWS\hnjcnz.dat
Removed! : C:\WINDOWS\hupexb.dat
Removed! : C:\WINDOWS\hzgddp.dat
Removed! : C:\WINDOWS\hzmkzl.dat
Removed! : C:\WINDOWS\iakiow.dat
Removed! : C:\WINDOWS\iegf.exe
Removed! : C:\WINDOWS\iegx.exe
Removed! : C:\WINDOWS\ikrien.dat
Removed! : C:\WINDOWS\ipff32.exe
Removed! : C:\WINDOWS\itdllz.dat
Removed! : C:\WINDOWS\ivcsiu.dat
Removed! : C:\WINDOWS\ivzlwg.dat
Removed! : C:\WINDOWS\javaex32.exe
Removed! : C:\WINDOWS\javafd.exe
Removed! : C:\WINDOWS\javavx.exe
Removed! : C:\WINDOWS\jcebpq.dat
Removed! : C:\WINDOWS\jhxznr.dat
Removed! : C:\WINDOWS\jjtxbh.dat
Removed! : C:\WINDOWS\jnsfiv.dat
Removed! : C:\WINDOWS\jpgmtm.dat
Removed! : C:\WINDOWS\jvivpr.dat
Removed! : C:\WINDOWS\jxebvv.dat
Removed! : C:\WINDOWS\jyxmvp.dat
Removed! : C:\WINDOWS\jzolzx.dat
Removed! : C:\WINDOWS\kjjnxf.dat
Removed! : C:\WINDOWS\kosgv.dat
Removed! : C:\WINDOWS\kqnvul.dat
Removed! : C:\WINDOWS\kumodn.dat
Removed! : C:\WINDOWS\kxrake.dat
Removed! : C:\WINDOWS\lcdpdg.dat
Removed! : C:\WINDOWS\lgndfv.dat
Removed! : C:\WINDOWS\lhsjmk.dat
Removed! : C:\WINDOWS\linmsa.dat
Removed! : C:\WINDOWS\loplcc.dat
Removed! : C:\WINDOWS\lphehm.dat
Removed! : C:\WINDOWS\lzaych.dat
Removed! : C:\WINDOWS\medwbm.dat
Removed! : C:\WINDOWS\metrnm.dat
Removed! : C:\WINDOWS\mphjpl.dat
Removed! : C:\WINDOWS\mrdci.dll
Removed! : C:\WINDOWS\mskmqn.dat
Removed! : C:\WINDOWS\myeozf.dat
Removed! : C:\WINDOWS\nckuwd.dat
Removed! : C:\WINDOWS\netba32.exe
Removed! : C:\WINDOWS\nijrd.dat
Removed! : C:\WINDOWS\nlpzwn.dat
Removed! : C:\WINDOWS\nmfimh.dat
Removed! : C:\WINDOWS\nnootw.dat
Removed! : C:\WINDOWS\nokmpm.dat
Removed! : C:\WINDOWS\ntof32.exe
Removed! : C:\WINDOWS\ntyx.dll
Removed! : C:\WINDOWS\n_dazlbw.dat
Removed! : C:\WINDOWS\n_dneiav.dat
Removed! : C:\WINDOWS\n_dtenlz.dat
Removed! : C:\WINDOWS\n_efjckz.dat
Removed! : C:\WINDOWS\n_fvjhkg.dat
Removed! : C:\WINDOWS\n_myvnnf.dat
Removed! : C:\WINDOWS\n_pacdit.dat
Removed! : C:\WINDOWS\n_qdqvwt.dat
Removed! : C:\WINDOWS\n_shhcmq.dat
Removed! : C:\WINDOWS\n_swqime.dat
Removed! : C:\WINDOWS\oaujbs.dat
Removed! : C:\WINDOWS\obqhxi.dat
Removed! : C:\WINDOWS\ogipnc.dat
Removed! : C:\WINDOWS\ojqgss.dat
Removed! : C:\WINDOWS\okpain.dat
Removed! : C:\WINDOWS\opeoas.dat
Removed! : C:\WINDOWS\oqzlgc.dat
Removed! : C:\WINDOWS\peqaog.dat
Removed! : C:\WINDOWS\piirin.dat
Removed! : C:\WINDOWS\pouzaa.dat
Removed! : C:\WINDOWS\ptivax.dat
Removed! : C:\WINDOWS\pycyfx.dat
Removed! : C:\WINDOWS\pzhoti.dat
Removed! : C:\WINDOWS\qckxqd.dat
Removed! : C:\WINDOWS\qetoyk.dat
Removed! : C:\WINDOWS\qjatkh.dat
Removed! : C:\WINDOWS\qkwjct.dat
Removed! : C:\WINDOWS\qlnada.dat
Removed! : C:\WINDOWS\qltvws.dat
Removed! : C:\WINDOWS\qmidkp.dat
Removed! : C:\WINDOWS\qnparx.dat
Removed! : C:\WINDOWS\qrtkoo.dat
Removed! : C:\WINDOWS\qtllhv.dat
Removed! : C:\WINDOWS\qtpked.dat
Removed! : C:\WINDOWS\rayeko.dat
Removed! : C:\WINDOWS\rehfxl.dat
Removed! : C:\WINDOWS\rkbwas.dat
Removed! : C:\WINDOWS\rnlknx.dat
Removed! : C:\WINDOWS\rqjvll.dat
Removed! : C:\WINDOWS\rqybgr.dat
Removed! : C:\WINDOWS\scuydi.dat
Removed! : C:\WINDOWS\sdknv.exe
Removed! : C:\WINDOWS\sdkop.dll
Removed! : C:\WINDOWS\sgilht.dat
Removed! : C:\WINDOWS\sgiriz.dat
Removed! : C:\WINDOWS\sinkhr.dat
Removed! : C:\WINDOWS\smuuum.dat
Removed! : C:\WINDOWS\srpxow.dat
Removed! : C:\WINDOWS\sysho.exe
Removed! : C:\WINDOWS\sysqu.dll
Removed! : C:\WINDOWS\syssg32.exe
Removed! : C:\WINDOWS\szhbvb.dat
Removed! : C:\WINDOWS\taxqpp.dat
Removed! : C:\WINDOWS\taztdj.dat
Removed! : C:\WINDOWS\tlvumn.dat
Removed! : C:\WINDOWS\trrxjw.dat
Removed! : C:\WINDOWS\ttsvfx.dat
Removed! : C:\WINDOWS\tzzlgy.dat
Removed! : C:\WINDOWS\uqniht.dat
Removed! : C:\WINDOWS\uruciy.dat
Removed! : C:\WINDOWS\uvfdas.dat
Removed! : C:\WINDOWS\vhxnmp.dat
Removed! : C:\WINDOWS\vmlieb.dat
Removed! : C:\WINDOWS\vrpgob.dat
Removed! : C:\WINDOWS\wbgfpw.dat
Removed! : C:\WINDOWS\wnarep.dat
Removed! : C:\WINDOWS\wnrdzf.dat
Removed! : C:\WINDOWS\wobvrn.dat
Removed! : C:\WINDOWS\wthszz.dat
Removed! : C:\WINDOWS\wxcunj.dat
Removed! : C:\WINDOWS\xefxuu.dat
Removed! : C:\WINDOWS\xijzbl.dat
Removed! : C:\WINDOWS\xixpgh.dat
Removed! : C:\WINDOWS\xlgbet.dat
Removed! : C:\WINDOWS\xrmsdu.dat
Removed! : C:\WINDOWS\xsohhp.dat
Removed! : C:\WINDOWS\yiyucd.dat
Removed! : C:\WINDOWS\ylrolc.dat
Removed! : C:\WINDOWS\ypacwo.dat
Removed! : C:\WINDOWS\yrfnbr.dat
Removed! : C:\WINDOWS\yrjgzs.dat
Removed! : C:\WINDOWS\yxfpof.dat
Removed! : C:\WINDOWS\yyozhq.dat
Removed! : C:\WINDOWS\zpythb.dat
Removed! : C:\WINDOWS\zqotrj.dat
Removed! : C:\WINDOWS\zvlyok.dat
Removed! : C:\WINDOWS\System32\addvw.dll
Removed! : C:\WINDOWS\System32\apixw32.dll
Removed! : C:\WINDOWS\System32\appaf32.dll
Removed! : C:\WINDOWS\System32\appbu32.dll
Removed! : C:\WINDOWS\System32\appci32.dll
Removed! : C:\WINDOWS\System32\appci32.exe
Removed! : C:\WINDOWS\System32\appka.dll
Removed! : C:\WINDOWS\System32\apptv32.exe
Removed! : C:\WINDOWS\System32\atlfo32.dll
Removed! : C:\WINDOWS\System32\atlfy32.dll
Removed! : C:\WINDOWS\System32\atlua32.dll
Removed! : C:\WINDOWS\System32\crhn.exe
Removed! : C:\WINDOWS\System32\ieli.dll
Removed! : C:\WINDOWS\System32\ielx.dll
Removed! : C:\WINDOWS\System32\ipoh32.exe
Removed! : C:\WINDOWS\System32\ipzt32.exe
Removed! : C:\WINDOWS\System32\javant32.exe
Removed! : C:\WINDOWS\System32\mfcjf.exe
Removed! : C:\WINDOWS\System32\mscx32.exe
Removed! : C:\WINDOWS\System32\msyg.exe
Removed! : C:\WINDOWS\System32\netec32.dll
Removed! : C:\WINDOWS\System32\ntpg.dll
Removed! : C:\WINDOWS\System32\ntpu32.exe
Removed! : C:\WINDOWS\System32\ntti.exe
Removed! : C:\WINDOWS\System32\ntup32.exe
Removed! : C:\WINDOWS\System32\ntyx32.exe
Removed! : C:\WINDOWS\System32\phoom.dat
Removed! : C:\WINDOWS\System32\pztiw.dat
Removed! : C:\WINDOWS\System32\pztiw.dll
Removed! : C:\WINDOWS\System32\rvflk.dat
Removed! : C:\WINDOWS\System32\sdkvp32.exe
Removed! : C:\WINDOWS\System32\sysoa32.dll
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 --------
About:Buster Version 1.26
Removed! : C:\WINDOWS\owjtu.dll
Removed! : C:\WINDOWS\uatcx.dat
Removed! : C:\WINDOWS\System32\ulzxh.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

And the new hijackthis logfile, it did write the first one over. I couldn't save it without doing so. I hope it is o.k.?

Logfile of HijackThis v1.98.0
Scan saved at 21:11:51, on 13-7-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Antivirus\Firewall\PavFires.exe
C:\Program Files\Panda Antivirus\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\appck32.exe
C:\Program Files\Panda Antivirus\AVENGINE.EXE
C:\Program Files\Panda Antivirus\apvxdwin.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\addzh32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
C:\Program Files\Panda Antivirus\pavProxy.exe
C:\WINDOWS\System32\srv.exe
C:\Program Files\Browser Hijack Blaster\bhblaster.exe
C:\Program Files\Acrobat Reader\Reader\AcroRd32.exe
C:\WINDOWS\Temp\Tijdelijke map 3 voor hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\peypa.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://peypa.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://kutnk.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\kutnk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\kutnk.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vkuoo.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/First2Enter/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat Reader\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Antivirus\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Antivirus\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [addzh32.exe] C:\WINDOWS\system32\addzh32.exe
O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\srv.exe
O4 - HKLM\..\RunOnce: [msxi32.exe] C:\WINDOWS\system32\msxi32.exe
O4 - HKLM\..\RunOnce: [addfu.exe] C:\WINDOWS\system32\addfu.exe
O4 - HKLM\..\RunOnce: [msbh32.exe] C:\WINDOWS\msbh32.exe
O4 - HKLM\..\RunOnce: [d3km.exe] C:\WINDOWS\d3km.exe
O4 - HKLM\..\RunOnce: [appib32.exe] C:\WINDOWS\appib32.exe
O4 - HKLM\..\RunOnce: [addur32.exe] C:\WINDOWS\addur32.exe
O4 - HKLM\..\RunOnce: [appck32.exe] C:\WINDOWS\appck32.exe
O4 - HKLM\..\RunOnce: [netbv.exe] C:\WINDOWS\system32\netbv.exe
O4 - HKLM\..\RunOnce: [appzx32.exe] C:\WINDOWS\system32\appzx32.exe
O4 - HKLM\..\RunOnce: [d3uy32.exe] C:\WINDOWS\system32\d3uy32.exe
O4 - HKLM\..\RunOnce: [atlqa.exe] C:\WINDOWS\atlqa.exe
O4 - HKLM\..\RunOnce: [netrp32.exe] C:\WINDOWS\netrp32.exe
O4 - HKLM\..\RunOnce: [sysir.exe] C:\WINDOWS\sysir.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.5.2.32\I -a
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {037B3D58-D14A-4C41-BDFD-BD779B0B97BA} (vxiewer control) - http://www.thepaymen...ild/vxiewer.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downlo..._1017_EN_XP.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.c.../one2oneSvc.cab
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downlo...040_pack_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo...thv32_EN_XP.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downlo...ice_5_EN_XP.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.co...ltInstaller.ocx
O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downlo...ice_4_EN_XP.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B73BC7C7-858B-49FA-BBDB-74DD77D1D9F3} ({B73BC7C7-858B-49FA-BBDB-74DD77D1D9F3}) - http://camz.tintel.nl/installcab.php
O16 - DPF: {C809C390-A77E-45DD-8C35-379D9431658D} (dialer_iptower.Class1) - http://www.ipxs.nl/php/ipxs.CAB
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downlo...tpe32_EN_XP.cab

#4 jwbirdsong

jwbirdsong

    Slasher O' spyware

  • Emeritus
  • PipPipPipPipPip
  • 2,045 posts

Posted 13 July 2004 - 09:07 PM

You are still running HJT from the TEMP folder...Just make a new floder (by Rt. Click (on the desktop if you wish)>new>Folder>name it HJT> and unzip/copy it to there.

Move HijackThis to it's own, permanent folder such as c:\HJT\HijackThis.exe <-----Very important; needed to keep/maintain backups in

Start you computer in SAFEMODE (instructions)

Press Ctrl+Alt+Del and 'end task' on any of the follow that are present
C:\WINDOWS\system32\addzh32.exe
C:\WINDOWS\System32\srv.exe
Start Hijack This
Put a check next to these in hijackthis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\peypa.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://peypa.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://kutnk.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\kutnk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\kutnk.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vkuoo.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/First2Enter/Portal/portal.html
O4 - HKLM\..\Run: [addzh32.exe] C:\WINDOWS\system32\addzh32.exe
O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\srv.exe
O4 - HKLM\..\RunOnce: [msxi32.exe] C:\WINDOWS\system32\msxi32.exe
O4 - HKLM\..\RunOnce: [addfu.exe] C:\WINDOWS\system32\addfu.exe
O4 - HKLM\..\RunOnce: [msbh32.exe] C:\WINDOWS\msbh32.exe
O4 - HKLM\..\RunOnce: [d3km.exe] C:\WINDOWS\d3km.exe
O4 - HKLM\..\RunOnce: [appib32.exe] C:\WINDOWS\appib32.exe
O4 - HKLM\..\RunOnce: [addur32.exe] C:\WINDOWS\addur32.exe
O4 - HKLM\..\RunOnce: [appck32.exe] C:\WINDOWS\appck32.exe
O4 - HKLM\..\RunOnce: [netbv.exe] C:\WINDOWS\system32\netbv.exe
O4 - HKLM\..\RunOnce: [appzx32.exe] C:\WINDOWS\system32\appzx32.exe
O4 - HKLM\..\RunOnce: [d3uy32.exe] C:\WINDOWS\system32\d3uy32.exe
O4 - HKLM\..\RunOnce: [atlqa.exe] C:\WINDOWS\atlqa.exe
O4 - HKLM\..\RunOnce: [netrp32.exe] C:\WINDOWS\netrp32.exe
O4 - HKLM\..\RunOnce: [sysir.exe] C:\WINDOWS\sysir.exe
THEN WITH ALL OTHER WINDOWS CLOSED ,press "Fix".

Make sure you are set to Show Hidden Files and Folders and delete the following files/folders:-
C:/Program Files/First2Enter/ <----ENTIRE FOLDER!!
C:\WINDOWS\system32\addzh32.exe
C:\WINDOWS\System32\srv.exe
C:\WINDOWS\system32\msxi32.exe
C:\WINDOWS\system32\addfu.exe
C:\WINDOWS\msbh32.exe
C:\WINDOWS\d3km.exe
C:\WINDOWS\appib32.exe
C:\WINDOWS\addur32.exe
C:\WINDOWS\appck32.exe
C:\WINDOWS\system32\netbv.exe
C:\WINDOWS\system32\appzx32.exe
C:\WINDOWS\system32\d3uy32.exe
C:\WINDOWS\atlqa.exe
C:\WINDOWS\netrp32.exe
C:\WINDOWS\sysir.exe

. Go to Start>Run and type 'Regedit' (no quotes0 then click Ok. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
and highlight Services in the left pane. In the right pane, look for any of these entries:

__NS_Service
__NS_Service_2
__NS_Service_3

If any are listed, right-click that entry in the right pane and choose Delete.

Again in Regedit, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root and highlight Root in the Left Pane. In the right pane, look for these entries (the number at the end should correspond to the first one you deleted above):

LEGACY___NS_Service
LEGACY___NS_Service_2
LEGACY___NS_Service_3

If you find it, right-click it in the right-pane and choose delete.

In this next step it is most important to have AdAware updated with the latest ref-files AND make sure you use these settings..


Now download Ad-Aware at http://www.lavasoftu...pport/download/
After installing AAW, and before running the program, FIRST update the reference file following these instructions.
- On the main AdAware screen hit the Check for Updates, hit the 'Connect' key; it will then connect, check for then ask if you want to download latest Ref. files (if one is available), accept. Once downloaded hit "Finish" (Green Checkmark)

Now do the following:

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."

Press "Scan Now"

- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:

Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys. Click 'Next' again
Right-click in that pane and choose "select all"

If it finds "bad" files and registry keys, press "Next" again
It will ask you whether you'd like to remove all checked items. Click OK.


Finally, close Ad-Aware

Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)
[*]C:\Windows\Temp\
[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\
[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <---This will delete your internet cache--including cookies. This is recommended and strongly suggested.
[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\
[*]Empty your "Recycle Bin"


Go ahead and reboot to "Normal Mode"

Do this now:
Start>Run>Search>Files and Folders..were going to look for 3 files so type the follow in the box one at a time and search for them---or just follow the steps below and get the new ones.
  • control.exe
  • hosts (no extention)
  • SDHelper.dll <---- This only applies if you have Spybot S&D installed
If control. exe is missing
Go here and download the version of control.exe for your operating system. Copy it to c:\windows\system32\

Download the Hoster from here
Press 'Restore Original Hosts' and press 'OK'
Exit Program.

If you have Spybot S&D installed and SDHelper.dll is missing, Go
here and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D (Default is in: C:\Program Files\Spybot - Search & Destroy)

Then Reboot again and post a fresh log back to this thread.
Things you need(all FREE)
Anti-Virus (Only One of these)
AVG Avast
Firewall (Only One here too)
Kerio(Direct Download) Zone Alarm
Misc. (Use all 3 together)
IE Spyads SpywareBlaster Spyware Guard
Windows Update (Once a week)
get all CRITICAL Updates

Things you want(Still Free)
Mozillia Firefox
Google Toolbar (stops pop-ups)
Ad-Aware
Spybot S&D
MS MVP Hosts file

Please donate to the site to help us help you. Info found HERE

Posted Image
PROUD member Since 2004

#5 jehudit

jehudit

    Member

  • New Member
  • Pip
  • 4 posts

Posted 17 July 2004 - 07:06 AM

ve done everything on the list. But I have few questions.

1.I had to remove everything in the folder Temporary Internet Files. There was a file desktop.dll which I didn't dare to delete beacause it said to me that the system wouldn't run proprely if I will do so. Do I have to delete or not?

2.I did run Spyboot and it still does find the same problems. usually it can fix them all except one: Magic control agent. It always sais thet msegcompid.dll is not a right copy of windows system and that I have to check it on the installation disk.
I tried to find it on the location Spybooy gave me but it wasn't there.

Spy Sweeper did found again adware CW3_NS3, other adware was Instant Access, SwichtDialer and VX2 Transponder and a trojan horse Hotand Sexy. This has been so from the begin that I downloaded Spy Sweeper. What ever I try it is still in my computer.
It makes me crazy. I know I have to be patient. I can again acces to my other e-amil adress so there are thing which did change to beter.

3. I do heve Ad Aware 6. profesional (built 158) installed alredy on my computer. I did check for updates, there wasn't any. Execpt some information about version 1.81 but I couldn't downloaded it.

This is my new hijacklist:

Logfile of HijackThis v1.98.0
Scan saved at 13:49:11, on 17-7-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Antivirus\Firewall\PavFires.exe
C:\Program Files\Panda Antivirus\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panda Antivirus\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ipha32.exe
C:\WINDOWS\javanl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Panda Antivirus\APVXDWIN.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panda Antivirus\pavProxy.exe
C:\Documents and Settings\Jitka\Bureaublad\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fhurs.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://peypa.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://fhurs.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\fhurs.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fhurs.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://peypa.dll/index.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat Reader\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {9404FFB4-AA7A-A757-2FB5-29D6F452E365} - C:\WINDOWS\javanl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Antivirus\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Antivirus\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [javanl.exe] C:\WINDOWS\javanl.exe
O4 - HKLM\..\RunOnce: [ipha32.exe] C:\WINDOWS\ipha32.exe
O4 - HKLM\..\RunOnce: [winju.exe] C:\WINDOWS\winju.exe
O4 - HKLM\..\RunOnce: [ipgb.exe] C:\WINDOWS\ipgb.exe
O4 - HKLM\..\RunOnce: [iegj32.exe] C:\WINDOWS\iegj32.exe
O4 - HKLM\..\RunOnce: [syslr32.exe] C:\WINDOWS\system32\syslr32.exe
O4 - HKLM\..\RunOnce: [d3fu.exe] C:\WINDOWS\system32\d3fu.exe
O4 - HKLM\..\RunOnce: [sdkly.exe] C:\WINDOWS\sdkly.exe
O4 - HKLM\..\RunOnce: [msfq32.exe] C:\WINDOWS\msfq32.exe
O4 - HKLM\..\RunOnce: [ieqv32.exe] C:\WINDOWS\ieqv32.exe
O4 - HKLM\..\RunOnce: [ntuk.exe] C:\WINDOWS\system32\ntuk.exe
O4 - HKLM\..\RunOnce: [ipqz.exe] C:\WINDOWS\ipqz.exe
O4 - HKLM\..\RunOnce: [mfcpj.exe] C:\WINDOWS\mfcpj.exe
O4 - HKLM\..\RunOnce: [appqh.exe] C:\WINDOWS\system32\appqh.exe
O4 - HKLM\..\RunOnce: [ntve32.exe] C:\WINDOWS\system32\ntve32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.5.2.32\I -a
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {037B3D58-D14A-4C41-BDFD-BD779B0B97BA} (vxiewer control) - http://www.thepaymen...ild/vxiewer.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downlo..._1018_EN_XP.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.c.../one2oneSvc.cab
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downlo...040_pack_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo...thv32_EN_XP.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downlo...ice_5_EN_XP.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.co...ltInstaller.ocx
O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downlo...ice_4_EN_XP.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B73BC7C7-858B-49FA-BBDB-74DD77D1D9F3} ({B73BC7C7-858B-49FA-BBDB-74DD77D1D9F3}) - http://camz.tintel.nl/installcab.php
O16 - DPF: {C809C390-A77E-45DD-8C35-379D9431658D} (dialer_iptower.Class1) - http://www.ipxs.nl/php/ipxs.CAB
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downlo...tpe32_EN_XP.cab

#6 jwbirdsong

jwbirdsong

    Slasher O' spyware

  • Emeritus
  • PipPipPipPipPip
  • 2,045 posts

Posted 17 July 2004 - 03:38 PM

Lets solve this AdAware problem B4 going any further....Why can you no t dowload Version 6.181?? What happens when you try?? Version 6181 isn't an update...you need to download the whole AdAware program and remove the old and install the new. This is of paramount imporance in trying to get rid of this.
http://www.lavasoft....ftware/adaware/

Also get the latest version (1.3) of about:buster and run it it has taken many advances since the version you have.

There are some undeletable files in the temp folders; it's OK they are used by windows (as a rule)

FYI here is a little info on Magic control agent.

But again let me stress the fact that you REALLY need to get verion 6.181 of Ad-Aware
Things you need(all FREE)
Anti-Virus (Only One of these)
AVG Avast
Firewall (Only One here too)
Kerio(Direct Download) Zone Alarm
Misc. (Use all 3 together)
IE Spyads SpywareBlaster Spyware Guard
Windows Update (Once a week)
get all CRITICAL Updates

Things you want(Still Free)
Mozillia Firefox
Google Toolbar (stops pop-ups)
Ad-Aware
Spybot S&D
MS MVP Hosts file

Please donate to the site to help us help you. Info found HERE

Posted Image
PROUD member Since 2004

#7 jehudit

jehudit

    Member

  • New Member
  • Pip
  • 4 posts

Posted 18 July 2004 - 11:37 AM

I did download the new ad aware 6 built 181. I run it and it fond almost 500 object. Thank you that you did let me do it. I do not find anymore magic control agent and it's look like the pop-up's stops to come.

I also up dated AboutBuster and run it. This is the result from 2 scans:

-- Scan 1 --------
About:Buster Version 1.30
Removed! : C:\WINDOWS\abzzr.dat
Removed! : C:\WINDOWS\addyl.exe
Removed! : C:\WINDOWS\adxpl.dat
Removed! : C:\WINDOWS\aexhk.dat
Removed! : C:\WINDOWS\afdvu.dat
Removed! : C:\WINDOWS\agxqt.dat
Removed! : C:\WINDOWS\anbdq.dat
Removed! : C:\WINDOWS\apiaa.dll
Removed! : C:\WINDOWS\apikf.exe
Removed! : C:\WINDOWS\appgm32.exe
Removed! : C:\WINDOWS\appvt32.exe
Removed! : C:\WINDOWS\atlwc.dll
Removed! : C:\WINDOWS\aumgq.dat
Removed! : C:\WINDOWS\awqhi.dat
Removed! : C:\WINDOWS\bdvxv.dat
Removed! : C:\WINDOWS\bewfx.dat
Removed! : C:\WINDOWS\bmddg.dat
Removed! : C:\WINDOWS\bmekb.dat
Removed! : C:\WINDOWS\bpgjt.dat
Removed! : C:\WINDOWS\brghy.dat
Removed! : C:\WINDOWS\cfuom.dat
Removed! : C:\WINDOWS\chhphx.dat
Removed! : C:\WINDOWS\clixh.dat
Removed! : C:\WINDOWS\cmebg.dll
Removed! : C:\WINDOWS\cndsk.dat
Removed! : C:\WINDOWS\csfuc.dat
Removed! : C:\WINDOWS\ctgxc.dat
Removed! : C:\WINDOWS\cuale.dat
Removed! : C:\WINDOWS\cujzb.dat
Removed! : C:\WINDOWS\cvdot.dat
Removed! : C:\WINDOWS\cvfud.dat
Removed! : C:\WINDOWS\czuytt.dat
Removed! : C:\WINDOWS\d3aw.dll
Removed! : C:\WINDOWS\dbamd.dat
Removed! : C:\WINDOWS\dbcox.dat
Removed! : C:\WINDOWS\dcrin.dat
Removed! : C:\WINDOWS\dhqtd.dat
Removed! : C:\WINDOWS\diyff.dat
Removed! : C:\WINDOWS\dkdef.dat
Removed! : C:\WINDOWS\drytz.dat
Removed! : C:\WINDOWS\dspny.dat
Removed! : C:\WINDOWS\ecibe.dat
Removed! : C:\WINDOWS\edrlh.dat
Removed! : C:\WINDOWS\embpt.dat
Removed! : C:\WINDOWS\endsr.dat
Removed! : C:\WINDOWS\eohvm.dat
Removed! : C:\WINDOWS\epwcr.dat
Removed! : C:\WINDOWS\epystf.dat
Removed! : C:\WINDOWS\erviy.dat
Removed! : C:\WINDOWS\euads.dat
Removed! : C:\WINDOWS\ewwuv.dll
Removed! : C:\WINDOWS\eyqvx.dat
Removed! : C:\WINDOWS\fhwke.dat
Removed! : C:\WINDOWS\fkorl.dat
Removed! : C:\WINDOWS\frcbi.dat
Removed! : C:\WINDOWS\frcww.dat
Removed! : C:\WINDOWS\ftfyj.dat
Removed! : C:\WINDOWS\ggcmv.dat
Removed! : C:\WINDOWS\ghhoe.dat
Removed! : C:\WINDOWS\gnikg.dat
Removed! : C:\WINDOWS\gqwec.dat
Removed! : C:\WINDOWS\gsvyc.dll
Removed! : C:\WINDOWS\gxfww.dat
Removed! : C:\WINDOWS\gxxnw.dll
Removed! : C:\WINDOWS\gzpft.dat
Removed! : C:\WINDOWS\hcqul.dat
Removed! : C:\WINDOWS\hcsyl.dat
Removed! : C:\WINDOWS\hdnsy.dll
Removed! : C:\WINDOWS\herhy.dat
Removed! : C:\WINDOWS\hfggy.dat
Removed! : C:\WINDOWS\htvff.dat
Removed! : C:\WINDOWS\hwfblq.dat
Removed! : C:\WINDOWS\hxfep.dat
Removed! : C:\WINDOWS\iannq.dat
Removed! : C:\WINDOWS\ibzut.dat
Removed! : C:\WINDOWS\ieue.dll
Removed! : C:\WINDOWS\ifjup.dat
Removed! : C:\WINDOWS\ipboc.dat
Removed! : C:\WINDOWS\ipdy.dll
Removed! : C:\WINDOWS\ipgy.exe
Removed! : C:\WINDOWS\ipha32.exe
Removed! : C:\WINDOWS\ipqz.exe
Removed! : C:\WINDOWS\ipvt32.exe
Removed! : C:\WINDOWS\iwfkz.dll
Removed! : C:\WINDOWS\iwgqy.dat
Removed! : C:\WINDOWS\iwzlk.dat
Removed! : C:\WINDOWS\javanc.dll
Removed! : C:\WINDOWS\javann.dll
Removed! : C:\WINDOWS\javats.exe
Removed! : C:\WINDOWS\javawr32.exe
Removed! : C:\WINDOWS\jbtud.dat
Removed! : C:\WINDOWS\jfyax.dat
Removed! : C:\WINDOWS\jpaek.dat
Removed! : C:\WINDOWS\jpwul.dat
Removed! : C:\WINDOWS\jvlff.dat
Removed! : C:\WINDOWS\jvzkm.dat
Removed! : C:\WINDOWS\jxkzk.dat
Removed! : C:\WINDOWS\jycmy.dat
Removed! : C:\WINDOWS\jzcyi.dat
Removed! : C:\WINDOWS\kbuzn.dat
Removed! : C:\WINDOWS\kceqc.dll
Removed! : C:\WINDOWS\kdbkk.dat
Removed! : C:\WINDOWS\kdxbp.dat
Removed! : C:\WINDOWS\kgbmz.dat
Removed! : C:\WINDOWS\kiahg.dat
Removed! : C:\WINDOWS\kiccd.dat
Removed! : C:\WINDOWS\kisar.dat
Removed! : C:\WINDOWS\kjvbq.dll
Removed! : C:\WINDOWS\klqjm.dat
Removed! : C:\WINDOWS\kutrs.dat
Removed! : C:\WINDOWS\kvudj.dat
Removed! : C:\WINDOWS\kxqoy.dat
Removed! : C:\WINDOWS\ljieh.dat
Removed! : C:\WINDOWS\lnokh.dat
Removed! : C:\WINDOWS\lpurm.dat
Removed! : C:\WINDOWS\lsbih.dat
Removed! : C:\WINDOWS\lwggw.dat
Removed! : C:\WINDOWS\mcesg.dat
Removed! : C:\WINDOWS\mehcj.dat
Removed! : C:\WINDOWS\mfcko32.exe
Removed! : C:\WINDOWS\mikbu.dat
Removed! : C:\WINDOWS\mktet.dat
Removed! : C:\WINDOWS\mlahw.dat
Removed! : C:\WINDOWS\mpira.dat
Removed! : C:\WINDOWS\mqvkp.dat
Removed! : C:\WINDOWS\mqvwa.dat
Removed! : C:\WINDOWS\mrkvq.dat
Removed! : C:\WINDOWS\msfq32.exe
Removed! : C:\WINDOWS\mywhg.dat
Removed! : C:\WINDOWS\nbdzo.dat
Removed! : C:\WINDOWS\ncvky.dat
Removed! : C:\WINDOWS\netgw32.dll
Removed! : C:\WINDOWS\netsr32.exe
Removed! : C:\WINDOWS\nfwnf.dat
Removed! : C:\WINDOWS\nlwvl.dat
Removed! : C:\WINDOWS\nmmiw.dat
Removed! : C:\WINDOWS\nowyf.dat
Removed! : C:\WINDOWS\npmpw.dat
Removed! : C:\WINDOWS\nppfn.dll
Removed! : C:\WINDOWS\ntjc.dll
Removed! : C:\WINDOWS\nvngd.dat
Removed! : C:\WINDOWS\nwacr.dat
Removed! : C:\WINDOWS\nyflc.dat
Removed! : C:\WINDOWS\nzivy.dat
Removed! : C:\WINDOWS\oexkp.dat
Removed! : C:\WINDOWS\okbuw.dat
Removed! : C:\WINDOWS\ooimb.dat
Removed! : C:\WINDOWS\orudl.dat
Removed! : C:\WINDOWS\orvpu.dat
Removed! : C:\WINDOWS\osvan.dat
Removed! : C:\WINDOWS\owhku.dat
Removed! : C:\WINDOWS\pfnxn.dat
Removed! : C:\WINDOWS\pjdix.dat
Removed! : C:\WINDOWS\pndas.dat
Removed! : C:\WINDOWS\pqdxf.dat
Removed! : C:\WINDOWS\prhro.dat
Removed! : C:\WINDOWS\qcxhu.dat
Removed! : C:\WINDOWS\qdnlv.dat
Removed! : C:\WINDOWS\qhisl.dat
Removed! : C:\WINDOWS\qhwpy.dat
Removed! : C:\WINDOWS\qkvpy.dat
Removed! : C:\WINDOWS\qrntv.dat
Removed! : C:\WINDOWS\qtqdb.dat
Removed! : C:\WINDOWS\qysmo.dll
Removed! : C:\WINDOWS\ralzn.dat
Removed! : C:\WINDOWS\rkyvf.dat
Removed! : C:\WINDOWS\rngxm.dat
Removed! : C:\WINDOWS\rnyod.dat
Removed! : C:\WINDOWS\rojco.dat
Removed! : C:\WINDOWS\rtdwh.dll
Removed! : C:\WINDOWS\rtjzx.dat
Removed! : C:\WINDOWS\rtygi.dll
Removed! : C:\WINDOWS\rwkcz.dat
Removed! : C:\WINDOWS\sdbdp.dat
Removed! : C:\WINDOWS\sdmiz.dll
Removed! : C:\WINDOWS\segvb.dat
Removed! : C:\WINDOWS\shflw.dat
Removed! : C:\WINDOWS\siysc.dat
Removed! : C:\WINDOWS\syscd32.exe
Removed! : C:\WINDOWS\sysdw32.exe
Removed! : C:\WINDOWS\syswc32.exe
Removed! : C:\WINDOWS\szrlo.dat
Removed! : C:\WINDOWS\tjnyn.dat
Removed! : C:\WINDOWS\tsqaug.dat
Removed! : C:\WINDOWS\twggo.dat
Removed! : C:\WINDOWS\twpvo.dat
Removed! : C:\WINDOWS\tybod.dat
Removed! : C:\WINDOWS\tycsb.dat
Removed! : C:\WINDOWS\tzecn.dat
Removed! : C:\WINDOWS\ufovo.dat
Removed! : C:\WINDOWS\ulzxhl.dat
Removed! : C:\WINDOWS\uvbod.dll
Removed! : C:\WINDOWS\uwbve.dat
Removed! : C:\WINDOWS\uwszp.dll
Removed! : C:\WINDOWS\veind.dat
Removed! : C:\WINDOWS\vggin.dll
Removed! : C:\WINDOWS\vmgul.dat
Removed! : C:\WINDOWS\vobwx.dat
Removed! : C:\WINDOWS\vqpjy.dat
Removed! : C:\WINDOWS\vtabu.dat
Removed! : C:\WINDOWS\vwwlg.dat
Removed! : C:\WINDOWS\vxjpp.dat
Removed! : C:\WINDOWS\wbirz.dll
Removed! : C:\WINDOWS\wgrjs.dat
Removed! : C:\WINDOWS\winju.exe
Removed! : C:\WINDOWS\winwn32.dll
Removed! : C:\WINDOWS\wsswz.dll
Removed! : C:\WINDOWS\wutlh.dat
Removed! : C:\WINDOWS\wwlmu.dat
Removed! : C:\WINDOWS\wyphs.dat
Removed! : C:\WINDOWS\xbcwa.dll
Removed! : C:\WINDOWS\xbhos.dat
Removed! : C:\WINDOWS\xfyrq.dat
Removed! : C:\WINDOWS\xgwvj.dat
Removed! : C:\WINDOWS\xiwsj.dat
Removed! : C:\WINDOWS\xnjhl.dll
Removed! : C:\WINDOWS\xuxrm.dat
Removed! : C:\WINDOWS\xvdbv.dat
Removed! : C:\WINDOWS\xvzws.dat
Removed! : C:\WINDOWS\ybcno.dat
Removed! : C:\WINDOWS\yblmp.dat
Removed! : C:\WINDOWS\ynhuc.dll
Removed! : C:\WINDOWS\yxubr.dat
Removed! : C:\WINDOWS\zdkym.dat
Removed! : C:\WINDOWS\zegmm.dat
Removed! : C:\WINDOWS\zejfg.dat
Removed! : C:\WINDOWS\zieti.dat
Removed! : C:\WINDOWS\zpzvf.dat
Removed! : C:\WINDOWS\zqrud.dat
Removed! : C:\WINDOWS\zsxxa.dat
Removed! : C:\WINDOWS\zvmys.dat
Removed! : C:\WINDOWS\zwlfi.dat
Removed! : C:\WINDOWS\zwotc.dat
Removed! : C:\WINDOWS\zxvum.dat
Removed! : C:\WINDOWS\zzcvx.dat
Removed! : C:\WINDOWS\System32\afjle.dat
Removed! : C:\WINDOWS\System32\ahrhd.dat
Removed! : C:\WINDOWS\System32\aiywv.dat
Removed! : C:\WINDOWS\System32\alonz.dat
Removed! : C:\WINDOWS\System32\aoyej.dat
Removed! : C:\WINDOWS\System32\apijk.exe
Removed! : C:\WINDOWS\System32\apild.exe
Removed! : C:\WINDOWS\System32\arffs.dat
Removed! : C:\WINDOWS\System32\atlay.exe
Removed! : C:\WINDOWS\System32\aurlt.dat
Removed! : C:\WINDOWS\System32\awask.dat
Removed! : C:\WINDOWS\System32\axcoy.dat
Removed! : C:\WINDOWS\System32\axcru.dat
Removed! : C:\WINDOWS\System32\axdvz.dat
Removed! : C:\WINDOWS\System32\axhlp.dat
Removed! : C:\WINDOWS\System32\axrwt.dat
Removed! : C:\WINDOWS\System32\bhfjg.dat
Removed! : C:\WINDOWS\System32\bhqqx.dat
Removed! : C:\WINDOWS\System32\bhzmg.dat
Removed! : C:\WINDOWS\System32\bnqmp.dat
Removed! : C:\WINDOWS\System32\bpuog.dat
Removed! : C:\WINDOWS\System32\bqxyr.dat
Removed! : C:\WINDOWS\System32\bvuoe.dat
Removed! : C:\WINDOWS\System32\cdawd.dat
Removed! : C:\WINDOWS\System32\cepll.dat
Removed! : C:\WINDOWS\System32\cexje.dat
Removed! : C:\WINDOWS\System32\cicly.dat
Removed! : C:\WINDOWS\System32\cifry.dat
Removed! : C:\WINDOWS\System32\clkwm.dat
Removed! : C:\WINDOWS\System32\clzqp.dat
Removed! : C:\WINDOWS\System32\cqsty.dat
Removed! : C:\WINDOWS\System32\crex32.exe
Removed! : C:\WINDOWS\System32\crgb32.exe
Removed! : C:\WINDOWS\System32\crkp32.exe
Removed! : C:\WINDOWS\System32\crnm.exe
Removed! : C:\WINDOWS\System32\ctlhh.dat
Removed! : C:\WINDOWS\System32\cubnm.dll
Removed! : C:\WINDOWS\System32\cwxty.dat
Removed! : C:\WINDOWS\System32\czuyq.dat
Removed! : C:\WINDOWS\System32\dcvar.dat
Removed! : C:\WINDOWS\System32\ddiut.dat
Removed! : C:\WINDOWS\System32\dgyln.dat
Removed! : C:\WINDOWS\System32\dhxoc.dat
Removed! : C:\WINDOWS\System32\diapw.dat
Removed! : C:\WINDOWS\System32\dkjkn.dat
Removed! : C:\WINDOWS\System32\dlgyn.dat
Removed! : C:\WINDOWS\System32\dltsp.dat
Removed! : C:\WINDOWS\System32\dmbse.dat
Removed! : C:\WINDOWS\System32\dpmgv.dat
Removed! : C:\WINDOWS\System32\dqvul.dll
Removed! : C:\WINDOWS\System32\dqxgm.dat
Removed! : C:\WINDOWS\System32\dtgpq.dat
Removed! : C:\WINDOWS\System32\dtmno.dat
Removed! : C:\WINDOWS\System32\dypjx.dat
Removed! : C:\WINDOWS\System32\echbh.dat
Removed! : C:\WINDOWS\System32\eebvx.dat
Removed! : C:\WINDOWS\System32\efkam.dat
Removed! : C:\WINDOWS\System32\ehtlh.dat
Removed! : C:\WINDOWS\System32\emzbb.dat
Removed! : C:\WINDOWS\System32\eovwz.dat
Removed! : C:\WINDOWS\System32\epaar.dat
Removed! : C:\WINDOWS\System32\eqfnj.dat
Removed! : C:\WINDOWS\System32\errqu.dat
Removed! : C:\WINDOWS\System32\ervld.dat
Removed! : C:\WINDOWS\System32\fbmwk.dat
Removed! : C:\WINDOWS\System32\feohl.dat
Removed! : C:\WINDOWS\System32\feyft.dat
Removed! : C:\WINDOWS\System32\fgdpg.dat
Removed! : C:\WINDOWS\System32\fmykr.dat
Removed! : C:\WINDOWS\System32\frepi.dat
Removed! : C:\WINDOWS\System32\fssjk.dat
Removed! : C:\WINDOWS\System32\ftpjw.dat
Removed! : C:\WINDOWS\System32\fwdao.dat
Removed! : C:\WINDOWS\System32\fxupr.dat
Removed! : C:\WINDOWS\System32\gbkav.dat
Removed! : C:\WINDOWS\System32\gbrxb.dat
Removed! : C:\WINDOWS\System32\gbxva.dat
Removed! : C:\WINDOWS\System32\gfrcn.dat
Removed! : C:\WINDOWS\System32\ghsqh.dat
Removed! : C:\WINDOWS\System32\gkvxq.dat
Removed! : C:\WINDOWS\System32\gxpwr.dat
Removed! : C:\WINDOWS\System32\gyfre.dat
Removed! : C:\WINDOWS\System32\hbbfe.dat
Removed! : C:\WINDOWS\System32\hbiqj.dat
Removed! : C:\WINDOWS\System32\hiltl.dat
Removed! : C:\WINDOWS\System32\hkuxc.dat
Removed! : C:\WINDOWS\System32\hnsfv.dat
Removed! : C:\WINDOWS\System32\hpsoh.dat
Removed! : C:\WINDOWS\System32\hrnzh.dat
Removed! : C:\WINDOWS\System32\hssmq.dat
Removed! : C:\WINDOWS\System32\hxngf.dat
Removed! : C:\WINDOWS\System32\hzkru.dat
Removed! : C:\WINDOWS\System32\iakfk.dat
Removed! : C:\WINDOWS\System32\iexq32.exe
Removed! : C:\WINDOWS\System32\ihqee.dat
Removed! : C:\WINDOWS\System32\ioacw.dat
Removed! : C:\WINDOWS\System32\ioluq.dat
Removed! : C:\WINDOWS\System32\isswz.dat
Removed! : C:\WINDOWS\System32\iuikh.dat
Removed! : C:\WINDOWS\System32\ivneq.dat
Removed! : C:\WINDOWS\System32\iyoqb.dat
Removed! : C:\WINDOWS\System32\iysbl.dat
Removed! : C:\WINDOWS\System32\javalh32.dll
Removed! : C:\WINDOWS\System32\jknfx.dat
Removed! : C:\WINDOWS\System32\jltve.dat
Removed! : C:\WINDOWS\System32\jtckt.dat
Removed! : C:\WINDOWS\System32\jtqsa.dat
Removed! : C:\WINDOWS\System32\jvowp.dat
Removed! : C:\WINDOWS\System32\jvyyp.dat
Removed! : C:\WINDOWS\System32\jxkud.dat
Removed! : C:\WINDOWS\System32\jzftk.dat
Removed! : C:\WINDOWS\System32\kahko.dll
Removed! : C:\WINDOWS\System32\kamvg.dat
Removed! : C:\WINDOWS\System32\kexrp.dat
Removed! : C:\WINDOWS\System32\kfpxx.dat
Removed! : C:\WINDOWS\System32\kfrsp.dat
Removed! : C:\WINDOWS\System32\kgkoe.dat
Removed! : C:\WINDOWS\System32\kiunt.dat
Removed! : C:\WINDOWS\System32\kjhuj.dat
Removed! : C:\WINDOWS\System32\kkgeb.dat
Removed! : C:\WINDOWS\System32\klhht.dat
Removed! : C:\WINDOWS\System32\klrre.dat
Removed! : C:\WINDOWS\System32\kmdvb.dat
Removed! : C:\WINDOWS\System32\ksipx.dat
Removed! : C:\WINDOWS\System32\ktogl.dat
Removed! : C:\WINDOWS\System32\kxkra.dat
Removed! : C:\WINDOWS\System32\kyoeh.dat
Removed! : C:\WINDOWS\System32\kzbps.dat
Removed! : C:\WINDOWS\System32\lbwyu.dat
Removed! : C:\WINDOWS\System32\lebit.dat
Removed! : C:\WINDOWS\System32\leini.dat
Removed! : C:\WINDOWS\System32\llinc.dat
Removed! : C:\WINDOWS\System32\lloxn.dat
Removed! : C:\WINDOWS\System32\lmxxa.dat
Removed! : C:\WINDOWS\System32\lrfwc.dll
Removed! : C:\WINDOWS\System32\lxvfr.dat
Removed! : C:\WINDOWS\System32\mbieb.dat
Removed! : C:\WINDOWS\System32\mdfdc.dat
Removed! : C:\WINDOWS\System32\mfcfh32.dll
Removed! : C:\WINDOWS\System32\mfcqx.exe
Removed! : C:\WINDOWS\System32\mfcuj.exe
Removed! : C:\WINDOWS\System32\mfsde.dat
Removed! : C:\WINDOWS\System32\mfyos.dat
Removed! : C:\WINDOWS\System32\mlnnh.dat
Removed! : C:\WINDOWS\System32\mngta.dat
Removed! : C:\WINDOWS\System32\mrtgf.dll
Removed! : C:\WINDOWS\System32\msfg32.dll
Removed! : C:\WINDOWS\System32\msgfv.dat
Removed! : C:\WINDOWS\System32\mslhq.dat
Removed! : C:\WINDOWS\System32\mtiig.dat
Removed! : C:\WINDOWS\System32\mtiph.dat
Removed! : C:\WINDOWS\System32\mvzte.dat
Removed! : C:\WINDOWS\System32\mwcqa.dat
Removed! : C:\WINDOWS\System32\nclhv.dat
Removed! : C:\WINDOWS\System32\ndaub.dat
Removed! : C:\WINDOWS\System32\nfjxs.dat
Removed! : C:\WINDOWS\System32\ngmnk.dat
Removed! : C:\WINDOWS\System32\nhfsq.dat
Removed! : C:\WINDOWS\System32\njero.dat
Removed! : C:\WINDOWS\System32\nmcqf.dat
Removed! : C:\WINDOWS\System32\npclq.dll
Removed! : C:\WINDOWS\System32\nrmld.dat
Removed! : C:\WINDOWS\System32\nseod.dat
Removed! : C:\WINDOWS\System32\ntdxc.dat
Removed! : C:\WINDOWS\System32\ntkl32.exe
Removed! : C:\WINDOWS\System32\ntspf.dat
Removed! : C:\WINDOWS\System32\ntve32.exe
Removed! : C:\WINDOWS\System32\nvafl.dat
Removed! : C:\WINDOWS\System32\nvraq.dll
Removed! : C:\WINDOWS\System32\oemmn.dat
Removed! : C:\WINDOWS\System32\oexkm.dat
Removed! : C:\WINDOWS\System32\ohleh.dat
Removed! : C:\WINDOWS\System32\ohsqr.dat
Removed! : C:\WINDOWS\System32\olpcj.dat
Removed! : C:\WINDOWS\System32\onbpa.dat
Removed! : C:\WINDOWS\System32\onhuv.dat
Removed! : C:\WINDOWS\System32\oqrgo.dat
Removed! : C:\WINDOWS\System32\paeae.dat
Removed! : C:\WINDOWS\System32\pbmef.dat
Removed! : C:\WINDOWS\System32\phbzy.dat
Removed! : C:\WINDOWS\System32\phmrn.dat
Removed! : C:\WINDOWS\System32\pkwmv.dat
Removed! : C:\WINDOWS\System32\pvlll.dll
Removed! : C:\WINDOWS\System32\pxdxt.dat
Removed! : C:\WINDOWS\System32\pyuxw.dat
Removed! : C:\WINDOWS\System32\qcpzp.dat
Removed! : C:\WINDOWS\System32\qcqnk.dat
Removed! : C:\WINDOWS\System32\qedtw.dat
Removed! : C:\WINDOWS\System32\qexpu.dat
Removed! : C:\WINDOWS\System32\qfcql.dat
Removed! : C:\WINDOWS\System32\qgqgd.dat
Removed! : C:\WINDOWS\System32\qhdlc.dat
Removed! : C:\WINDOWS\System32\qmpiu.dat
Removed! : C:\WINDOWS\System32\qmuuc.dat
Removed! : C:\WINDOWS\System32\qqydg.dat
Removed! : C:\WINDOWS\System32\qwqpa.dat
Removed! : C:\WINDOWS\System32\qzlbh.dat
Removed! : C:\WINDOWS\System32\rbolz.dat
Removed! : C:\WINDOWS\System32\rcxid.dat
Removed! : C:\WINDOWS\System32\rfwba.dat
Removed! : C:\WINDOWS\System32\rgcfj.dat
Removed! : C:\WINDOWS\System32\rkunh.dat
Removed! : C:\WINDOWS\System32\rzkrb.dat
Removed! : C:\WINDOWS\System32\sbzls.dat
Removed! : C:\WINDOWS\System32\sdkdl32.exe
Removed! : C:\WINDOWS\System32\sdket.exe
Removed! : C:\WINDOWS\System32\sdkih.dll
Removed! : C:\WINDOWS\System32\sebvt.dat
Removed! : C:\WINDOWS\System32\sethb.dat
Removed! : C:\WINDOWS\System32\sevca.dat
Removed! : C:\WINDOWS\System32\skchs.dat
Removed! : C:\WINDOWS\System32\spbgk.dat
Removed! : C:\WINDOWS\System32\spxjq.dat
Removed! : C:\WINDOWS\System32\srxxp.dat
Removed! : C:\WINDOWS\System32\svjre.dat
Removed! : C:\WINDOWS\System32\sysbh32.exe
Removed! : C:\WINDOWS\System32\sysek.exe
Removed! : C:\WINDOWS\System32\syslr32.exe
Removed! : C:\WINDOWS\System32\taxqp.dat
Removed! : C:\WINDOWS\System32\tlibn.dat
Removed! : C:\WINDOWS\System32\tmpcw.dat
Removed! : C:\WINDOWS\System32\tpmyl.dat
Removed! : C:\WINDOWS\System32\tsdri.dat
Removed! : C:\WINDOWS\System32\tskpu.dat
Removed! : C:\WINDOWS\System32\tsnjs.dat
Removed! : C:\WINDOWS\System32\tttzk.dat
Removed! : C:\WINDOWS\System32\tvrgz.dll
Removed! : C:\WINDOWS\System32\txxio.dat
Removed! : C:\WINDOWS\System32\ucgiv.dat
Removed! : C:\WINDOWS\System32\ugqaa.dll
Removed! : C:\WINDOWS\System32\ugwud.dat
Removed! : C:\WINDOWS\System32\uijdj.dat
Removed! : C:\WINDOWS\System32\ujapk.dat
Removed! : C:\WINDOWS\System32\umgbn.dat
Removed! : C:\WINDOWS\System32\umvvg.dat
Removed! : C:\WINDOWS\System32\uoamj.dat
Removed! : C:\WINDOWS\System32\uospy.dat
Removed! : C:\WINDOWS\System32\upvlr.dat
Removed! : C:\WINDOWS\System32\urdzc.dat
Removed! : C:\WINDOWS\System32\vbktq.dat
Removed! : C:\WINDOWS\System32\vgssu.dat
Removed! : C:\WINDOWS\System32\viaib.dat
Removed! : C:\WINDOWS\System32\vnbqf.dat
Removed! : C:\WINDOWS\System32\volzp.dat
Removed! : C:\WINDOWS\System32\vpidh.dll
Removed! : C:\WINDOWS\System32\vrenx.dat
Removed! : C:\WINDOWS\System32\vrpys.dat
Removed! : C:\WINDOWS\System32\vsaar.dat
Removed! : C:\WINDOWS\System32\vvwsc.dat
Removed! : C:\WINDOWS\System32\vwupv.dat
Removed! : C:\WINDOWS\System32\vzezz.dat
Removed! : C:\WINDOWS\System32\vzztq.dat
Removed! : C:\WINDOWS\System32\wclbj.dat
Removed! : C:\WINDOWS\System32\wetwd.dat
Removed! : C:\WINDOWS\System32\wfmbj.dat
Removed! : C:\WINDOWS\System32\winhr32.dll
Removed! : C:\WINDOWS\System32\wlzzs.dat
Removed! : C:\WINDOWS\System32\wnffd.dat
Removed! : C:\WINDOWS\System32\wolsk.dat
Removed! : C:\WINDOWS\System32\woqcp.dat
Removed! : C:\WINDOWS\System32\wovcu.dll
Removed! : C:\WINDOWS\System32\wpktu.dat
Removed! : C:\WINDOWS\System32\wqscg.dat
Removed! : C:\WINDOWS\System32\wyehs.dat
Removed! : C:\WINDOWS\System32\wyjyk.dat
Removed! : C:\WINDOWS\System32\xanxe.dat
Removed! : C:\WINDOWS\System32\xelea.dat
Removed! : C:\WINDOWS\System32\xgaxn.dat
Removed! : C:\WINDOWS\System32\xglmc.dat
Removed! : C:\WINDOWS\System32\xglnp.dat
Removed! : C:\WINDOWS\System32\xgrgt.dat
Removed! : C:\WINDOWS\System32\xgxhm.dat
Removed! : C:\WINDOWS\System32\xiaxz.dat
Removed! : C:\WINDOWS\System32\xigdg.dat
Removed! : C:\WINDOWS\System32\xlkxt.dat
Removed! : C:\WINDOWS\System32\xqdpp.dat
Removed! : C:\WINDOWS\System32\xuzsu.dat
Removed! : C:\WINDOWS\System32\xwvrp.dat
Removed! : C:\WINDOWS\System32\xzycg.dat
Removed! : C:\WINDOWS\System32\yamtu.dat
Removed! : C:\WINDOWS\System32\yboiy.dat
Removed! : C:\WINDOWS\System32\ybrnw.dat
Removed! : C:\WINDOWS\System32\yehdk.dat
Removed! : C:\WINDOWS\System32\yenty.dat
Removed! : C:\WINDOWS\System32\yfbmz.dat
Removed! : C:\WINDOWS\System32\yfhsi.dat
Removed! : C:\WINDOWS\System32\yfkgz.dat
Removed! : C:\WINDOWS\System32\yghzv.dat
Removed! : C:\WINDOWS\System32\yhfgx.dat
Removed! : C:\WINDOWS\System32\ylijr.dat
Removed! : C:\WINDOWS\System32\yvtll.dat
Removed! : C:\WINDOWS\System32\yxbqm.dat
Removed! : C:\WINDOWS\System32\zaowq.dat
Removed! : C:\WINDOWS\System32\zbfzu.dll
Removed! : C:\WINDOWS\System32\zcols.dat
Removed! : C:\WINDOWS\System32\zdzvq.dat
Removed! : C:\WINDOWS\System32\zeyow.dat
Removed! : C:\WINDOWS\System32\zmhed.dat
Removed! : C:\WINDOWS\System32\znzoq.dat
Removed! : C:\WINDOWS\System32\zpoxg.dat
Removed! : C:\WINDOWS\System32\zqdlg.dll
Removed! : C:\WINDOWS\System32\zsazd.dat
Removed! : C:\WINDOWS\System32\zswrm.dat
Removed! : C:\WINDOWS\System32\ztdmb.dat
Removed! : C:\WINDOWS\System32\ztyha.dat
Removed! : C:\WINDOWS\System32\zurgz.dat
Removed! : C:\WINDOWS\System32\zxfbk.dat
Removed! : C:\WINDOWS\System32\zxnat.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!


-- Scan 1 --------
About:Buster Version 1.30
Attempted Clean Of Temp folder.
Pages Reset... Done!


I also made new hijack list:

Logfile of HijackThis v1.98.0
Scan saved at 18:36:34, on 18-7-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Antivirus\Firewall\PavFires.exe
C:\Program Files\Panda Antivirus\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panda Antivirus\AVENGINE.EXE
C:\Program Files\Panda Antivirus\apvxdwin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Antivirus\pavProxy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\winqg32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
C:\Program Files\Browser Hijack Blaster\bhblaster.exe
C:\Program Files\Browser Hijack Blaster\bhblaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jitka\Bureaublad\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\peypa.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat Reader\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Antivirus\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Antivirus\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winqg32.exe] C:\WINDOWS\system32\winqg32.exe
O4 - HKLM\..\Run: [ntwq.exe] C:\WINDOWS\system32\ntwq.exe
O4 - HKLM\..\RunOnce: [ipgb.exe] C:\WINDOWS\ipgb.exe
O4 - HKLM\..\RunOnce: [iegj32.exe] C:\WINDOWS\iegj32.exe
O4 - HKLM\..\RunOnce: [d3fu.exe] C:\WINDOWS\system32\d3fu.exe
O4 - HKLM\..\RunOnce: [sdkly.exe] C:\WINDOWS\sdkly.exe
O4 - HKLM\..\RunOnce: [ieqv32.exe] C:\WINDOWS\ieqv32.exe
O4 - HKLM\..\RunOnce: [ntuk.exe] C:\WINDOWS\system32\ntuk.exe
O4 - HKLM\..\RunOnce: [mfcpj.exe] C:\WINDOWS\mfcpj.exe
O4 - HKLM\..\RunOnce: [appqh.exe] C:\WINDOWS\system32\appqh.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.5.2.32\I -a
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downlo..._1018_EN_XP.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.c.../one2oneSvc.cab
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downlo...040_pack_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo...thv32_EN_XP.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downlo...ice_5_EN_XP.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.co...ltInstaller.ocx
O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downlo...ice_4_EN_XP.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B73BC7C7-858B-49FA-BBDB-74DD77D1D9F3} ({B73BC7C7-858B-49FA-BBDB-74DD77D1D9F3}) - http://camz.tintel.nl/installcab.php
O16 - DPF: {C809C390-A77E-45DD-8C35-379D9431658D} (dialer_iptower.Class1) - http://www.ipxs.nl/php/ipxs.CAB
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downlo...tpe32_EN_XP.cab




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button