Hijack, maybe? (Resolved)
-
Hijack, maybe? (Resolved)
Hi all,
Have checked this site out every now and then and thought that it seemed very helpful..well, now I or should I say my girlfriend has a problem..and it goes like this..
she starts up her pc (XP Pro), logs in and then she gets up an error box with info about a file named neted.exe. After she has clicked on the "do not send error msg to Microsoft" the error box dissapears - but then 2 seconds later it pops back up. No matter how many times we close down that error box it reappears. We just go around in a loop and never get to the desktop.
I can hit the ctrl/alt/delete buttons and get up the files in use and found a few that do not seem to belong at home there...here is a list of those files..
MSAJ.EXE - D3PM.EXE - MFCKY.EXE - ADDDC.EXE and ADDJO.EXE.
I tried to terminate these services but could not, they just kept coming back.
I believe these to maybe be some type of hi-jacking files...is there anyway we can get rid of these so that we can get to the desktop again..
Thanks for any help you peps can give me..
Sir_Angus
-
Sounds like you have a bit of a spyware problem there. Take a look at the Hijack This logs post at the top of this forum or click here. Run the appropriate programs and then post your Hijack This Log in this thread.
-
Hi,
Thanks for your reply..I have now done a ad-aware and a spybot on my girlfriends pc. Have downloaded Hijackthis and run the scan...this is the contents of the log file...once again thanks for your help...
Logfile of HijackThis v1.98.2
Scan saved at 17:25:34, on 2004-08-09
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\d3mp32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\sdkmr32.exe
C:\Program\Compaq\Easy Access Button Support\cpqeadm.exe
C:\PROGRAM\COMPAQ\EASYAC~1\BTTNSERV.EXE
C:\PROGRAM\COMPAQ\EASYAC~1\EAUSBKBD.EXE
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Winamp\winamp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\d3pj.exe
C:\Program\Hijack This\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vlucb.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vlucb.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vlucb.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vlucb.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vlucb.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vlucb.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vlucb.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - Default URLSearchHook is missing
F1 - win.ini: run=fntldr.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {BCB99081-0AC4-8206-BF74-BD55E631D60D} - C:\WINDOWS\crcq32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [d3pj.exe] C:\WINDOWS\d3pj.exe
O4 - HKLM\..\RunServices: [SystemSAS] system32.exe
O4 - HKLM\..\RunOnce: [winnt32.exe] C:\WINDOWS\system32\winnt32.exe
O4 - HKLM\..\RunOnce: [crcy32.exe] C:\WINDOWS\crcy32.exe
O4 - HKLM\..\RunOnce: [apifr.exe] C:\WINDOWS\apifr.exe
O4 - HKLM\..\RunOnce: [crfb32.exe] C:\WINDOWS\crfb32.exe
O4 - HKLM\..\RunOnce: [msqt32.exe] C:\WINDOWS\system32\msqt32.exe
O4 - HKLM\..\RunOnce: [sdkoq.exe] C:\WINDOWS\system32\sdkoq.exe
O4 - HKLM\..\RunOnce: [appzd.exe] C:\WINDOWS\system32\appzd.exe
O4 - HKLM\..\RunOnce: [iexw.exe] C:\WINDOWS\iexw.exe
O4 - HKLM\..\RunOnce: [msfn.exe] C:\WINDOWS\msfn.exe
O4 - HKLM\..\RunOnce: [msev32.exe] C:\WINDOWS\msev32.exe
O4 - HKLM\..\RunOnce: [d3eq.exe] C:\WINDOWS\d3eq.exe
O4 - HKLM\..\RunOnce: [sysve.exe] C:\WINDOWS\sysve.exe
O4 - HKLM\..\RunOnce: [addxc32.exe] C:\WINDOWS\system32\addxc32.exe
O4 - HKLM\..\RunOnce: [ipun32.exe] C:\WINDOWS\system32\ipun32.exe
O4 - HKLM\..\RunOnce: [apiju32.exe] C:\WINDOWS\apiju32.exe
O4 - HKLM\..\RunOnce: [msfu.exe] C:\WINDOWS\msfu.exe
O4 - HKLM\..\RunOnce: [netjl32.exe] C:\WINDOWS\netjl32.exe
O4 - HKLM\..\RunOnce: [netuz.exe] C:\WINDOWS\system32\netuz.exe
O4 - HKLM\..\RunOnce: [msaj.exe] C:\WINDOWS\system32\msaj.exe
O4 - HKLM\..\RunOnce: [d3pm.exe] C:\WINDOWS\d3pm.exe
O4 - HKLM\..\RunOnce: [mfchl32.exe] C:\WINDOWS\mfchl32.exe
O4 - HKLM\..\RunOnce: [appgt.exe] C:\WINDOWS\appgt.exe
O4 - HKLM\..\RunOnce: [apijb.exe] C:\WINDOWS\apijb.exe
O4 - HKLM\..\RunOnce: [sdkvp.exe] C:\WINDOWS\sdkvp.exe
O4 - HKLM\..\RunOnce: [javahn.exe] C:\WINDOWS\javahn.exe
O4 - HKLM\..\RunOnce: [addlu32.exe] C:\WINDOWS\addlu32.exe
O4 - HKLM\..\RunOnce: [neted.exe] C:\WINDOWS\system32\neted.exe
O4 - HKLM\..\RunOnce: [mfcky.exe] C:\WINDOWS\system32\mfcky.exe
O4 - HKLM\..\RunOnce: [adddc.exe] C:\WINDOWS\system32\adddc.exe
O4 - HKLM\..\RunOnce: [addjo.exe] C:\WINDOWS\system32\addjo.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Winamp.lnk = C:\Program\Winamp\winamp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: Win32 Classes -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} (ColorApplication Control) - http://clients.theshining.nu/colorap...rAppOnline.cab
O19 - User stylesheet: (file missing)
-
You've been hijacked by a particularly nasty CWS variant. Please follow these instructions to get rid of it:
Close all browser windows, restart Hijack This and put a checkmark next to the following entries:
O2 - BHO: (no name) - {BCB99081-0AC4-8206-BF74-BD55E631D60D} - C:\WINDOWS\crcq32.dll
O4 - HKLM\..\RunOnce: [winnt32.exe] C:\WINDOWS\system32\winnt32.exe
O4 - HKLM\..\RunOnce: [crcy32.exe] C:\WINDOWS\crcy32.exe
O4 - HKLM\..\RunOnce: [apifr.exe] C:\WINDOWS\apifr.exe
O4 - HKLM\..\RunOnce: [crfb32.exe] C:\WINDOWS\crfb32.exe
O4 - HKLM\..\RunOnce: [msqt32.exe] C:\WINDOWS\system32\msqt32.exe
O4 - HKLM\..\RunOnce: [sdkoq.exe] C:\WINDOWS\system32\sdkoq.exe
O4 - HKLM\..\RunOnce: [appzd.exe] C:\WINDOWS\system32\appzd.exe
O4 - HKLM\..\RunOnce: [iexw.exe] C:\WINDOWS\iexw.exe
O4 - HKLM\..\RunOnce: [msfn.exe] C:\WINDOWS\msfn.exe
O4 - HKLM\..\RunOnce: [msev32.exe] C:\WINDOWS\msev32.exe
O4 - HKLM\..\RunOnce: [d3eq.exe] C:\WINDOWS\d3eq.exe
O4 - HKLM\..\RunOnce: [sysve.exe] C:\WINDOWS\sysve.exe
O4 - HKLM\..\RunOnce: [addxc32.exe] C:\WINDOWS\system32\addxc32.exe
O4 - HKLM\..\RunOnce: [ipun32.exe] C:\WINDOWS\system32\ipun32.exe
O4 - HKLM\..\RunOnce: [apiju32.exe] C:\WINDOWS\apiju32.exe
O4 - HKLM\..\RunOnce: [msfu.exe] C:\WINDOWS\msfu.exe
O4 - HKLM\..\RunOnce: [netjl32.exe] C:\WINDOWS\netjl32.exe
O4 - HKLM\..\RunOnce: [netuz.exe] C:\WINDOWS\system32\netuz.exe
O4 - HKLM\..\RunOnce: [msaj.exe] C:\WINDOWS\system32\msaj.exe
O4 - HKLM\..\RunOnce: [d3pm.exe] C:\WINDOWS\d3pm.exe
O4 - HKLM\..\RunOnce: [mfchl32.exe] C:\WINDOWS\mfchl32.exe
O4 - HKLM\..\RunOnce: [appgt.exe] C:\WINDOWS\appgt.exe
O4 - HKLM\..\RunOnce: [apijb.exe] C:\WINDOWS\apijb.exe
O4 - HKLM\..\RunOnce: [sdkvp.exe] C:\WINDOWS\sdkvp.exe
O4 - HKLM\..\RunOnce: [javahn.exe] C:\WINDOWS\javahn.exe
O4 - HKLM\..\RunOnce: [addlu32.exe] C:\WINDOWS\addlu32.exe
O4 - HKLM\..\RunOnce: [neted.exe] C:\WINDOWS\system32\neted.exe
O4 - HKLM\..\RunOnce: [mfcky.exe] C:\WINDOWS\system32\mfcky.exe
O4 - HKLM\..\RunOnce: [adddc.exe] C:\WINDOWS\system32\adddc.exe
O4 - HKLM\..\RunOnce: [addjo.exe] C:\WINDOWS\system32\addjo.exe
Click Fix Checked
Then please download About:Buster and unzip it to your desktop. Then boot into safe mode (Instructions here). Start it, hit Ok, Start, And Ok again to start the scan. It will generate a log. Post that log along with a new Hijack this log here.
-
Hi Owen,
OK, done as you said....checked the boxes you said and removed them...downloaded Buster and ran in safe mode..here is the log for that..
Scanned at: 20:29:49 on: 2004-08-09
-- Scan 1 --------
About:Buster Version 2.11
Reference List : 11
Removed 1 Random Key Entries
Failed to Delete Service Key 4
Failed to Delete Service Key 6
Error Removing! : C:\WINDOWS\rgpseq.dat
Removed! : C:\WINDOWS\tsaprw.dat
Removed! : C:\WINDOWS\ykgnhl.dat
Removed! : C:\WINDOWS\znrjtr.dat
Removed! : C:\WINDOWS\xjaotj.dat
Removed! : C:\WINDOWS\hhuxq.dat
Removed! : C:\WINDOWS\jdswoy.dat
Removed! : C:\WINDOWS\docsbf.dat
Removed! : C:\WINDOWS\qmlknq.dat
Removed! : C:\WINDOWS\qmlkn.dat
Removed! : C:\WINDOWS\jdswo.dat
Removed! : C:\WINDOWS\fkajy.dat
Removed! : C:\WINDOWS\mivvv.dat
Removed! : C:\WINDOWS\hfyzv.dat
Error Removing! : C:\WINDOWS\aqdbfc.dat
Removed! : C:\WINDOWS\n_aqdbfc.dat
Removed! : C:\WINDOWS\d3cq.exe
Removed! : C:\WINDOWS\zwcbz.dll
Removed! : C:\WINDOWS\nleoqt.dat
Removed! : C:\WINDOWS\oowkdz.dat
Removed! : C:\WINDOWS\vuawl.dat
Removed! : C:\WINDOWS\xxsty.dll
Removed! : C:\WINDOWS\pxggs.dat
Removed! : C:\WINDOWS\qqljc.dat
Removed! : C:\WINDOWS\tijjl.dat
Removed! : C:\WINDOWS\tsapr.dat
Removed! : C:\WINDOWS\pjwwm.dat
Removed! : C:\WINDOWS\qmhsy.dat
Removed! : C:\WINDOWS\rfmuj.dll
Removed! : C:\WINDOWS\utufy.dat
Removed! : C:\WINDOWS\vehzi.dll
Removed! : C:\WINDOWS\lyjyh.dat
Removed! : C:\WINDOWS\fwapg.dat
Removed! : C:\WINDOWS\asyfd.dat
Removed! : C:\WINDOWS\bdrcq.dat
Removed! : C:\WINDOWS\cnweb.dll
Removed! : C:\WINDOWS\ccann.dat
Removed! : C:\WINDOWS\eyqdk.dll
Removed! : C:\WINDOWS\hrgna.dat
Removed! : C:\WINDOWS\knelx.dat
Removed! : C:\WINDOWS\mcyhih.dat
Removed! : C:\WINDOWS\xcxbuj.dat
Removed! : C:\WINDOWS\zoqyoq.dat
Removed! : C:\WINDOWS\xiwjw.dll
Error Removing! : C:\WINDOWS\n_lkwqds.dat
Removed! : C:\WINDOWS\n_jfctks.dat
Removed! : C:\WINDOWS\mqitzg.dat
Removed! : C:\WINDOWS\muvwey.dat
Removed! : C:\WINDOWS\javack.exe
Removed! : C:\WINDOWS\plxwow.dat
Error Removing! : C:\WINDOWS\yazfxt.dat
Removed! : C:\WINDOWS\daiam.dll
Error Removing! : C:\WINDOWS\zycifw.dat
Removed! : C:\WINDOWS\ajves.dat
Removed! : C:\WINDOWS\cfkdp.dat
Removed! : C:\WINDOWS\xhewj.dat
Removed! : C:\WINDOWS\adcmg.dat
Removed! : C:\WINDOWS\bomjb.dat
Removed! : C:\WINDOWS\gtujo.dat
Removed! : C:\WINDOWS\uwaat.dat
Removed! : C:\WINDOWS\wryyq.dat
Removed! : C:\WINDOWS\pcjmd.dll
Removed! : C:\WINDOWS\uhyxsg.dat
Removed! : C:\WINDOWS\ewanww.dat
Removed! : C:\WINDOWS\qtnvfd.dat
Removed! : C:\WINDOWS\emfpi.dat
Removed! : C:\WINDOWS\xxplv.dll
Removed! : C:\WINDOWS\crcy32.exe
Removed! : C:\WINDOWS\apifr.exe
Removed! : C:\WINDOWS\xmmhxo.dat
Error Removing! : C:\WINDOWS\rwgtqn.dat
Removed! : C:\WINDOWS\milhwz.dat
Removed! : C:\WINDOWS\eqmgk.dat
Removed! : C:\WINDOWS\hbirmu.dat
Removed! : C:\WINDOWS\ceiwr.dat
Removed! : C:\WINDOWS\vptse.dat
Removed! : C:\WINDOWS\wzymo.dat
Removed! : C:\WINDOWS\xkrjb.dll
Removed! : C:\WINDOWS\zzmtzd.dat
Removed! : C:\WINDOWS\ksskd.dat
Removed! : C:\WINDOWS\moqba.dat
Removed! : C:\WINDOWS\d3eq.exe
Removed! : C:\WINDOWS\mswvpv.dat
Removed! : C:\WINDOWS\kupby.dat
Removed! : C:\WINDOWS\mqnrv.dat
Removed! : C:\WINDOWS\eqtrjb.dat
Removed! : C:\WINDOWS\tbtrod.dat
Removed! : C:\WINDOWS\ykuxw.dat
Removed! : C:\WINDOWS\zdhzy.dll
Removed! : C:\WINDOWS\ucmyvs.dat
Removed! : C:\WINDOWS\oosue.dat
Removed! : C:\WINDOWS\qsikb.dat
Removed! : C:\WINDOWS\apiju32.exe
Removed! : C:\WINDOWS\hfcqsb.dat
Removed! : C:\WINDOWS\diduat.dat
Removed! : C:\WINDOWS\qeyyfp.dat
Removed! : C:\WINDOWS\ejymf.dat
Removed! : C:\WINDOWS\gqkknj.dat
Removed! : C:\WINDOWS\winqd.dll
Error Removing! : C:\WINDOWS\racucb.dat
Removed! : C:\WINDOWS\fupgie.dat
Removed! : C:\WINDOWS\dlnpb.dat
Error Removing! : C:\WINDOWS\tmooqr.dat
Removed! : C:\WINDOWS\rqqly.dat
Removed! : C:\WINDOWS\pdgct.dat
Removed! : C:\WINDOWS\tmgjw.dat
Removed! : C:\WINDOWS\tmgjw.dll
Removed! : C:\WINDOWS\iexw.exe
Removed! : C:\WINDOWS\qgrzo.dll
Removed! : C:\WINDOWS\mfchl32.exe
Removed! : C:\WINDOWS\netji.dll
Removed! : C:\WINDOWS\ysumr.dat
Removed! : C:\WINDOWS\aosko.dat
Removed! : C:\WINDOWS\aosko.dll
Removed! : C:\WINDOWS\dnoipx.dat
Removed! : C:\WINDOWS\sickm.dat
Removed! : C:\WINDOWS\ptlegm.dat
Removed! : C:\WINDOWS\pibaq.dat
Removed! : C:\WINDOWS\hhgcu.dat
Removed! : C:\WINDOWS\jcesr.dat
Removed! : C:\WINDOWS\znhlr.dat
Removed! : C:\WINDOWS\bixbo.dll
Removed! : C:\WINDOWS\ypjly.dll
Removed! : C:\WINDOWS\javahn.exe
Removed! : C:\WINDOWS\okpee.dll
Removed! : C:\WINDOWS\lgjtm.dat
Removed! : C:\WINDOWS\teohv.dat
Removed! : C:\WINDOWS\uhzdh.dll
Removed! : C:\WINDOWS\hwgce.dll
Removed! : C:\WINDOWS\edexf.dll
Removed! : C:\WINDOWS\aspgq.dat
Removed! : C:\WINDOWS\wyyba.dat
Removed! : C:\WINDOWS\xrlvl.dll
Removed! : C:\WINDOWS\yuwrx.dat
Removed! : C:\WINDOWS\aquiv.dll
Removed! : C:\WINDOWS\fzasd.dat
Removed! : C:\WINDOWS\brwhx.dat
Removed! : C:\WINDOWS\duhds.dll
Removed! : C:\WINDOWS\tjbmu.dat
Removed! : C:\WINDOWS\wijhn.dll
Removed! : C:\WINDOWS\btfsi.dat
Removed! : C:\WINDOWS\nfurh.dat
Removed! : C:\WINDOWS\kxqgb.dat
Removed! : C:\WINDOWS\zkwzi.dat
Removed! : C:\WINDOWS\uwqov.dll
Removed! : C:\WINDOWS\ovgua.dat
Removed! : C:\WINDOWS\yzrey.dat
Removed! : C:\WINDOWS\gpaan.dat
Removed! : C:\WINDOWS\bvjnf.dat
Removed! : C:\WINDOWS\dztjs.dll
Removed! : C:\WINDOWS\avpvv.dll
Removed! : C:\WINDOWS\eilfh.dat
Removed! : C:\WINDOWS\ftwct.dat
Removed! : C:\WINDOWS\yymhz.dat
Removed! : C:\WINDOWS\ajwdm.dll
Removed! : C:\WINDOWS\urhwi.dat
Removed! : C:\WINDOWS\xfsop.dll
Removed! : C:\WINDOWS\oboyw.dat
Removed! : C:\WINDOWS\rxmpt.dll
Removed! : C:\WINDOWS\knkrb.dat
Removed! : C:\WINDOWS\irmae.dat
Removed! : C:\WINDOWS\irmae.dll
Removed! : C:\WINDOWS\iknzf.dat
Removed! : C:\WINDOWS\mlbku.dat
Removed! : C:\WINDOWS\qkxro.dat
Removed! : C:\WINDOWS\cvyvs.dll
Removed! : C:\WINDOWS\emytg.dat
Removed! : C:\WINDOWS\giwke.dat
Removed! : C:\WINDOWS\ztggy.dat
Removed! : C:\WINDOWS\znvom.dll
Removed! : C:\WINDOWS\qjnya.dat
Removed! : C:\WINDOWS\ipfp32.dll
Removed! : C:\WINDOWS\ahylq.dat
Removed! : C:\WINDOWS\ielj.dll
Removed! : C:\WINDOWS\javaro32.dll
Removed! : C:\WINDOWS\mqelk.dll
Removed! : C:\WINDOWS\wksvx.dat
Removed! : C:\WINDOWS\crte32.exe
Removed! : C:\WINDOWS\wixwj.dat
Removed! : C:\WINDOWS\qczxl.dll
Removed! : C:\WINDOWS\dpxvc.dat
Removed! : C:\WINDOWS\cefhzr.dat
Removed! : C:\WINDOWS\eqmub.dll
Removed! : C:\WINDOWS\zkmkq.dat
Removed! : C:\WINDOWS\fnmnbu.dat
Error Removing! : C:\WINDOWS\msss.dll
Removed! : C:\WINDOWS\ghdgz.dat
Removed! : C:\WINDOWS\crbe.exe
Removed! : C:\WINDOWS\bcpzb.dat
Removed! : C:\WINDOWS\dnivo.dat
Removed! : C:\WINDOWS\exnpy.dat
Removed! : C:\WINDOWS\xiyll.dll
Removed! : C:\WINDOWS\d3gf.dll
Removed! : C:\WINDOWS\kayrfi.dat
Removed! : C:\WINDOWS\cbqxzs.dat
Removed! : C:\WINDOWS\vbjcbd.dat
Removed! : C:\WINDOWS\ncupvf.dat
Removed! : C:\WINDOWS\cehrpg.dat
Removed! : C:\WINDOWS\ufzwrj.dat
Removed! : C:\WINDOWS\mfcxn32.dll
Removed! : C:\WINDOWS\ipjg.dll
Removed! : C:\WINDOWS\rlpdk.dat
Removed! : C:\WINDOWS\rlpdk.dll
Removed! : C:\WINDOWS\ffktp.dat
Removed! : C:\WINDOWS\gqupk.dat
Removed! : C:\WINDOWS\hbirm.dll
Removed! : C:\WINDOWS\jdzoy.dat
Removed! : C:\WINDOWS\funds.dat
Removed! : C:\WINDOWS\hqltp.dat
Removed! : C:\WINDOWS\bbeqc.dat
Removed! : C:\WINDOWS\hqltp.dll
Removed! : C:\WINDOWS\eamlm.dat
Removed! : C:\WINDOWS\wbuli.dll
Removed! : C:\WINDOWS\System32\winjl32.exe
Removed! : C:\WINDOWS\System32\jsmud.dat
Removed! : C:\WINDOWS\System32\znrjt.dat
Removed! : C:\WINDOWS\System32\ujpar.dat
Removed! : C:\WINDOWS\System32\syvar.dat
Removed! : C:\WINDOWS\System32\docsb.dat
Removed! : C:\WINDOWS\System32\uutqo.dat
Removed! : C:\WINDOWS\System32\neted.exe
Removed! : C:\WINDOWS\System32\ikfgi.dat
Removed! : C:\WINDOWS\System32\lroas.dat
Removed! : C:\WINDOWS\System32\vfenj.dat
Removed! : C:\WINDOWS\System32\hhcwq.dat
Removed! : C:\WINDOWS\System32\dflja.dat
Removed! : C:\WINDOWS\System32\addjo.exe
Removed! : C:\WINDOWS\System32\mfcky.exe
Removed! : C:\WINDOWS\System32\adddc.exe
Removed! : C:\WINDOWS\System32\eiaim.dat
Removed! : C:\WINDOWS\System32\eidzc.dat
Removed! : C:\WINDOWS\System32\sdkmr32.exe
Removed! : C:\WINDOWS\System32\vhlwg.dat
Removed! : C:\WINDOWS\System32\eqbnc.dat
Removed! : C:\WINDOWS\System32\gqgri.dat
Removed! : C:\WINDOWS\System32\alepf.dat
Removed! : C:\WINDOWS\System32\bwpds.dat
Removed! : C:\WINDOWS\System32\lvlgp.dat
Removed! : C:\WINDOWS\System32\gmzez.dat
Removed! : C:\WINDOWS\System32\syshr.dll
Removed! : C:\WINDOWS\System32\winnt32.exe
Removed! : C:\WINDOWS\System32\anocy.dat
Removed! : C:\WINDOWS\System32\cjmsv.dat
Removed! : C:\WINDOWS\System32\vlucb.dll
Removed! : C:\WINDOWS\System32\ifwms.dat
Removed! : C:\WINDOWS\System32\jqoif.dat
Removed! : C:\WINDOWS\System32\kbucp.dat
Removed! : C:\WINDOWS\System32\mskk32.dll
Removed! : C:\WINDOWS\System32\osngh.dat
Removed! : C:\WINDOWS\System32\appzd.exe
Removed! : C:\WINDOWS\System32\qrgan.dat
Removed! : C:\WINDOWS\System32\ttbht.dat
Removed! : C:\WINDOWS\System32\woegy.dat
Removed! : C:\WINDOWS\System32\xczre.dat
Removed! : C:\WINDOWS\System32\rxpqb.dat
Error Removing! : C:\WINDOWS\System32\winhq.dll
Removed! : C:\WINDOWS\System32\egwsj.dat
Removed! : C:\WINDOWS\System32\afmnt.dat
Removed! : C:\WINDOWS\System32\lnwrk.dat
Removed! : C:\WINDOWS\System32\gypva.dat
Removed! : C:\WINDOWS\System32\mswy32.exe
Removed! : C:\WINDOWS\System32\ehhik.dat
Removed! : C:\WINDOWS\System32\netfp32.dll
Removed! : C:\WINDOWS\System32\zracd.dat
Removed! : C:\WINDOWS\System32\bnqab.dat
Removed! : C:\WINDOWS\System32\dqjwn.dat
Removed! : C:\WINDOWS\System32\lxixt.dat
Removed! : C:\WINDOWS\System32\mfcid32.dll
Removed! : C:\WINDOWS\System32\zwnim.dat
Removed! : C:\WINDOWS\System32\xsocl.dat
Removed! : C:\WINDOWS\System32\iuuoc.dat
Removed! : C:\WINDOWS\System32\ntos32.dll
Removed! : C:\WINDOWS\System32\jcvnl.dat
Removed! : C:\WINDOWS\System32\kvbhw.dll
Removed! : C:\WINDOWS\System32\crhe32.dll
Removed! : C:\WINDOWS\System32\crpw32.dll
Removed! : C:\WINDOWS\System32\iuxkp.dat
Removed! : C:\WINDOWS\System32\dygqs.dat
Removed! : C:\WINDOWS\System32\fuegq.dll
Removed! : C:\WINDOWS\System32\mcyhi.dat
Removed! : C:\WINDOWS\System32\hefpv.dat
Removed! : C:\WINDOWS\System32\kxflp.dll
Removed! : C:\WINDOWS\System32\qnlee.dat
Removed! : C:\WINDOWS\System32\atlsd.dll
Removed! : C:\WINDOWS\System32\badgt.dat
Removed! : C:\WINDOWS\System32\cdocn.dll
Removed! : C:\WINDOWS\System32\ikqqh.dat
Removed! : C:\WINDOWS\System32\cdufi.dat
Removed! : C:\WINDOWS\System32\kvjmc.dll
Removed! : C:\WINDOWS\System32\bfict.dat
Removed! : C:\WINDOWS\System32\ndkgt.dat
Removed! : C:\WINDOWS\System32\vjgty.dat
Removed! : C:\WINDOWS\System32\xmrpl.dat
Removed! : C:\WINDOWS\System32\qaonh.dat
Removed! : C:\WINDOWS\System32\lwmme.dat
Removed! : C:\WINDOWS\System32\mzwir.dat
Removed! : C:\WINDOWS\System32\pzfuc.dat
Removed! : C:\WINDOWS\System32\xxyul.dat
Removed! : C:\WINDOWS\System32\rbwki.dat
Removed! : C:\WINDOWS\System32\xlmvj.dat
Removed! : C:\WINDOWS\System32\kueta.dat
Removed! : C:\WINDOWS\System32\kugvn.dat
Removed! : C:\WINDOWS\System32\bdpcx.dat
Removed! : C:\WINDOWS\System32\nqcjx.dat
Removed! : C:\WINDOWS\System32\gtnfs.dat
Removed! : C:\WINDOWS\System32\vgtyy.dat
Removed! : C:\WINDOWS\System32\axoos.dat
Removed! : C:\WINDOWS\System32\kqvam.dll
Removed! : C:\WINDOWS\System32\ybdoa.dat
Removed! : C:\WINDOWS\System32\bxbmy.dat
Removed! : C:\WINDOWS\System32\caljs.dat
Removed! : C:\WINDOWS\System32\inelk.dat
Removed! : C:\WINDOWS\System32\uyzkp.dat
Removed! : C:\WINDOWS\System32\umljp.dat
Removed! : C:\WINDOWS\System32\wqefc.dat
Removed! : C:\WINDOWS\System32\vbjgc.dat
Removed! : C:\WINDOWS\System32\wuxin.dll
Removed! : C:\WINDOWS\System32\ikqqk.dat
Removed! : C:\WINDOWS\System32\xmpfy.dat
Removed! : C:\WINDOWS\System32\zhnvw.dat
Removed! : C:\WINDOWS\System32\jjjfi.dat
Removed! : C:\WINDOWS\System32\lmtbv.dat
Removed! : C:\WINDOWS\System32\lfhdf.dll
Removed! : C:\WINDOWS\System32\bbivz.dat
Removed! : C:\WINDOWS\System32\ydbee.dll
Removed! : C:\WINDOWS\System32\svrfk.dat
Removed! : C:\WINDOWS\System32\dlolq.dat
Removed! : C:\WINDOWS\System32\zrwga.dat
Removed! : C:\WINDOWS\System32\dzvmh.dat
Removed! : C:\WINDOWS\System32\fvtke.dat
Removed! : C:\WINDOWS\System32\wczsu.dat
Removed! : C:\WINDOWS\System32\dznau.dat
Removed! : C:\WINDOWS\System32\xcyxh.dll
Removed! : C:\WINDOWS\System32\zwapj.dat
Removed! : C:\WINDOWS\System32\tvkfo.dat
Removed! : C:\WINDOWS\System32\qnguj.dat
Removed! : C:\WINDOWS\System32\gwwch.dat
Removed! : C:\WINDOWS\System32\flihe.dat
Removed! : C:\WINDOWS\System32\hhgyc.dat
Removed! : C:\WINDOWS\System32\eycnw.dll
Removed! : C:\WINDOWS\System32\rvdtz.dll
Removed! : C:\WINDOWS\System32\bwzcl.dll
Removed! : C:\WINDOWS\System32\wysvf.dat
Removed! : C:\WINDOWS\System32\xjdsa.dat
Removed! : C:\WINDOWS\System32\vowed.dat
Removed! : C:\WINDOWS\System32\gdaoj.dat
Removed! : C:\WINDOWS\System32\bkjbt.dat
Removed! : C:\WINDOWS\System32\zexmj.dll
Removed! : C:\WINDOWS\System32\evjrj.dat
Removed! : C:\WINDOWS\System32\avfgd.dat
Removed! : C:\WINDOWS\System32\cyquy.dll
Removed! : C:\WINDOWS\System32\flfmv.dat
Removed! : C:\WINDOWS\System32\hhvds.dat
Removed! : C:\WINDOWS\System32\laanr.dat
Removed! : C:\WINDOWS\System32\gzrib.dll
Removed! : C:\WINDOWS\System32\xuyuj.dat
Removed! : C:\WINDOWS\System32\wuszp.dll
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!
After that I ran the Hijack program again (in safe mode) and here is the log file for that...
Logfile of HijackThis v1.98.2
Scan saved at 20:31:24, on 2004-08-09
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program\Hijack This\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vlucb.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vlucb.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vlucb.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vlucb.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - Default URLSearchHook is missing
F1 - win.ini: run=fntldr.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {54255AC2-2B7F-9119-713D-1BFBB01E8BCD} - C:\WINDOWS\netji.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [d3pj.exe] C:\WINDOWS\d3pj.exe
O4 - HKLM\..\RunServices: [SystemSAS] system32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Winamp.lnk = C:\Program\Winamp\winamp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: Win32 Classes -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} (ColorApplication Control) - http://clients.theshining.nu/colorap...rAppOnline.cab
O19 - User stylesheet: (file missing)
My GF would like to say thanks for the help that you are giving us...
-
I need you to go back into Safe Mode again, Run About:Buster again.
Then reboot into Normal Mode and create a new Hijack This log.
Post both logs back here please 
-
Hi again,
Ok, made a booboo when saving down the buster log file so had to do it again...so here it is...(from safe mode)
Scanned at: 21:36:07 on: 2004-08-09
-- Scan 1 --------
About:Buster Version 2.11
Reference List : 11
Removed 1 Random Key Entries
Failed to Delete Service Key 4
Failed to Delete Service Key 6
Removed! : C:\WINDOWS\yazfxt.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!
Here comes the log file from Hijack (Normal mode)...
Logfile of HijackThis v1.98.2
Scan saved at 21:24:02, on 2004-08-09
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\d3mp32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program\Compaq\Easy Access Button Support\cpqeadm.exe
C:\WINDOWS\d3pj.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Winamp\winamp.exe
C:\PROGRAM\COMPAQ\EASYAC~1\BTTNSERV.EXE
C:\PROGRAM\COMPAQ\EASYAC~1\EAUSBKBD.EXE
C:\Program\Hijack This\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vlucb.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vlucb.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vlucb.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vlucb.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - Default URLSearchHook is missing
F1 - win.ini: run=fntldr.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {E4410E41-BFC6-F741-B0FA-9FF5146F9091} - C:\WINDOWS\apiuh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [d3pj.exe] C:\WINDOWS\d3pj.exe
O4 - HKLM\..\RunServices: [SystemSAS] system32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Winamp.lnk = C:\Program\Winamp\winamp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: Win32 Classes -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} (ColorApplication Control) - http://clients.theshining.nu/colorap...rAppOnline.cab
O19 - User stylesheet: (file missing)
Thanks...
-
Could you please download and run CWShredder which will get rid of the majority of CWS Browser Hijacker infections. Please ensure that you click Fix and click Ok to any prompts. Make sure you don't only scan.
-
Hi there,
OK, have now done the shredder but it did not do much (did fix not scan). When starting explorer we still get up a rouge homepage.
Here is the latest log from hijack...can I check and take away the strings that are high lighted red?? or do I need to run Buster again....Thanks
Logfile of HijackThis v1.98.2
Scan saved at 20:48:04, on 2004-08-10
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\d3mp32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Compaq\Easy Access Button Support\cpqeadm.exe
C:\WINDOWS\d3pj.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\PROGRAM\COMPAQ\EASYAC~1\BTTNSERV.EXE
C:\PROGRAM\COMPAQ\EASYAC~1\EAUSBKBD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program\Hijack This\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\svjvt.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\svjvt.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\svjvt.dll/index.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://C:\WINDOWS\system32\svjvt.dll/index.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\svjvt.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\svjvt.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\svjvt.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\svjvt.dll/index.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\svjvt.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\svjvt.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LänkarR3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {E4410E41-BFC6-F741-B0FA-9FF5146F9091} - C:\WINDOWS\apiuh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [d3pj.exe] C:\WINDOWS\d3pj.exe
O4 - HKLM\..\RunServices: [SystemSAS] system32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Winamp.lnk = C:\Program\Winamp\winamp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} (ColorApplication Control) - http://clients.theshining.nu/colorap...rAppOnline.cab
O19 - User stylesheet: (file missing)
-
Close all browser windows, restart Hijack This and put a checkmark next to the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\svjvt.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\svjvt.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\svjvt.dll/index.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://C:\WINDOWS\system32\svjvt.dll/index.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\svjvt.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\svjvt.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\svjvt.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\svjvt.dll/index.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\svjvt.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\svjvt.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {E4410E41-BFC6-F741-B0FA-9FF5146F9091} - C:\WINDOWS\apiuh.dll
O4 - HKLM\..\Run: [d3pj.exe] C:\WINDOWS\d3pj.exe
O4 - HKLM\..\RunServices: [SystemSAS] system32.exe
O19 - User stylesheet: (file missing)
Click Fix Checked
Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.
Then go to C:\Windows and delete the following:
d3pj.exe
Then go to Start> Search and Search for Files And Folders. Search for and delete:
system32.exe
Reboot and post a fresh log
