Jump to content


Photo

IE Homepage redirected continually!!


  • Please log in to reply
1 reply to this topic

#1 tzissos

tzissos

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 24 July 2004 - 06:05 PM

Please ignore this problem. I used ABOUT:BUSTER to fix the problem. Thanks



I see I am having the same problem as several posters. I have read the FAQ's and have tried to solve my problem (homepage changing) but it keeps returning. When I bring up the Task Manager and look at the running processes and then start IE I can see a couple of new processes appear. The names are not always the same and when I search for them I cannot find them. The names usually end in 32 (i.e. iplv32.exe, d3dn32.exe or d3yx32.exe). I can stop these processes and they will reappear once I invoke IE again. I have used regedit to remove the statement etc and they will change back also. People that do this should be shot!!

My homepage gets redirected to something like res://xxxxxxxxxxxxx.


Here is my Hijackthis logfile........Any help will be much appreciated. Thank you
so much.

Ted



Logfile of HijackThis v1.97.7
Scan saved at 3:47:49 PM, on 7/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\d3yx32.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\ACCELE~1\SYSTEM~1\sys_alert.exe
C:\Program Files\Common Files\eAcceleration\eanthology.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\iplv32.exe
C:\WINDOWS\d3yx32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ted.FAMILYROOM\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bqfcz.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bqfcz.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://bqfcz.dll/index.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\bqfcz.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = AT&T Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {07BF4602-E2FB-340F-985F-24FA453D5964} - C:\WINDOWS\mfcrn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
O4 - HKLM\..\Run: [w32Clock] w32Clock.exe
O4 - HKLM\..\Run: [eanth_system_patcher] C:\PROGRA~1\ACCELE~1\SYSTEM~1\sys_alert.exe /Startup
O4 - HKLM\..\Run: [WebScan] C:\Program Files\Acceleration Software\Anti-Virus\defscangui.exe -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [iplv32.exe] C:\WINDOWS\system32\iplv32.exe
O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup
O4 - HKLM\..\RunServices: [w32Clock] w32Clock.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKLM\..\RunOnce: [ntdh.exe] C:\WINDOWS\ntdh.exe
O4 - HKLM\..\RunOnce: [mszr.exe] C:\WINDOWS\mszr.exe
O4 - HKLM\..\RunOnce: [addbw.exe] C:\WINDOWS\system32\addbw.exe
O4 - HKLM\..\RunOnce: [d3yx32.exe] C:\WINDOWS\d3yx32.exe
O4 - HKLM\..\RunOnce: [crir.exe] C:\WINDOWS\crir.exe
O4 - HKLM\..\RunOnce: [netej32.exe] C:\WINDOWS\netej32.exe
O4 - HKLM\..\RunOnce: [d3gf32.exe] C:\WINDOWS\d3gf32.exe
O4 - HKLM\..\RunOnce: [msus.exe] C:\WINDOWS\msus.exe
O4 - HKLM\..\RunOnce: [atlsl32.exe] C:\WINDOWS\atlsl32.exe
O4 - HKLM\..\RunOnce: [crqm32.exe] C:\WINDOWS\system32\crqm32.exe
O4 - HKLM\..\RunOnce: [addzm.exe] C:\WINDOWS\system32\addzm.exe
O4 - HKLM\..\RunOnce: [ieah.exe] C:\WINDOWS\system32\ieah.exe
O4 - HKLM\..\RunOnce: [sysjb32.exe] C:\WINDOWS\system32\sysjb32.exe
O4 - HKLM\..\RunOnce: [atlod32.exe] C:\WINDOWS\system32\atlod32.exe
O4 - HKLM\..\RunOnce: [ipse32.exe] C:\WINDOWS\ipse32.exe
O4 - HKLM\..\RunOnce: [appbo.exe] C:\WINDOWS\system32\appbo.exe
O4 - HKLM\..\RunOnce: [netrr.exe] C:\WINDOWS\system32\netrr.exe
O4 - HKLM\..\RunOnce: [mfcyx32.exe] C:\WINDOWS\system32\mfcyx32.exe
O4 - HKLM\..\RunOnce: [ipgj.exe] C:\WINDOWS\ipgj.exe
O4 - HKLM\..\RunOnce: [sysen.exe] C:\WINDOWS\system32\sysen.exe
O4 - HKLM\..\RunOnce: [adduf.exe] C:\WINDOWS\system32\adduf.exe
O4 - HKLM\..\RunOnce: [sdkcw.exe] C:\WINDOWS\sdkcw.exe
O4 - HKLM\..\RunOnce: [apiht32.exe] C:\WINDOWS\system32\apiht32.exe
O4 - HKLM\..\RunOnce: [sdkik.exe] C:\WINDOWS\sdkik.exe
O4 - HKLM\..\RunOnce: [sdkya.exe] C:\WINDOWS\system32\sdkya.exe
O4 - HKLM\..\RunOnce: [appvy32.exe] C:\WINDOWS\appvy32.exe
O4 - HKLM\..\RunOnce: [addgg32.exe] C:\WINDOWS\addgg32.exe
O4 - HKLM\..\RunOnce: [crfg32.exe] C:\WINDOWS\crfg32.exe
O4 - HKLM\..\RunOnce: [mfcsc.exe] C:\WINDOWS\mfcsc.exe
O4 - HKLM\..\RunOnce: [atlvc32.exe] C:\WINDOWS\atlvc32.exe
O4 - HKLM\..\RunOnce: [winxc32.exe] C:\WINDOWS\winxc32.exe
O4 - HKLM\..\RunOnce: [atlzp.exe] C:\WINDOWS\atlzp.exe
O4 - HKLM\..\RunOnce: [msae32.exe] C:\WINDOWS\msae32.exe
O4 - HKLM\..\RunOnce: [sdkcy32.exe] C:\WINDOWS\system32\sdkcy32.exe
O4 - HKLM\..\RunOnce: [appxs32.exe] C:\WINDOWS\appxs32.exe
O4 - HKLM\..\RunOnce: [ieib32.exe] C:\WINDOWS\ieib32.exe
O4 - HKLM\..\RunOnce: [apibj.exe] C:\WINDOWS\apibj.exe
O4 - HKLM\..\RunOnce: [javaoa.exe] C:\WINDOWS\system32\javaoa.exe
O4 - HKLM\..\RunOnce: [d3qk32.exe] C:\WINDOWS\d3qk32.exe
O4 - HKLM\..\RunOnce: [sdkge32.exe] C:\WINDOWS\system32\sdkge32.exe
O4 - HKLM\..\RunOnce: [msnx.exe] C:\WINDOWS\system32\msnx.exe
O4 - HKLM\..\RunOnce: [sysrt.exe] C:\WINDOWS\system32\sysrt.exe
O4 - HKLM\..\RunOnce: [apibx.exe] C:\WINDOWS\system32\apibx.exe
O4 - HKLM\..\RunOnce: [mshm.exe] C:\WINDOWS\mshm.exe
O4 - HKLM\..\RunOnce: [atlel32.exe] C:\WINDOWS\atlel32.exe
O4 - HKLM\..\RunOnce: [addzg32.exe] C:\WINDOWS\addzg32.exe
O4 - HKLM\..\RunOnce: [netyr.exe] C:\WINDOWS\system32\netyr.exe
O4 - HKLM\..\RunOnce: [d3vz32.exe] C:\WINDOWS\d3vz32.exe
O4 - HKLM\..\RunOnce: [apiqu.exe] C:\WINDOWS\apiqu.exe
O4 - HKLM\..\RunOnce: [ipii32.exe] C:\WINDOWS\system32\ipii32.exe
O4 - HKLM\..\RunOnce: [msxh.exe] C:\WINDOWS\msxh.exe
O4 - HKLM\..\RunOnce: [addcj.exe] C:\WINDOWS\addcj.exe
O4 - HKLM\..\RunOnce: [mfcqg32.exe] C:\WINDOWS\mfcqg32.exe
O4 - HKLM\..\RunOnce: [mfcab32.exe] C:\WINDOWS\mfcab32.exe
O4 - HKLM\..\RunOnce: [netuk32.exe] C:\WINDOWS\netuk32.exe
O4 - HKLM\..\RunOnce: [apift.exe] C:\WINDOWS\system32\apift.exe
O4 - HKLM\..\RunOnce: [syssn.exe] C:\WINDOWS\syssn.exe
O4 - HKLM\..\RunOnce: [addac.exe] C:\WINDOWS\system32\addac.exe
O4 - HKLM\..\RunOnce: [javaen.exe] C:\WINDOWS\system32\javaen.exe
O4 - HKLM\..\RunOnce: [sdkcm32.exe] C:\WINDOWS\sdkcm32.exe
O4 - HKLM\..\RunOnce: [atlrk32.exe] C:\WINDOWS\atlrk32.exe
O4 - HKLM\..\RunOnce: [appqr32.exe] C:\WINDOWS\system32\appqr32.exe
O4 - HKLM\..\RunOnce: [addoh32.exe] C:\WINDOWS\addoh32.exe
O4 - HKLM\..\RunOnce: [appqf32.exe] C:\WINDOWS\system32\appqf32.exe
O4 - HKLM\..\RunOnce: [ipll32.exe] C:\WINDOWS\ipll32.exe
O4 - HKLM\..\RunOnce: [atlgf32.exe] C:\WINDOWS\atlgf32.exe
O4 - HKLM\..\RunOnce: [msth.exe] C:\WINDOWS\msth.exe
O4 - HKLM\..\RunOnce: [d3dd32.exe] C:\WINDOWS\d3dd32.exe
O4 - HKLM\..\RunOnce: [appmv.exe] C:\WINDOWS\system32\appmv.exe
O4 - HKLM\..\RunOnce: [ntnp.exe] C:\WINDOWS\system32\ntnp.exe
O4 - HKLM\..\RunOnce: [iexm32.exe] C:\WINDOWS\iexm32.exe
O4 - HKLM\..\RunOnce: [javayf32.exe] C:\WINDOWS\javayf32.exe
O4 - HKLM\..\RunOnce: [atlnd32.exe] C:\WINDOWS\system32\atlnd32.exe
O4 - HKLM\..\RunOnce: [syskn.exe] C:\WINDOWS\syskn.exe
O4 - HKLM\..\RunOnce: [msoo32.exe] C:\WINDOWS\msoo32.exe
O4 - HKLM\..\RunOnce: [ippy.exe] C:\WINDOWS\system32\ippy.exe
O4 - HKLM\..\RunOnce: [ntbp.exe] C:\WINDOWS\ntbp.exe
O4 - HKLM\..\RunOnce: [ieul.exe] C:\WINDOWS\ieul.exe
O4 - HKLM\..\RunOnce: [iekj32.exe] C:\WINDOWS\iekj32.exe
O4 - HKLM\..\RunOnce: [iptn32.exe] C:\WINDOWS\system32\iptn32.exe
O4 - HKLM\..\RunOnce: [appaz.exe] C:\WINDOWS\system32\appaz.exe
O4 - HKLM\..\RunOnce: [crpk.exe] C:\WINDOWS\crpk.exe
O4 - HKLM\..\RunOnce: [apiwf.exe] C:\WINDOWS\apiwf.exe
O4 - HKLM\..\RunOnce: [syswt32.exe] C:\WINDOWS\system32\syswt32.exe
O4 - HKLM\..\RunOnce: [atlzl32.exe] C:\WINDOWS\atlzl32.exe
O4 - HKLM\..\RunOnce: [sysfd32.exe] C:\WINDOWS\sysfd32.exe
O4 - HKLM\..\RunOnce: [atleh32.exe] C:\WINDOWS\atleh32.exe
O4 - HKLM\..\RunOnce: [apitr.exe] C:\WINDOWS\system32\apitr.exe
O4 - HKLM\..\RunOnce: [appkc.exe] C:\WINDOWS\system32\appkc.exe
O4 - HKLM\..\RunOnce: [ipud.exe] C:\WINDOWS\ipud.exe
O4 - HKLM\..\RunOnce: [netcx32.exe] C:\WINDOWS\system32\netcx32.exe
O4 - HKLM\..\RunOnce: [apiwq.exe] C:\WINDOWS\system32\apiwq.exe
O4 - HKLM\..\RunOnce: [sdkas.exe] C:\WINDOWS\system32\sdkas.exe
O4 - HKLM\..\RunOnce: [d3fz.exe] C:\WINDOWS\system32\d3fz.exe
O4 - HKLM\..\RunOnce: [addjf.exe] C:\WINDOWS\addjf.exe
O4 - HKLM\..\RunOnce: [mfcac32.exe] C:\WINDOWS\system32\mfcac32.exe
O4 - HKLM\..\RunOnce: [atlws.exe] C:\WINDOWS\atlws.exe
O4 - HKLM\..\RunOnce: [ntee.exe] C:\WINDOWS\ntee.exe
O4 - HKLM\..\RunOnce: [ntmd32.exe] C:\WINDOWS\ntmd32.exe
O4 - HKLM\..\RunOnce: [d3hd32.exe] C:\WINDOWS\system32\d3hd32.exe
O4 - HKLM\..\RunOnce: [sdkgd32.exe] C:\WINDOWS\system32\sdkgd32.exe
O4 - HKLM\..\RunOnce: [sdkpz.exe] C:\WINDOWS\system32\sdkpz.exe
O4 - HKLM\..\RunOnce: [netad32.exe] C:\WINDOWS\netad32.exe
O4 - HKLM\..\RunOnce: [winew.exe] C:\WINDOWS\winew.exe
O4 - HKLM\..\RunOnce: [javale32.exe] C:\WINDOWS\javale32.exe
O4 - HKLM\..\RunOnce: [appka.exe] C:\WINDOWS\system32\appka.exe
O4 - HKLM\..\RunOnce: [winpm.exe] C:\WINDOWS\system32\winpm.exe
O4 - HKLM\..\RunOnce: [netox.exe] C:\WINDOWS\system32\netox.exe
O4 - HKLM\..\RunOnce: [atlvp32.exe] C:\WINDOWS\system32\atlvp32.exe
O4 - HKLM\..\RunOnce: [apity32.exe] C:\WINDOWS\apity32.exe
O4 - HKLM\..\RunOnce: [winwr.exe] C:\WINDOWS\system32\winwr.exe
O4 - HKLM\..\RunOnce: [javaak32.exe] C:\WINDOWS\system32\javaak32.exe
O4 - HKLM\..\RunOnce: [appyg.exe] C:\WINDOWS\system32\appyg.exe
O4 - HKLM\..\RunOnce: [mfcig32.exe] C:\WINDOWS\system32\mfcig32.exe
O4 - HKLM\..\RunOnce: [apiex32.exe] C:\WINDOWS\apiex32.exe
O4 - HKLM\..\RunOnce: [msra32.exe] C:\WINDOWS\msra32.exe
O4 - HKLM\..\RunOnce: [d3xq32.exe] C:\WINDOWS\d3xq32.exe
O4 - HKLM\..\RunOnce: [iexc.exe] C:\WINDOWS\system32\iexc.exe
O4 - HKLM\..\RunOnce: [iemr32.exe] C:\WINDOWS\iemr32.exe
O4 - HKLM\..\RunOnce: [atlia32.exe] C:\WINDOWS\system32\atlia32.exe
O4 - HKLM\..\RunOnce: [appti32.exe] C:\WINDOWS\appti32.exe
O4 - HKLM\..\RunOnce: [sdkxm32.exe] C:\WINDOWS\system32\sdkxm32.exe
O4 - HKLM\..\RunOnce: [apihq32.exe] C:\WINDOWS\apihq32.exe
O4 - HKLM\..\RunOnce: [ntfs32.exe] C:\WINDOWS\ntfs32.exe
O4 - HKLM\..\RunOnce: [appkm.exe] C:\WINDOWS\appkm.exe
O4 - HKLM\..\RunOnce: [mfciq32.exe] C:\WINDOWS\system32\mfciq32.exe
O4 - HKLM\..\RunOnce: [d3nt.exe] C:\WINDOWS\system32\d3nt.exe
O4 - HKLM\..\RunOnce: [netsn.exe] C:\WINDOWS\system32\netsn.exe
O4 - HKLM\..\RunOnce: [appqd.exe] C:\WINDOWS\appqd.exe
O4 - HKLM\..\RunOnce: [netii.exe] C:\WINDOWS\system32\netii.exe
O4 - HKLM\..\RunOnce: [mfcvk.exe] C:\WINDOWS\mfcvk.exe
O4 - HKLM\..\RunOnce: [crxi.exe] C:\WINDOWS\crxi.exe
O4 - HKLM\..\RunOnce: [sdkqu.exe] C:\WINDOWS\system32\sdkqu.exe
O4 - HKLM\..\RunOnce: [apifn32.exe] C:\WINDOWS\system32\apifn32.exe
O4 - HKLM\..\RunOnce: [atlcc32.exe] C:\WINDOWS\atlcc32.exe
O4 - HKLM\..\RunOnce: [addxm.exe] C:\WINDOWS\system32\addxm.exe
O4 - HKLM\..\RunOnce: [mfcci.exe] C:\WINDOWS\system32\mfcci.exe
O4 - HKLM\..\RunOnce: [appad.exe] C:\WINDOWS\system32\appad.exe
O4 - HKLM\..\RunOnce: [sysiu.exe] C:\WINDOWS\sysiu.exe
O4 - HKLM\..\RunOnce: [ipux32.exe] C:\WINDOWS\ipux32.exe
O4 - HKLM\..\RunOnce: [atlti.exe] C:\WINDOWS\system32\atlti.exe
O4 - HKLM\..\RunOnce: [mskq.exe] C:\WINDOWS\system32\mskq.exe
O4 - HKLM\..\RunOnce: [wingo.exe] C:\WINDOWS\system32\wingo.exe
O4 - HKLM\..\RunOnce: [ipam.exe] C:\WINDOWS\ipam.exe
O4 - HKLM\..\RunOnce: [appqz.exe] C:\WINDOWS\system32\appqz.exe
O4 - HKLM\..\RunOnce: [netsu.exe] C:\WINDOWS\netsu.exe
O4 - HKLM\..\RunOnce: [neteh32.exe] C:\WINDOWS\system32\neteh32.exe
O4 - HKLM\..\RunOnce: [addhz.exe] C:\WINDOWS\system32\addhz.exe
O4 - HKLM\..\RunOnce: [atljm32.exe] C:\WINDOWS\atljm32.exe
O4 - HKLM\..\RunOnce: [mfccs32.exe] C:\WINDOWS\mfccs32.exe
O4 - HKLM\..\RunOnce: [mfcgx.exe] C:\WINDOWS\system32\mfcgx.exe
O4 - HKLM\..\RunOnce: [crll32.exe] C:\WINDOWS\crll32.exe
O4 - HKLM\..\RunOnce: [mfckk32.exe] C:\WINDOWS\mfckk32.exe
O4 - HKLM\..\RunOnce: [appdl.exe] C:\WINDOWS\appdl.exe
O4 - HKLM\..\RunOnce: [winlz.exe] C:\WINDOWS\system32\winlz.exe
O4 - HKLM\..\RunOnce: [javaap.exe] C:\WINDOWS\system32\javaap.exe
O4 - HKLM\..\RunOnce: [ieat.exe] C:\WINDOWS\ieat.exe
O4 - HKLM\..\RunOnce: [sysbu32.exe] C:\WINDOWS\sysbu32.exe
O4 - HKLM\..\RunOnce: [d3yd32.exe] C:\WINDOWS\d3yd32.exe
O4 - HKLM\..\RunOnce: [atlaj.exe] C:\WINDOWS\system32\atlaj.exe
O4 - HKLM\..\RunOnce: [appyz.exe] C:\WINDOWS\appyz.exe
O4 - HKLM\..\RunOnce: [crxu32.exe] C:\WINDOWS\crxu32.exe
O4 - HKLM\..\RunOnce: [atljf.exe] C:\WINDOWS\system32\atljf.exe
O4 - HKLM\..\RunOnce: [cris.exe] C:\WINDOWS\system32\cris.exe
O4 - HKLM\..\RunOnce: [addsv.exe] C:\WINDOWS\addsv.exe
O4 - HKLM\..\RunOnce: [javaqc32.exe] C:\WINDOWS\javaqc32.exe
O4 - HKLM\..\RunOnce: [apive32.exe] C:\WINDOWS\system32\apive32.exe
O4 - HKLM\..\RunOnce: [ippp32.exe] C:\WINDOWS\system32\ippp32.exe
O4 - HKLM\..\RunOnce: [ipnf32.exe] C:\WINDOWS\system32\ipnf32.exe
O4 - HKLM\..\RunOnce: [ipmx.exe] C:\WINDOWS\system32\ipmx.exe
O4 - HKLM\..\RunOnce: [d3ia.exe] C:\WINDOWS\d3ia.exe
O4 - HKLM\..\RunOnce: [addpe32.exe] C:\WINDOWS\addpe32.exe
O4 - HKLM\..\RunOnce: [netxy32.exe] C:\WINDOWS\netxy32.exe
O8 - Extra context menu item: Blubster Support - file://C:\Program Files\BlubsterSupport\System\Temp\blubstershop_script0.htm
O9 - Extra button: AIM (HKLM)
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/i...etup1.0.0.6.cab
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign...op-sign_csc.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abet...34006/lotto.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...38/QDow_AS2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8115.8868634259
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.../20/SassCln.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab28578.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.c...bs/downplug.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

Edited by tzissos, 24 July 2004 - 11:36 PM.


#2 billiebob

billiebob

    Caperjack

  • Retired Staff - Helper
  • PipPipPip
  • 248 posts

Posted 25 July 2004 - 06:12 AM

Download and run this fully working Trojan Hunter.
http://www.misec.net...nter/?aff=12129
.........................................................................................................
Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run CWShredder

How to start computer in safe mode

Then these 2 programs .
Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed
.................................................
Increase the strength of Ad-Aware by installing the VX2 Cleaner plug-in.
Close Ad-Aware 6.
Download the free VX2 Cleaner here.
Install the VX2 Cleaner.
Start Ad-Aware and click on "Plug-ins".
Select the VX2 Cleaner plug-in and click "Run Plugin".
If your computer isnít infected, click "Close".
If your computer is infected:
Select "Clean System".
Reboot your computer.
Scan your computer with Ad-Aware.
Remove any VX2 objects detected.
Reboot your computer again.
Run a second scan to make sure the files have been removed from your computer.
.................................................................
Download SPYBOT

After installing Spybot S&D, update it by using the "Update" button on the left panel of the program. Search for updates and download anything it finds

How to setup Ad-Aware and Spy-Bot S&D Check my signature for details

And after that, please do the following:

........................................................................
Get The latest Version of Hijackthis 1.98

Download 'Hijack This!'.HERE
Download link is on the left

Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe ,

Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save

Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for

hijackthis,most of what it lists will be harmless or even essential,

don't fix anything yet.

Reboot and post a new log

............................................................................................................




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button