Ive been hijacked by the looking-for.cc spy (Resolved)

  1. 12-10-2004  #11
    flew
    flew is offline Junior Member

    Re: Ive been hijacked by the looking-for.cc spy

    Owen,

    your instructions worked, thanks again. Hijack This log follows:

    Logfile of HijackThis v1.98.2
    Scan saved at 7:55:04 PM, on 10/11/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Family\Desktop\hijackthis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.xaxujdrehjgch.uk/O4s8382H...S/TyuQxsdE.htm
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [Book Logo Test Cash] C:\Documents and Settings\All Users\Application Data\Option user book logo\Amok The.exe
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab

    Thanks, FLEW

  3. 12-10-2004  #12
    owen
    owen is offline D-A-L Team Member (UK)
    Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.xaxujdrehjgch.uk/O4s8382...PS/TyuQxsdE.htm
    O4 - HKLM\..\Run: [Book Logo Test Cash] C:\Documents and Settings\All Users\Application Data\Option user book logo\Amok The.exe

    Click Fix Checked

    Reboot and post a fresh log
  4. 13-10-2004  #13
    flew
    flew is offline Junior Member
    Owen,
    Thank you for the help, I did everything you said and this is my log after that:
    Logfile of HijackThis v1.98.2
    Scan saved at 4:58:39 PM, on 10/12/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Greg\Application Data\hrdh.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Family\Desktop\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\pxues.dll/sp.html#28129
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked.exe
    O4 - HKCU\..\Run: [Saae] C:\Documents and Settings\Greg\Application Data\hrdh.exe
    O4 - HKCU\..\Run: [Ysuyakey] C:\WINDOWS\System32\?hkdsk.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
  5. 13-10-2004  #14
    owen
    owen is offline D-A-L Team Member (UK)
    Download About:Buster from http://www.downloads.subratam.org/AboutBuster.zip. Unzip it and leave it for now.

    Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\pxues.dll/sp.html#28129
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked.exe
    O4 - HKCU\..\Run: [Saae] C:\Documents and Settings\Greg\Application Data\hrdh.exe
    O4 - HKCU\..\Run: [Ysuyakey] C:\WINDOWS\System32\?hkdsk.exe

    Click Fix Checked

    Run About:Buster and let it remove your HomeSearch infection. It will create a log, post it back here.

    Delete the following files and folders:
    C:\WINDOWS\System32\msgked.exe
    C:\Documents and Settings\Greg\Application Data\hrdh.exe
    C:\WINDOWS\System32\?hkdsk.exe

    Reboot into normal mode

    Download Ad-aware SE from: http://www.lavasoft.de/support/download/

    Install the program and launch it.

    First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

    Next, we need to configure Ad-aware for a full scan.

    Click on the Gear icon (second from the left) to access the preferences/settings window

    1. In the General window make sure the following are selected:
    • Automatically save log-file
    • Automatically quarantine objects prior to removal
    • Safe Mode (always request confirmation)
    2. Click on the Scanning button on the left and select :
    • Scan Within Archives
    • Scan Active Processes
    • Scan Registry
    • Deep Scan Registry
    • Scan my IE favorites for banned URL’s
    • Scan my Hosts file
    • Under Click here to select drives + folders, choose:
    • All of your hard drives
    Click on the Advanced button on the left and select:
    • Include additional process information
    • Include additional file information
    • Include environment information
    Click the Tweak button and select:
    • Under the Scanning Engine:
      • Unload recognized processes & modules during scan
      • Include additional Ad-aware settings in logfile
    • Under the Cleaning Engine:
      • Let Windows remove files in use at next reboot
    Click on Proceed to save the settings.

    Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:
    • Use Custom Scanning Options
    Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

    Save the log file when it asks and then click Finish

    When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

    Reboot your computer and post a fresh Hijack This log
  6. 17-10-2004  #15
    flew
    flew is offline Junior Member
    Thanks again i dont know how many times ill say this but everytime you help i need to say it again.
    here is the about buster log:

    Scanned at: 4:02:45 PM on: 10/10/2004


    -- Scan 1 ---------------------------
    About:Buster Version 3.0
    Reference List : 15


    ADS not scanned System(FAT)
    Removed 3 Random Key Entries
    Deleted 1 Service Keys Successfully!
    Removed! : C:\WINDOWS\oanhc.dat
    Removed! : C:\WINDOWS\gglaxw.dat
    Removed! : C:\WINDOWS\yhdfrh.dat
    Removed! : C:\WINDOWS\nipicm.dat
    Removed! : C:\WINDOWS\mzngxn.dat
    Removed! : C:\WINDOWS\ipew.exe
    Removed! : C:\WINDOWS\aiqkzt.dat
    Removed! : C:\WINDOWS\mfchv.exe
    Removed! : C:\WINDOWS\n_fjhyhc.dat
    Removed! : C:\WINDOWS\n_gmsucj.dat
    Removed! : C:\WINDOWS\nipic.dat
    Removed! : C:\WINDOWS\qdngz.dat
    Removed! : C:\WINDOWS\clihmz.dat
    Removed! : C:\WINDOWS\n_bafsyv.dat
    Removed! : C:\WINDOWS\phnfvo.dat
    Removed! : C:\WINDOWS\hcybam.dat
    Removed! : C:\WINDOWS\rjbrwv.dat
    Removed! : C:\WINDOWS\ntbt32.exe
    Removed! : C:\WINDOWS\kuuorb.dat
    Removed! : C:\WINDOWS\uffthg.dat
    Removed! : C:\WINDOWS\edfnxa.dat
    Removed! : C:\WINDOWS\foqksh.dat
    Removed! : C:\WINDOWS\slhmr.dat
    Removed! : C:\WINDOWS\ovlevw.dat
    Removed! : C:\WINDOWS\yenqbu.dat
    Removed! : C:\WINDOWS\ntiv.exe
    Removed! : C:\WINDOWS\atlvb32.exe
    Removed! : C:\WINDOWS\ayxtxb.dat
    Removed! : C:\WINDOWS\dnalfo.dat
    Removed! : C:\WINDOWS\sysuk.exe
    Removed! : C:\WINDOWS\xughsl.dat
    Removed! : C:\WINDOWS\zfrdes.dat
    Removed! : C:\WINDOWS\n_bpbroz.dat
    Removed! : C:\WINDOWS\n_czgtyd.dat
    Removed! : C:\WINDOWS\sysli.exe
    Removed! : C:\WINDOWS\oeujjh.dat
    Removed! : C:\WINDOWS\leorr.dat
    Removed! : C:\WINDOWS\jfrxnt.dat
    Removed! : C:\WINDOWS\mhyne.dat
    Removed! : C:\WINDOWS\kxlkoy.dat
    Removed! : C:\WINDOWS\atlcl.exe
    Removed! : C:\WINDOWS\syszo.exe
    Removed! : C:\WINDOWS\gcqqcj.dat
    Removed! : C:\WINDOWS\brccg.dll
    Removed! : C:\WINDOWS\npreh.dll
    Removed! : C:\WINDOWS\neqro.dll
    Removed! : C:\WINDOWS\srgsh.dll
    Removed! : C:\WINDOWS\addaj32.exe
    Removed! : C:\WINDOWS\iepq32.exe
    Removed! : C:\WINDOWS\qavzf.dll
    Removed! : C:\WINDOWS\herjm.dll
    Removed! : C:\WINDOWS\nsjle.dll
    Removed! : C:\WINDOWS\cbyeh.dll
    Removed! : C:\WINDOWS\ntzv32.exe
    Removed! : C:\WINDOWS\nethh.exe
    Removed! : C:\WINDOWS\wrkpo.dll
    Removed! : C:\WINDOWS\wqpqa.dll
    Removed! : C:\WINDOWS\ktfit.dll
    Removed! : C:\WINDOWS\oidhm.dll
    Removed! : C:\WINDOWS\ohsnf.dll
    Removed! : C:\WINDOWS\gepwn.dll
    Removed! : C:\WINDOWS\eydzu.dll
    Removed! : C:\WINDOWS\fqqyi.dll
    Removed! : C:\WINDOWS\gbbvu.dll
    Removed! : C:\WINDOWS\ulims.dll
    Removed! : C:\WINDOWS\masaz.dll
    Removed! : C:\WINDOWS\gsmxo.dll
    Removed! : C:\WINDOWS\rjtoz.dll
    Removed! : C:\WINDOWS\tbtho.dll
    Removed! : C:\WINDOWS\qduqt.dll
    Removed! : C:\WINDOWS\cfsag.dll
    Removed! : C:\WINDOWS\pvexu.dll
    Removed! : C:\WINDOWS\nuijs.dll
    Removed! : C:\WINDOWS\rmdvn.dll
    Removed! : C:\WINDOWS\yejrv.dll
    Removed! : C:\WINDOWS\ncxtr.dll
    Removed! : C:\WINDOWS\hwztt.dll
    Removed! : C:\WINDOWS\hquzn.dll
    Removed! : C:\WINDOWS\icuox.dll
    Removed! : C:\WINDOWS\ejpdj.dll
    Removed! : C:\WINDOWS\fzubz.dll
    Removed! : C:\WINDOWS\hnjtl.dll
    Removed! : C:\WINDOWS\cjhri.dll
    Removed! : C:\WINDOWS\vomuh.dll
    Removed! : C:\WINDOWS\cgtqq.dll
    Removed! : C:\WINDOWS\qhymm.dll
    Removed! : C:\WINDOWS\ocjse.dll
    Removed! : C:\WINDOWS\rgklz.dll
    Removed! : C:\WINDOWS\jlprv.dll
    Removed! : C:\WINDOWS\atlib.dll
    Removed! : C:\WINDOWS\jjovb.dll
    Removed! : C:\WINDOWS\uivet.dll
    Removed! : C:\WINDOWS\swogl.dll
    Removed! : C:\WINDOWS\xhfqn.dll
    Removed! : C:\WINDOWS\xfbsr.dll
    Removed! : C:\WINDOWS\lrfse.dll
    Removed! : C:\WINDOWS\lggwn.dll
    Removed! : C:\WINDOWS\adddg.exe
    Removed! : C:\WINDOWS\qglss.dll
    Removed! : C:\WINDOWS\n_xedgoa.dat
    Removed! : C:\WINDOWS\n_ywibzd.dat
    Removed! : C:\WINDOWS\qlxun.dll
    Removed! : C:\WINDOWS\xamvm.dll
    Removed! : C:\WINDOWS\rwctk.dll
    Removed! : C:\WINDOWS\uqeml.dll
    Removed! : C:\WINDOWS\kryxl.dll
    Removed! : C:\WINDOWS\anuptv.dat
    Removed! : C:\WINDOWS\sdkdr32.exe
    Removed! : C:\WINDOWS\kobzs.dll
    Removed! : C:\WINDOWS\ipgb.exe
    Removed! : C:\WINDOWS\sswtl.dll
    Removed! : C:\WINDOWS\addjn32.exe
    Removed! : C:\WINDOWS\nhrii.dll
    Removed! : C:\WINDOWS\ndbtr.dll
    Removed! : C:\WINDOWS\bpxmx.dll
    Removed! : C:\WINDOWS\sjfxq.dll
    Removed! : C:\WINDOWS\mjhem.dll
    Removed! : C:\WINDOWS\wzesh.dll
    Removed! : C:\WINDOWS\xgezm.dll
    Removed! : C:\WINDOWS\weeho.dll
    Removed! : C:\WINDOWS\qwama.dll
    Removed! : C:\WINDOWS\txxqg.dll
    Removed! : C:\WINDOWS\pwglq.dll
    Removed! : C:\WINDOWS\psbjj.dll
    Removed! : C:\WINDOWS\mfcdt.exe
    Removed! : C:\WINDOWS\cfzmm.dll
    Removed! : C:\WINDOWS\wineo.exe
    Removed! : C:\WINDOWS\numiv.dll
    Removed! : C:\WINDOWS\ohcoy.dll
    Removed! : C:\WINDOWS\eysdw.dll
    Removed! : C:\WINDOWS\adtpm.dll
    Removed! : C:\WINDOWS\stxzr.dll
    Removed! : C:\WINDOWS\dpypn.dll
    Removed! : C:\WINDOWS\sdkdj32.exe
    Removed! : C:\WINDOWS\zmlek.dll
    Removed! : C:\WINDOWS\appqy.exe
    Removed! : C:\WINDOWS\qibwj.dll
    Removed! : C:\WINDOWS\gzrmh.dll
    Removed! : C:\WINDOWS\xokzg.dll
    Removed! : C:\WINDOWS\phpme.dll
    Removed! : C:\WINDOWS\knxdo.dll
    Removed! : C:\WINDOWS\mfcav32.exe
    Removed! : C:\WINDOWS\mrjgc.dll
    Removed! : C:\WINDOWS\gshlu.dll
    Removed! : C:\WINDOWS\hvaah.dll
    Removed! : C:\WINDOWS\kqkxr.dll
    Removed! : C:\WINDOWS\wpsvo.dll
    Removed! : C:\WINDOWS\rgguf.dll
    Removed! : C:\WINDOWS\pwpai.dll
    Removed! : C:\WINDOWS\adrmu.dll
    Removed! : C:\WINDOWS\yvocp.dll
    Removed! : C:\WINDOWS\srmsm.dll
    Removed! : C:\WINDOWS\odila.dll
    Removed! : C:\WINDOWS\lkayk.dll
    Removed! : C:\WINDOWS\lgqks.dll
    Removed! : C:\WINDOWS\nzhaf.dll
    Removed! : C:\WINDOWS\ocrwr.dll
    Removed! : C:\WINDOWS\graai.dll
    Removed! : C:\WINDOWS\gemce.dll
    Removed! : C:\WINDOWS\pezts.dll
    Removed! : C:\WINDOWS\tywek.dll
    Removed! : C:\WINDOWS\ntyk32.exe
    Removed! : C:\WINDOWS\iohgh.dll
    Removed! : C:\WINDOWS\addvi32.exe
    Removed! : C:\WINDOWS\njpsx.dll
    Removed! : C:\WINDOWS\pkyty.dll
    Removed! : C:\WINDOWS\pidvc.dll
    Removed! : C:\WINDOWS\nzjpw.dat
    Removed! : C:\WINDOWS\ggude.dll
    Removed! : C:\WINDOWS\ythiz.dll
    Removed! : C:\WINDOWS\gmheb.dll
    Removed! : C:\WINDOWS\rfxnr.dll
    Removed! : C:\WINDOWS\iphe32.exe
    Removed! : C:\WINDOWS\nwgqa.dll
    Removed! : C:\WINDOWS\lzwxw.dll
    Removed! : C:\WINDOWS\gagub.dll
    Removed! : C:\WINDOWS\clopq.dll
    Removed! : C:\WINDOWS\npaxc.dll
    Removed! : C:\WINDOWS\rxykb.dll
    Removed! : C:\WINDOWS\oiiuc.dll
    Removed! : C:\WINDOWS\vioqd.dll
    Removed! : C:\WINDOWS\rvfhe.dll
    Removed! : C:\WINDOWS\damnl.dll
    Removed! : C:\WINDOWS\hihsc.dll
    Removed! : C:\WINDOWS\vbwcs.dll
    Removed! : C:\WINDOWS\xwubp.dll
    Removed! : C:\WINDOWS\xvycu.dll
    Removed! : C:\WINDOWS\pirye.dll
    Removed! : C:\WINDOWS\linnz.dll
    Removed! : C:\WINDOWS\dlxvz.dll
    Removed! : C:\WINDOWS\yeivd.dll
    Removed! : C:\WINDOWS\zhzrd.dll
    Removed! : C:\WINDOWS\tryms.dll
    Removed! : C:\WINDOWS\tqcnw.dll
    Removed! : C:\WINDOWS\kmgxd.dll
    Removed! : C:\WINDOWS\eaibx.dll
    Removed! : C:\WINDOWS\tqqan.dll
    Removed! : C:\WINDOWS\kmucu.dll
    Removed! : C:\WINDOWS\yqvxr.dll
    Removed! : C:\WINDOWS\ywpzn.dll
    Removed! : C:\WINDOWS\ospqw.dll
    Removed! : C:\WINDOWS\jpxid.dll
    Removed! : C:\WINDOWS\zmlxd.dll
    Removed! : C:\WINDOWS\uyhyr.dll
    Removed! : C:\WINDOWS\yrsbi.dll
    Removed! : C:\WINDOWS\frqyi.dll
    Removed! : C:\WINDOWS\xbulg.dll
    Removed! : C:\WINDOWS\rkghz.dll
    Removed! : C:\WINDOWS\lvnkn.dll
    Removed! : C:\WINDOWS\fyxga.dll
    Removed! : C:\WINDOWS\ymaku.dll
    Removed! : C:\WINDOWS\qbiol.dll
    Removed! : C:\WINDOWS\nfsab.dll
    Removed! : C:\WINDOWS\dozqh.dll
    Removed! : C:\WINDOWS\orsxl.dll
    Removed! : C:\WINDOWS\oxkxn.dll
    Removed! : C:\WINDOWS\gmtbe.dll
    Removed! : C:\WINDOWS\ncvhq.dll
    Removed! : C:\WINDOWS\dvgmc.dll
    Removed! : C:\WINDOWS\pmkjt.dll
    Removed! : C:\WINDOWS\wbutl.dll
    Removed! : C:\WINDOWS\qsjzu.dll
    Removed! : C:\WINDOWS\vaijf.dll
    Removed! : C:\WINDOWS\teyqj.dll
    Removed! : C:\WINDOWS\wdeao.dll
    Removed! : C:\WINDOWS\ijmzo.dat
    Removed! : C:\WINDOWS\kmxwa.dat
    Removed! : C:\WINDOWS\kekyl.dat
    Removed! : C:\WINDOWS\huuej.dat
    Removed! : C:\WINDOWS\llqgb.dll
    Removed! : C:\WINDOWS\vapjr.dat
    Removed! : C:\WINDOWS\javahh.exe
    Removed! : C:\WINDOWS\hjbdj.dat
    Removed! : C:\WINDOWS\apitx.exe
    Removed! : C:\WINDOWS\crca.exe
    Removed! : C:\WINDOWS\tyxdv.dat
    Removed! : C:\WINDOWS\kmtfdh.dat
    Removed! : C:\WINDOWS\zoics.dat
    Removed! : C:\WINDOWS\jwzupl.dat
    Removed! : C:\WINDOWS\ieez32.exe
    Removed! : C:\WINDOWS\atlud.exe
    Removed! : C:\WINDOWS\dlhfoz.dat
    Removed! : C:\WINDOWS\tfwvf.dat
    Removed! : C:\WINDOWS\gemeia.dat
    Removed! : C:\WINDOWS\zexjkl.dat
    Removed! : C:\WINDOWS\jfpoen.dat
    Removed! : C:\WINDOWS\onkxku.dat
    Removed! : C:\WINDOWS\netby32.exe
    Removed! : C:\WINDOWS\hicsxh.dat
    Removed! : C:\WINDOWS\zjvfzj.dat
    Removed! : C:\WINDOWS\rlqmgs.dat
    Removed! : C:\WINDOWS\tdygaz.dat
    Removed! : C:\WINDOWS\ftomm.dat
    Removed! : C:\WINDOWS\wsfxkr.dat
    Removed! : C:\WINDOWS\htxcec.dat
    Removed! : C:\WINDOWS\zuiige.dat
    Removed! : C:\WINDOWS\zmwze.dat
    Removed! : C:\WINDOWS\fmcdxe.dat
    Removed! : C:\WINDOWS\xnmjzg.dat
    Removed! : C:\WINDOWS\kmirbc.dat
    Removed! : C:\WINDOWS\qjgsnp.dat
    Removed! : C:\WINDOWS\buhrrb.dat
    Removed! : C:\WINDOWS\uvaxll.dat
    Removed! : C:\WINDOWS\izhuwv.dat
    Removed! : C:\WINDOWS\bazhqf.dat
    Removed! : C:\WINDOWS\atlzs.exe
    Removed! : C:\WINDOWS\oqepr.dat
    Removed! : C:\WINDOWS\cmdgej.dat
    Removed! : C:\WINDOWS\appbb32.exe
    Removed! : C:\WINDOWS\isrwa.dat
    Removed! : C:\WINDOWS\boojp.dat
    Removed! : C:\WINDOWS\jnesit.dat
    Removed! : C:\WINDOWS\crxj.exe
    Removed! : C:\WINDOWS\sysvq.exe
    Removed! : C:\WINDOWS\bgpxce.dat
    Removed! : C:\WINDOWS\vlykhj.dat
    Removed! : C:\WINDOWS\nmjpbu.dat
    Removed! : C:\WINDOWS\uhhdfg.dat
    Removed! : C:\WINDOWS\ntcl32.exe
    Removed! : C:\WINDOWS\aeivt.dat
    Removed! : C:\WINDOWS\dftop.dat
    Removed! : C:\WINDOWS\sdkuy.exe
    Removed! : C:\WINDOWS\tkbqti.dat
    Removed! : C:\WINDOWS\lkmwnk.dat
    Removed! : C:\WINDOWS\dlfbpu.dat
    Removed! : C:\WINDOWS\addsv.exe
    Removed! : C:\WINDOWS\xfjwqq.dat
    Removed! : C:\WINDOWS\qgbjsb.dat
    Removed! : C:\WINDOWS\hqodo.dat
    Removed! : C:\WINDOWS\apibf.exe
    Removed! : C:\WINDOWS\igmhbq.dat
    Removed! : C:\WINDOWS\msmf32.exe
    Removed! : C:\WINDOWS\nzigof.dat
    Removed! : C:\WINDOWS\xcjgy.dat
    Removed! : C:\WINDOWS\epjdx.dat
    Removed! : C:\WINDOWS\mdpcs.dat
    Removed! : C:\WINDOWS\feahu.dat
    Removed! : C:\WINDOWS\ilmst.dat
    Removed! : C:\WINDOWS\hpinj.dat
    Removed! : C:\WINDOWS\lxilga.dat
    Removed! : C:\WINDOWS\extyil.dat
    Removed! : C:\WINDOWS\wylecv.dat
    Removed! : C:\WINDOWS\hhfta.dat
    Removed! : C:\WINDOWS\netmr32.exe
    Removed! : C:\WINDOWS\fdlfn.dat
    Removed! : C:\WINDOWS\cemgyl.dat
    Removed! : C:\WINDOWS\vfwlbv.dat
    Removed! : C:\WINDOWS\addii32.exe
    Removed! : C:\WINDOWS\apimm.exe
    Removed! : C:\WINDOWS\d3zw.exe
    Removed! : C:\WINDOWS\bhufm.dat
    Removed! : C:\WINDOWS\vgafly.dat
    Removed! : C:\WINDOWS\ohlknj.dat
    Removed! : C:\WINDOWS\ysovn.dat
    Removed! : C:\WINDOWS\javakj32.exe
    Removed! : C:\WINDOWS\bsiru.dat
    Removed! : C:\WINDOWS\qiuicj.dat
    Removed! : C:\WINDOWS\ijenet.dat
    Removed! : C:\WINDOWS\ievy.exe
    Removed! : C:\WINDOWS\oemhj.dat
    Removed! : C:\WINDOWS\apifa32.exe
    Removed! : C:\WINDOWS\ipnh.exe
    Removed! : C:\WINDOWS\erndpu.dat
    Removed! : C:\WINDOWS\zyemjh.dat
    Removed! : C:\WINDOWS\rzxrls.dat
    Removed! : C:\WINDOWS\kahxgu.dat
    Removed! : C:\WINDOWS\hvtzch.dat
    Removed! : C:\WINDOWS\zvmexs.dat
    Removed! : C:\WINDOWS\swxkzc.dat
    Removed! : C:\WINDOWS\huwcj.dat
    Removed! : C:\WINDOWS\rodef.dat
    Removed! : C:\WINDOWS\kikzb.dat
    Removed! : C:\WINDOWS\gystsk.dat
    Removed! : C:\WINDOWS\zzkyuv.dat
    Removed! : C:\WINDOWS\ietz.exe
    Removed! : C:\WINDOWS\netto32.exe
    Removed! : C:\WINDOWS\qveswk.dat
    Removed! : C:\WINDOWS\kvetd.dat
    Removed! : C:\WINDOWS\fcfys.dat
    Removed! : C:\WINDOWS\dvgmgw.dat
    Removed! : C:\WINDOWS\uyjwzv.dat
    Removed! : C:\WINDOWS\nyujbx.dat
    Removed! : C:\WINDOWS\fzmpvh.dat
    Removed! : C:\WINDOWS\xlfhpw.dat
    Removed! : C:\WINDOWS\qlxmjg.dat
    Removed! : C:\WINDOWS\imnff.dat
    Removed! : C:\WINDOWS\euyreu.dat
    Removed! : C:\WINDOWS\wvrwyf.dat
    Removed! : C:\WINDOWS\ldocvo.dat
    Removed! : C:\WINDOWS\eeyhpz.dat
    Removed! : C:\WINDOWS\oernsb.dat
    Removed! : C:\WINDOWS\kxyvqt.dat
    Removed! : C:\WINDOWS\uyrisw.dat
    Removed! : C:\WINDOWS\nzjomg.dat
    Removed! : C:\WINDOWS\addfz32.exe
    Removed! : C:\WINDOWS\crhp.exe
    Removed! : C:\WINDOWS\mfctg32.exe
    Removed! : C:\WINDOWS\suniju.dat
    Removed! : C:\WINDOWS\kvgvde.dat
    Removed! : C:\WINDOWS\dvybfg.dat
    Removed! : C:\WINDOWS\sdkjt32.exe
    Removed! : C:\WINDOWS\fhipcf.dat
    Removed! : C:\WINDOWS\appke.exe
    Removed! : C:\WINDOWS\eryrdg.dat
    Removed! : C:\WINDOWS\xsqwfi.dat
    Removed! : C:\WINDOWS\ptjbzt.dat
    Removed! : C:\WINDOWS\dwlgq.dat
    Removed! : C:\WINDOWS\ntpd32.exe
    Removed! : C:\WINDOWS\hewik.dat
    Removed! : C:\WINDOWS\dpech.dat
    Removed! : C:\WINDOWS\bhkupo.dat
    Removed! : C:\WINDOWS\d3gr32.exe
    Removed! : C:\WINDOWS\zyzsxh.dat
    Removed! : C:\WINDOWS\rzsyzs.dat
    Removed! : C:\WINDOWS\msai32.exe
    Removed! : C:\WINDOWS\d3gt32.exe
    Removed! : C:\WINDOWS\fqytqb.dat
    Removed! : C:\WINDOWS\yriztm.dat
    Removed! : C:\WINDOWS\crjs.exe
    Removed! : C:\WINDOWS\mfcix32.exe
    Removed! : C:\WINDOWS\bcjag.dat
    Removed! : C:\WINDOWS\rlsufg.dat
    Removed! : C:\WINDOWS\hkujsd.dat
    Removed! : C:\WINDOWS\zlfomo.dat
    Removed! : C:\WINDOWS\d3lc32.exe
    Removed! : C:\WINDOWS\zpondh.dat
    Removed! : C:\WINDOWS\vnpjc.dat
    Removed! : C:\WINDOWS\hkcey.dat
    Removed! : C:\WINDOWS\livpeq.dat
    Removed! : C:\WINDOWS\ejgcgt.dat
    Removed! : C:\WINDOWS\okyhad.dat
    Removed! : C:\WINDOWS\frzeoo.dat
    Removed! : C:\WINDOWS\fjxycv.dat
    Removed! : C:\WINDOWS\ykqdef.dat
    Removed! : C:\WINDOWS\nwzui.dat
    Removed! : C:\WINDOWS\cruq.exe
    Removed! : C:\WINDOWS\System32\pliep.dat
    Removed! : C:\WINDOWS\System32\czweo.dat
    Removed! : C:\WINDOWS\System32\izyhj.dat
    Removed! : C:\WINDOWS\System32\tztzf.dat
    Removed! : C:\WINDOWS\System32\uclvr.dat
    Removed! : C:\WINDOWS\System32\suhdq.dat
    Removed! : C:\WINDOWS\System32\d3aa32.exe
    Removed! : C:\WINDOWS\System32\amtlz.dat
    Removed! : C:\WINDOWS\System32\pbpht.dat
    Removed! : C:\WINDOWS\System32\wblcc.dat
    Removed! : C:\WINDOWS\System32\cpvaf.dat
    Removed! : C:\WINDOWS\System32\oftsj.dat
    Removed! : C:\WINDOWS\System32\ahcbc.dat
    Removed! : C:\WINDOWS\System32\psphe.dat
    Removed! : C:\WINDOWS\System32\pbdha.dat
    Removed! : C:\WINDOWS\System32\xrnor.dat
    Removed! : C:\WINDOWS\System32\jpduc.dat
    Removed! : C:\WINDOWS\System32\gsvqt.dat
    Removed! : C:\WINDOWS\System32\ifrgv.dat
    Removed! : C:\WINDOWS\System32\ldjcw.dat
    Removed! : C:\WINDOWS\System32\mcssl.dat
    Removed! : C:\WINDOWS\System32\kqzhv.dat
    Removed! : C:\WINDOWS\System32\xuzxh.dat
    Removed! : C:\WINDOWS\System32\kqnbe.dat
    Removed! : C:\WINDOWS\System32\cryoy.dat
    Removed! : C:\WINDOWS\System32\uqaxs.dat
    Removed! : C:\WINDOWS\System32\mrlku.dat
    Removed! : C:\WINDOWS\System32\derlh.dat
    Removed! : C:\WINDOWS\System32\sdavu.dat
    Removed! : C:\WINDOWS\System32\ldqjr.dat
    Removed! : C:\WINDOWS\System32\jbqve.dat
    Removed! : C:\WINDOWS\System32\dnpdw.dat
    Removed! : C:\WINDOWS\System32\pdrer.dat
    Removed! : C:\WINDOWS\System32\nmddc.dat
    Removed! : C:\WINDOWS\System32\kqlcp.dat
    Removed! : C:\WINDOWS\System32\wfwxn.dat
    Removed! : C:\WINDOWS\System32\zhrnl.dat
    Removed! : C:\WINDOWS\System32\mfcoz32.exe
    Removed! : C:\WINDOWS\System32\ossje.dat
    Removed! : C:\WINDOWS\System32\qwlgz.dat
    Removed! : C:\WINDOWS\System32\nhxdo.dat
    Removed! : C:\WINDOWS\System32\nzkfz.dat
    Removed! : C:\WINDOWS\System32\mptlt.dat
    Removed! : C:\WINDOWS\System32\nsory.dat
    Removed! : C:\WINDOWS\System32\okulj.dat
    Attempted Clean Of Temp folder.
    Removed Uninstall Key (HSA)
    Removed Uninstall Key (SE)
    Removed Uninstall Key (SW)
    Pages Reset... Done!

    -- Scan 2 ---------------------------
    About:Buster Version 3.0
    Reference List : 15


    ADS not scanned System(FAT)
    Removed 3 Random Key Entries
    Attempted Clean Of Temp folder.
    Pages Reset... Done!






    Scanned at: 7:16:17 PM on: 10/14/2004


    -- Scan 1 ---------------------------
    About:Buster Version 3.0
    Reference List : 15


    ADS not scanned System(FAT)
    Attempted Clean Of Temp folder.
    Pages Reset... Done!

    -- Scan 2 ---------------------------
    About:Buster Version 3.0
    Reference List : 15


    ADS not scanned System(FAT)
    Attempted Clean Of Temp folder.
    Pages Reset... Done!






    Scanned at: 10:13:38 PM on: 10/16/2004


    -- Scan 1 ---------------------------
    About:Buster Version 3.0
    Reference List : 15


    ADS not scanned System(FAT)
    Attempted Clean Of Temp folder.
    Pages Reset... Done!

    -- Scan 2 ---------------------------
    About:Buster Version 3.0
    Reference List : 15


    ADS not scanned System(FAT)
    Attempted Clean Of Temp folder.
    Pages Reset... Done!
  7. 17-10-2004  #16
    flew
    flew is offline Junior Member
    the post was to long so here is the hijack this log:

    Logfile of HijackThis v1.98.2
    Scan saved at 10:54:13 PM, on 10/16/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ati2sgag.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    C:\WINDOWS\System32\svchost.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Family\Desktop\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mstcqbrclshu.us/DXNF9rnog...bwPiZjpmV.html
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5FD8CFAD-88AB-AC8E-5059-094481791D66} - C:\DOCUME~1\Family\APPLIC~1\SURFST~1\site admin.exe
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Book Logo Test Cash] C:\Documents and Settings\All Users\Application Data\Option user book logo\Firsttons.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Creative Beep] C:\DOCUME~1\Family\APPLIC~1\MIX1SE~1\Settings Pile Axis.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab

    thanks again, flew
  8. 18-10-2004  #17
    owen
    owen is offline D-A-L Team Member (UK)
    Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mstcqbrclshu.us/DXNF9rno...hbwPiZjpmV.html
    O2 - BHO: (no name) - {5FD8CFAD-88AB-AC8E-5059-094481791D66} - C:\DOCUME~1\Family\APPLIC~1\SURFST~1\site admin.exe
    O4 - HKLM\..\Run: [Book Logo Test Cash] C:\Documents and Settings\All Users\Application Data\Option user book logo\Firsttons.exe
    O4 - HKCU\..\Run: [Creative Beep] C:\DOCUME~1\Family\APPLIC~1\MIX1SE~1\Settings Pile Axis.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

    Click Fix Checked

    Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.

    Delete the following files and folders:
    C:\Documents and Settings\Family\Application Data\SURFST~1
    C:\Documents and Settings\All Users\Application Data\Option user book logo
    C:\Documents and Settings\Family\Application Data\MIX1SE~1

    Reboot and post a fresh log
  9. 19-10-2004  #18
    flew
    flew is offline Junior Member
    Owen,

    I did it. Here's the log:

    Logfile of HijackThis v1.98.2
    Scan saved at 6:32:15 PM, on 10/18/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Family\Desktop\hijackthis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Book Logo Test Cash] C:\Documents and Settings\All Users\Application Data\Option user book logo\Firsttons.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab

    Cheers,
    Flew
  10. 19-10-2004  #19
    owen
    owen is offline D-A-L Team Member (UK)
    Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

    O4 - HKLM\..\Run: [Book Logo Test Cash] C:\Documents and Settings\All Users\Application Data\Option user book logo\Firsttons.exe

    Click Fix Checked

    Reboot and post a fresh log
  11. 20-10-2004  #20
    flew
    flew is offline Junior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Owen,

    I did it. Thanks, again.

    Here's the Hijack log:

    Logfile of HijackThis v1.98.2
    Scan saved at 6:32:51 PM, on 10/19/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Family\Desktop\hijackthis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab

    flew
Closed Thread
Page 2 of 4 FirstFirst 1 2 3 4 LastLast
« Hijack This Log | 123 mania »