 |  |  |  |  |  |  |  |
Internet Explorer hijacked
 |
Folks, i'm about to through my computer out of the window (not microsoft windo)
My Internet Explorer has been hijacked and the spyware (or whatever it is) is changing my home page and add a bunch of websites to my favorate.
Needless to say that i've tried a bunch of things, from a manual change to using Adaware, Spy Bot, Hijackthis and killbox to no avail.
From time to time i get a small pop up window that says "Already running!!!) and when i reboot my system i get first a message that says the system can't find the file, the name of the file is of 3 charachters, p, then a box and then an "a" that looks like "at" of the email addresses or something close to that.
When i hit ok twice it comes up saying that it can't find this file "haxhowmkjxkj.ex".
Spy Bot and Ad aware always find a bunch of stuff and it cleans it but the problem is not corrected.
Hijackthis removed the imposed home page and Spy Bot prevented it from comming back for a few minutes but i'm back to square one and in all cases non of them were able to remove the web sites imposed on my favorates.
Can anyone here help???!!!
My Internet Explorer has been hijacked and the spyware (or whatever it is) is changing my home page and add a bunch of websites to my favorate.
Needless to say that i've tried a bunch of things, from a manual change to using Adaware, Spy Bot, Hijackthis and killbox to no avail.
From time to time i get a small pop up window that says "Already running!!!) and when i reboot my system i get first a message that says the system can't find the file, the name of the file is of 3 charachters, p, then a box and then an "a" that looks like "at" of the email addresses or something close to that.
When i hit ok twice it comes up saying that it can't find this file "haxhowmkjxkj.ex".
Spy Bot and Ad aware always find a bunch of stuff and it cleans it but the problem is not corrected.
Hijackthis removed the imposed home page and Spy Bot prevented it from comming back for a few minutes but i'm back to square one and in all cases non of them were able to remove the web sites imposed on my favorates.
Can anyone here help???!!!
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation: 
Solved Threads: 754
Try the removal in safe mode & if no luck, post you're HJT log back here.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Ok here is what i did:
1: I updated both Adaware and Spy Bot
2: i removed the internet connection and rebooted my pc in the safe mode
3: I scanned it with Adaware with all the necessary setting that other folks mentioned in this forum
4: I rebooted again into the safe mode and scanned it woth spy bot.
5: I rebooted again into the safe mode
6: problem persisted but when i used Hijack this my home page was ok and so as the favorates.
7: I rebooted into the safe mode twice and things were ok.
8: I rebooted into the normal mode and the problem came back even without connecting to the internet
here is the log of Hijack this
Logfile of HijackThis v1.97.7
Scan saved at 8:22:46 PM, on 17/06/04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\system32\grviewex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\deinst_qfe002.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe
C:\WINDOWS\fset.exe
C:\Documents and Settings\Ashraf\My Documents\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://your-searcher.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
F0 - system.ini: Shell=explorer.exe fset.exe
F1 - win.ini: run=fset.exe
F2 - REG:system.ini: Shell=explorer.exe fset.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Ashraf\Application Data\Mozilla\Profiles\default\5551iur6.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ashraf\Application Data\Mozilla\Profiles\default\5551iur6.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - ¦ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {00000000-0000-0000-0000-000000000001} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WinLoader] fset.exe
O4 - HKLM\..\Run: [Mscnt] c:\windows\system32\mscnt.exe /noconnect
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Mstask32driver] Mstask32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Grviewex] c:\windows\system32\grviewex.exe
O4 - HKLM\..\Run: [EHVYMUYU] c:\windows\system32\ehvymuyu.exe /install
O4 - HKLM\..\Run: [BTYURGNJ] c:\windows\system32\btyurgnj.exe /install
O4 - HKLM\..\Run: [NJAZZGSG] c:\windows\system32\njazzgsg.exe /install
O4 - HKLM\..\Run: [FEJONDWY] c:\windows\system32\fejondwy.exe /install
O4 - HKLM\..\Run: [RXOONTPF] c:\windows\system32\rxoontpf.exe /install
O4 - HKLM\..\Run: [TTDSPXGU] c:\windows\system32\ttdspxgu.exe /install
O4 - HKLM\..\Run: [TGJGESBR] c:\windows\system32\tgjgesbr.exe /install
O4 - HKLM\..\Run: [PGEFPVOK] c:\windows\system32\pgefpvok.exe /install
O4 - HKLM\..\Run: [JZNGYSJF] c:\windows\system32\jzngysjf.exe /install
O4 - HKLM\..\Run: [GERCZRRO] c:\windows\system32\gerczrro.exe /install
O4 - HKLM\..\Run: [PCRUHJIG] c:\windows\system32\pcruhjig.exe /install
O4 - HKLM\..\Run: [OBJGRGLS] c:\windows\system32\objgrgls.exe /install
O4 - HKLM\..\Run: [JDSHMOFL] c:\windows\system32\jdshmofl.exe /install
O4 - HKLM\..\Run: [QFAEVJZA] c:\windows\system32\qfaevjza.exe /install
O4 - HKLM\..\Run: [NEACDTZP] c:\windows\system32\neacdtzp.exe /install
O4 - HKLM\..\Run: [TVXMTRPI] c:\windows\system32\tvxmtrpi.exe /install
O4 - HKLM\..\Run: [WDUYLXWA] c:\windows\system32\wduylxwa.exe /install
O4 - HKLM\..\Run: [XSNZYNUS] c:\windows\system32\xsnzynus.exe /install
O4 - HKLM\..\Run: [PLXYXGUO] c:\windows\system32\plxyxguo.exe /install
O4 - HKLM\..\Run: [CTQMITJW] c:\windows\system32\ctqmitjw.exe /install
O4 - HKLM\..\Run: [SARJFQWD] c:\windows\system32\sarjfqwd.exe /install
O4 - HKLM\..\Run: [FODJZLXA] c:\windows\system32\fodjzlxa.exe /install
O4 - HKLM\..\Run: [EZSSHMES] c:\windows\system32\ezsshmes.exe /install
O4 - HKLM\..\Run: [SJZQTYJT] c:\windows\system32\sjzqtyjt.exe /install
O4 - HKLM\..\Run: [WLCRHHCN] c:\windows\system32\wlcrhhcn.exe /install
O4 - HKLM\..\Run: [UQNPBBRB] c:\windows\system32\uqnpbbrb.exe /install
O4 - HKLM\..\Run: [HUEWJRNB] c:\windows\system32\huewjrnb.exe /install
O4 - HKLM\..\Run: [HXIFAOIL] c:\windows\system32\hxifaoil.exe /install
O4 - HKLM\..\Run: [HRUXFUQK] c:\windows\system32\hruxfuqk.exe /install
O4 - HKLM\..\Run: [GSNPIZTH] c:\windows\system32\gsnpizth.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [XrxMastRun] D:\pwsgi\instNT\MastNT.EXE /Continue
O4 - HKLM\..\Run: [XACYAPDT] c:\windows\system32\xacyapdt.exe /install
O4 - HKLM\..\RunServices: [WinLoader] fset.exe
O4 - HKLM\..\RunServices: [] fset.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Windows Update Checker] C:\WINDOWS\system32\deinst_qfe002.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Ashraf\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: winlgn.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: Researcher (HKLM)
O9 - Extra button: Popup Eliminator (HKLM)
O9 - Extra 'Tools' menuitem: Popup Eliminator (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: PlaceWare Console: PWS-CC2K-4-1-1-0-3-l9l8n6 - http://www48.placeware.com/etc/pwc/sigg/lib/cc-full.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potc_x.cab
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2 Control) - https://www.xreg.net/ActiveX/AXClientUtil.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v44/pool/pool.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldwinner.com/games/...saw/jigsaw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1813d2d8...p/RdxIE601.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldwinner.com/games/...k/bjattack.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productu...ntent/opuc.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldwinner.com/games/v42/shape/shape.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.g...tl_0_0_0_0.ocx
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/...e/wordcube.cab
O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/PEInstaller.exe
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v40/sol/sol.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...896.3439699074
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...II/install.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/...pit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/...an/hangman.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/...y/tilecity.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://www.gxplugin.com/loader/dll/gxbplug.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {DD1FA138-39F5-4DF5-BD04-6D814AD0C7D9} (IPhone Class) - http://www.rhinobell.com/PC2Phone.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v5.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://mirror.worldwinner.com/games/...ol/golfsol.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yaho...bio5_0_2_5.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
I'd really appreciate it if someone has something new to advise me with
1: I updated both Adaware and Spy Bot
2: i removed the internet connection and rebooted my pc in the safe mode
3: I scanned it with Adaware with all the necessary setting that other folks mentioned in this forum
4: I rebooted again into the safe mode and scanned it woth spy bot.
5: I rebooted again into the safe mode
6: problem persisted but when i used Hijack this my home page was ok and so as the favorates.
7: I rebooted into the safe mode twice and things were ok.
8: I rebooted into the normal mode and the problem came back even without connecting to the internet
here is the log of Hijack this
Logfile of HijackThis v1.97.7
Scan saved at 8:22:46 PM, on 17/06/04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\system32\grviewex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\deinst_qfe002.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe
C:\WINDOWS\fset.exe
C:\Documents and Settings\Ashraf\My Documents\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://your-searcher.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
F0 - system.ini: Shell=explorer.exe fset.exe
F1 - win.ini: run=fset.exe
F2 - REG:system.ini: Shell=explorer.exe fset.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Ashraf\Application Data\Mozilla\Profiles\default\5551iur6.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ashraf\Application Data\Mozilla\Profiles\default\5551iur6.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - ¦ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {00000000-0000-0000-0000-000000000001} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WinLoader] fset.exe
O4 - HKLM\..\Run: [Mscnt] c:\windows\system32\mscnt.exe /noconnect
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Mstask32driver] Mstask32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Grviewex] c:\windows\system32\grviewex.exe
O4 - HKLM\..\Run: [EHVYMUYU] c:\windows\system32\ehvymuyu.exe /install
O4 - HKLM\..\Run: [BTYURGNJ] c:\windows\system32\btyurgnj.exe /install
O4 - HKLM\..\Run: [NJAZZGSG] c:\windows\system32\njazzgsg.exe /install
O4 - HKLM\..\Run: [FEJONDWY] c:\windows\system32\fejondwy.exe /install
O4 - HKLM\..\Run: [RXOONTPF] c:\windows\system32\rxoontpf.exe /install
O4 - HKLM\..\Run: [TTDSPXGU] c:\windows\system32\ttdspxgu.exe /install
O4 - HKLM\..\Run: [TGJGESBR] c:\windows\system32\tgjgesbr.exe /install
O4 - HKLM\..\Run: [PGEFPVOK] c:\windows\system32\pgefpvok.exe /install
O4 - HKLM\..\Run: [JZNGYSJF] c:\windows\system32\jzngysjf.exe /install
O4 - HKLM\..\Run: [GERCZRRO] c:\windows\system32\gerczrro.exe /install
O4 - HKLM\..\Run: [PCRUHJIG] c:\windows\system32\pcruhjig.exe /install
O4 - HKLM\..\Run: [OBJGRGLS] c:\windows\system32\objgrgls.exe /install
O4 - HKLM\..\Run: [JDSHMOFL] c:\windows\system32\jdshmofl.exe /install
O4 - HKLM\..\Run: [QFAEVJZA] c:\windows\system32\qfaevjza.exe /install
O4 - HKLM\..\Run: [NEACDTZP] c:\windows\system32\neacdtzp.exe /install
O4 - HKLM\..\Run: [TVXMTRPI] c:\windows\system32\tvxmtrpi.exe /install
O4 - HKLM\..\Run: [WDUYLXWA] c:\windows\system32\wduylxwa.exe /install
O4 - HKLM\..\Run: [XSNZYNUS] c:\windows\system32\xsnzynus.exe /install
O4 - HKLM\..\Run: [PLXYXGUO] c:\windows\system32\plxyxguo.exe /install
O4 - HKLM\..\Run: [CTQMITJW] c:\windows\system32\ctqmitjw.exe /install
O4 - HKLM\..\Run: [SARJFQWD] c:\windows\system32\sarjfqwd.exe /install
O4 - HKLM\..\Run: [FODJZLXA] c:\windows\system32\fodjzlxa.exe /install
O4 - HKLM\..\Run: [EZSSHMES] c:\windows\system32\ezsshmes.exe /install
O4 - HKLM\..\Run: [SJZQTYJT] c:\windows\system32\sjzqtyjt.exe /install
O4 - HKLM\..\Run: [WLCRHHCN] c:\windows\system32\wlcrhhcn.exe /install
O4 - HKLM\..\Run: [UQNPBBRB] c:\windows\system32\uqnpbbrb.exe /install
O4 - HKLM\..\Run: [HUEWJRNB] c:\windows\system32\huewjrnb.exe /install
O4 - HKLM\..\Run: [HXIFAOIL] c:\windows\system32\hxifaoil.exe /install
O4 - HKLM\..\Run: [HRUXFUQK] c:\windows\system32\hruxfuqk.exe /install
O4 - HKLM\..\Run: [GSNPIZTH] c:\windows\system32\gsnpizth.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [XrxMastRun] D:\pwsgi\instNT\MastNT.EXE /Continue
O4 - HKLM\..\Run: [XACYAPDT] c:\windows\system32\xacyapdt.exe /install
O4 - HKLM\..\RunServices: [WinLoader] fset.exe
O4 - HKLM\..\RunServices: [] fset.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Windows Update Checker] C:\WINDOWS\system32\deinst_qfe002.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Ashraf\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: winlgn.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: Researcher (HKLM)
O9 - Extra button: Popup Eliminator (HKLM)
O9 - Extra 'Tools' menuitem: Popup Eliminator (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: PlaceWare Console: PWS-CC2K-4-1-1-0-3-l9l8n6 - http://www48.placeware.com/etc/pwc/sigg/lib/cc-full.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potc_x.cab
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2 Control) - https://www.xreg.net/ActiveX/AXClientUtil.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v44/pool/pool.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldwinner.com/games/...saw/jigsaw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1813d2d8...p/RdxIE601.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldwinner.com/games/...k/bjattack.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productu...ntent/opuc.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldwinner.com/games/v42/shape/shape.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.g...tl_0_0_0_0.ocx
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/...e/wordcube.cab
O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/PEInstaller.exe
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v40/sol/sol.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...896.3439699074
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...II/install.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/...pit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/...an/hangman.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/...y/tilecity.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://www.gxplugin.com/loader/dll/gxbplug.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {DD1FA138-39F5-4DF5-BD04-6D814AD0C7D9} (IPhone Class) - http://www.rhinobell.com/PC2Phone.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v5.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://mirror.worldwinner.com/games/...ol/golfsol.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yaho...bio5_0_2_5.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
I'd really appreciate it if someone has something new to advise me with
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation:
Solved Threads: 754
Thanx Yzk 
Download CWShredder from here & run it. Select the fix button & it will get rid of everything related to CoolWebSearch that is stored in it's database. Close ALL windows, including IE, before running CWShredder. Reboot.
To help prevent this from happening again, install the patches for the vulnerabilities that this hijacker exploits by going here for your critical updates.
Reboot after doing this & post another log please.
Download CWShredder from here & run it. Select the fix button & it will get rid of everything related to CoolWebSearch that is stored in it's database. Close ALL windows, including IE, before running CWShredder. Reboot.
To help prevent this from happening again, install the patches for the vulnerabilities that this hijacker exploits by going here for your critical updates.
Reboot after doing this & post another log please.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Now i've done all i could see here of advises including using CWShredder and all of them seem to be able to find and remove the cool web search but it keeps comming back even without the internet connection.
I have all the updates of windows XP now (downloaded them after i got infected)
One more thing, all those programs (Spy Bot, Adaware, Hijack this, CWShredder,...etc) seem to be able to remove it "perminently" when i'm in the safe mode even if i connect to the web or rebooted 10 times it is only when i log to the normal mode of XP that it comes back even without being connected to the web.
I'm about to give up and format my machine (somehow i lost my system restor points and now it would let me restore only back 3 days ago when i was in the middle of this problem.
Is this a hopeless case???!!!
I have all the updates of windows XP now (downloaded them after i got infected)
One more thing, all those programs (Spy Bot, Adaware, Hijack this, CWShredder,...etc) seem to be able to remove it "perminently" when i'm in the safe mode even if i connect to the web or rebooted 10 times it is only when i log to the normal mode of XP that it comes back even without being connected to the web.
I'm about to give up and format my machine (somehow i lost my system restor points and now it would let me restore only back 3 days ago when i was in the middle of this problem.
Is this a hopeless case???!!!
•
•
Join Date: Aug 2003
Posts: 9,542
Reputation:
Solved Threads: 492
A Format is the quickest way sometimes ,and will leave you fresh and clean !!
Linux boot cd http://www.knopper.net/knoppix/index-en.html
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation:
Solved Threads: 754
A new log would be good too
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Here is the latest log and as i said all the programs that has been mentioned in this forum (even other messages) where able to find "Cool Web Search" and remove it but it keeps comming backunless i'm in the safe mode regardless to being connected to the internet
The second point is that before i used Spy Bot and Adaware the spyware was adding a ton of sites to my favorates and now it is down to only foru plus the home page.
I'm using a router with a firewall (linksys) and i also get the "win.min" error while shutting down if that helps you in finding out what is wrong with my system.
Logfile of HijackThis v1.97.7
Scan saved at 6:07:33 AM, on 19/06/04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\system32\grviewex.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\walacgmggdjg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\deinst_qfe002.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SECRETMAKER\secretmaker.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\system_48073.dat
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~1\Vet32.exe
C:\Documents and Settings\Ashraf\My Documents\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\ssflwbox.scr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://your-searcher.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
F0 - system.ini: Shell=Explorer.exe walacgmggdjg.exe
F1 - win.ini: run=fset.exe, jwhw.exe, xefxp.exe, guqlbp.exe, uikcgdkcx.exe, suwotlwxnldpw.exe, diynyapbnvxi.exe, ioajrthafjhoy.exe, poosjlnihqtnv.exe, lkwi.exe, bpmaaeolmuudc.exe, seexlt.exe, fcvuksngm.exe, mgowoexx.exe, ilvb.exe, walacgmggdjg.exe
F2 - REG:system.ini: Shell=Explorer.exe walacgmggdjg.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Ashraf\Application Data\Mozilla\Profiles\default\5551iur6.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ashraf\Application Data\Mozilla\Profiles\default\5551iur6.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A491D208-B353-490F-B81A-A8A3DC97042D} - "C:\WINDOWS\System32\smiehlp.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {00000000-0000-0000-0000-000000000001} - (no file)
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WinLoader] walacgmggdjg.exe
O4 - HKLM\..\Run: [Mscnt] c:\windows\system32\mscnt.exe /noconnect
O4 - HKLM\..\Run: [Mstask32driver] Mstask32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Grviewex] c:\windows\system32\grviewex.exe
O4 - HKLM\..\Run: [EHVYMUYU] c:\windows\system32\ehvymuyu.exe /install
O4 - HKLM\..\Run: [BTYURGNJ] c:\windows\system32\btyurgnj.exe /install
O4 - HKLM\..\Run: [NJAZZGSG] c:\windows\system32\njazzgsg.exe /install
O4 - HKLM\..\Run: [FEJONDWY] c:\windows\system32\fejondwy.exe /install
O4 - HKLM\..\Run: [RXOONTPF] c:\windows\system32\rxoontpf.exe /install
O4 - HKLM\..\Run: [TTDSPXGU] c:\windows\system32\ttdspxgu.exe /install
O4 - HKLM\..\Run: [TGJGESBR] c:\windows\system32\tgjgesbr.exe /install
O4 - HKLM\..\Run: [PGEFPVOK] c:\windows\system32\pgefpvok.exe /install
O4 - HKLM\..\Run: [JZNGYSJF] c:\windows\system32\jzngysjf.exe /install
O4 - HKLM\..\Run: [GERCZRRO] c:\windows\system32\gerczrro.exe /install
O4 - HKLM\..\Run: [PCRUHJIG] c:\windows\system32\pcruhjig.exe /install
O4 - HKLM\..\Run: [OBJGRGLS] c:\windows\system32\objgrgls.exe /install
O4 - HKLM\..\Run: [JDSHMOFL] c:\windows\system32\jdshmofl.exe /install
O4 - HKLM\..\Run: [QFAEVJZA] c:\windows\system32\qfaevjza.exe /install
O4 - HKLM\..\Run: [NEACDTZP] c:\windows\system32\neacdtzp.exe /install
O4 - HKLM\..\Run: [TVXMTRPI] c:\windows\system32\tvxmtrpi.exe /install
O4 - HKLM\..\Run: [WDUYLXWA] c:\windows\system32\wduylxwa.exe /install
O4 - HKLM\..\Run: [XSNZYNUS] c:\windows\system32\xsnzynus.exe /install
O4 - HKLM\..\Run: [PLXYXGUO] c:\windows\system32\plxyxguo.exe /install
O4 - HKLM\..\Run: [CTQMITJW] c:\windows\system32\ctqmitjw.exe /install
O4 - HKLM\..\Run: [SARJFQWD] c:\windows\system32\sarjfqwd.exe /install
O4 - HKLM\..\Run: [FODJZLXA] c:\windows\system32\fodjzlxa.exe /install
O4 - HKLM\..\Run: [EZSSHMES] c:\windows\system32\ezsshmes.exe /install
O4 - HKLM\..\Run: [SJZQTYJT] c:\windows\system32\sjzqtyjt.exe /install
O4 - HKLM\..\Run: [WLCRHHCN] c:\windows\system32\wlcrhhcn.exe /install
O4 - HKLM\..\Run: [UQNPBBRB] c:\windows\system32\uqnpbbrb.exe /install
O4 - HKLM\..\Run: [HUEWJRNB] c:\windows\system32\huewjrnb.exe /install
O4 - HKLM\..\Run: [HXIFAOIL] c:\windows\system32\hxifaoil.exe /install
O4 - HKLM\..\Run: [HRUXFUQK] c:\windows\system32\hruxfuqk.exe /install
O4 - HKLM\..\Run: [GSNPIZTH] c:\windows\system32\gsnpizth.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [XrxMastRun] D:\pwsgi\instNT\MastNT.EXE /Continue
O4 - HKLM\..\Run: [XACYAPDT] c:\windows\system32\xacyapdt.exe /install
O4 - HKLM\..\RunServices: [WinLoader] walacgmggdjg.exe
O4 - HKLM\..\RunServices: [] walacgmggdjg.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Windows Update Checker] C:\WINDOWS\system32\deinst_qfe002.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Ashraf\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\SECRETMAKER\secretmaker.exe
O4 - Global Startup: winlgn.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: Researcher (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: PlaceWare Console: PWS-CC2K-4-1-1-0-3-l9l8n6 - http://www48.placeware.com/etc/pwc/sigg/lib/cc-full.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potc_x.cab
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v44/pool/pool.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldwinner.com/games/...saw/jigsaw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1813d2d8...p/RdxIE601.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldwinner.com/games/...k/bjattack.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productu...ntent/opuc.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldwinner.com/games/v42/shape/shape.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.g...tl_0_0_0_0.ocx
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v40/sol/sol.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...896.3439699074
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...II/install.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/...pit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/...an/hangman.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/...y/tilecity.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://www.gxplugin.com/loader/dll/gxbplug.dll
O16 - DPF: {DD1FA138-39F5-4DF5-BD04-6D814AD0C7D9} (IPhone Class) - http://www.rhinobell.com/PC2Phone.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v5.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://mirror.worldwinner.com/games/...ol/golfsol.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yaho...bio5_0_2_5.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
Thanks for all the effort
The second point is that before i used Spy Bot and Adaware the spyware was adding a ton of sites to my favorates and now it is down to only foru plus the home page.
I'm using a router with a firewall (linksys) and i also get the "win.min" error while shutting down if that helps you in finding out what is wrong with my system.
Logfile of HijackThis v1.97.7
Scan saved at 6:07:33 AM, on 19/06/04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\system32\grviewex.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\walacgmggdjg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\deinst_qfe002.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SECRETMAKER\secretmaker.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\system_48073.dat
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~1\Vet32.exe
C:\Documents and Settings\Ashraf\My Documents\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\ssflwbox.scr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://your-searcher.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
F0 - system.ini: Shell=Explorer.exe walacgmggdjg.exe
F1 - win.ini: run=fset.exe, jwhw.exe, xefxp.exe, guqlbp.exe, uikcgdkcx.exe, suwotlwxnldpw.exe, diynyapbnvxi.exe, ioajrthafjhoy.exe, poosjlnihqtnv.exe, lkwi.exe, bpmaaeolmuudc.exe, seexlt.exe, fcvuksngm.exe, mgowoexx.exe, ilvb.exe, walacgmggdjg.exe
F2 - REG:system.ini: Shell=Explorer.exe walacgmggdjg.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Ashraf\Application Data\Mozilla\Profiles\default\5551iur6.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ashraf\Application Data\Mozilla\Profiles\default\5551iur6.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A491D208-B353-490F-B81A-A8A3DC97042D} - "C:\WINDOWS\System32\smiehlp.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {00000000-0000-0000-0000-000000000001} - (no file)
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WinLoader] walacgmggdjg.exe
O4 - HKLM\..\Run: [Mscnt] c:\windows\system32\mscnt.exe /noconnect
O4 - HKLM\..\Run: [Mstask32driver] Mstask32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Grviewex] c:\windows\system32\grviewex.exe
O4 - HKLM\..\Run: [EHVYMUYU] c:\windows\system32\ehvymuyu.exe /install
O4 - HKLM\..\Run: [BTYURGNJ] c:\windows\system32\btyurgnj.exe /install
O4 - HKLM\..\Run: [NJAZZGSG] c:\windows\system32\njazzgsg.exe /install
O4 - HKLM\..\Run: [FEJONDWY] c:\windows\system32\fejondwy.exe /install
O4 - HKLM\..\Run: [RXOONTPF] c:\windows\system32\rxoontpf.exe /install
O4 - HKLM\..\Run: [TTDSPXGU] c:\windows\system32\ttdspxgu.exe /install
O4 - HKLM\..\Run: [TGJGESBR] c:\windows\system32\tgjgesbr.exe /install
O4 - HKLM\..\Run: [PGEFPVOK] c:\windows\system32\pgefpvok.exe /install
O4 - HKLM\..\Run: [JZNGYSJF] c:\windows\system32\jzngysjf.exe /install
O4 - HKLM\..\Run: [GERCZRRO] c:\windows\system32\gerczrro.exe /install
O4 - HKLM\..\Run: [PCRUHJIG] c:\windows\system32\pcruhjig.exe /install
O4 - HKLM\..\Run: [OBJGRGLS] c:\windows\system32\objgrgls.exe /install
O4 - HKLM\..\Run: [JDSHMOFL] c:\windows\system32\jdshmofl.exe /install
O4 - HKLM\..\Run: [QFAEVJZA] c:\windows\system32\qfaevjza.exe /install
O4 - HKLM\..\Run: [NEACDTZP] c:\windows\system32\neacdtzp.exe /install
O4 - HKLM\..\Run: [TVXMTRPI] c:\windows\system32\tvxmtrpi.exe /install
O4 - HKLM\..\Run: [WDUYLXWA] c:\windows\system32\wduylxwa.exe /install
O4 - HKLM\..\Run: [XSNZYNUS] c:\windows\system32\xsnzynus.exe /install
O4 - HKLM\..\Run: [PLXYXGUO] c:\windows\system32\plxyxguo.exe /install
O4 - HKLM\..\Run: [CTQMITJW] c:\windows\system32\ctqmitjw.exe /install
O4 - HKLM\..\Run: [SARJFQWD] c:\windows\system32\sarjfqwd.exe /install
O4 - HKLM\..\Run: [FODJZLXA] c:\windows\system32\fodjzlxa.exe /install
O4 - HKLM\..\Run: [EZSSHMES] c:\windows\system32\ezsshmes.exe /install
O4 - HKLM\..\Run: [SJZQTYJT] c:\windows\system32\sjzqtyjt.exe /install
O4 - HKLM\..\Run: [WLCRHHCN] c:\windows\system32\wlcrhhcn.exe /install
O4 - HKLM\..\Run: [UQNPBBRB] c:\windows\system32\uqnpbbrb.exe /install
O4 - HKLM\..\Run: [HUEWJRNB] c:\windows\system32\huewjrnb.exe /install
O4 - HKLM\..\Run: [HXIFAOIL] c:\windows\system32\hxifaoil.exe /install
O4 - HKLM\..\Run: [HRUXFUQK] c:\windows\system32\hruxfuqk.exe /install
O4 - HKLM\..\Run: [GSNPIZTH] c:\windows\system32\gsnpizth.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [XrxMastRun] D:\pwsgi\instNT\MastNT.EXE /Continue
O4 - HKLM\..\Run: [XACYAPDT] c:\windows\system32\xacyapdt.exe /install
O4 - HKLM\..\RunServices: [WinLoader] walacgmggdjg.exe
O4 - HKLM\..\RunServices: [] walacgmggdjg.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Windows Update Checker] C:\WINDOWS\system32\deinst_qfe002.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Ashraf\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\SECRETMAKER\secretmaker.exe
O4 - Global Startup: winlgn.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: Researcher (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: PlaceWare Console: PWS-CC2K-4-1-1-0-3-l9l8n6 - http://www48.placeware.com/etc/pwc/sigg/lib/cc-full.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potc_x.cab
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v44/pool/pool.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldwinner.com/games/...saw/jigsaw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1813d2d8...p/RdxIE601.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldwinner.com/games/...k/bjattack.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productu...ntent/opuc.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldwinner.com/games/v42/shape/shape.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.g...tl_0_0_0_0.ocx
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v40/sol/sol.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...896.3439699074
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...II/install.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/...pit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/...an/hangman.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/...y/tilecity.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://www.gxplugin.com/loader/dll/gxbplug.dll
O16 - DPF: {DD1FA138-39F5-4DF5-BD04-6D814AD0C7D9} (IPhone Class) - http://www.rhinobell.com/PC2Phone.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v5.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://mirror.worldwinner.com/games/...ol/golfsol.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yaho...bio5_0_2_5.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
Thanks for all the effort
|
Similar Threads
- News Story: Internet Explorer fault (Network Security)
- News Story: Microsoft announces host of new Internet Explorer 8 security features (Web Browsers)
- News Story: New Internet Explorer 8 functionality revealed (Web Browsers)
- Internet Explorer has been Hijacked. (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Shuts Down Problem
- Next Thread: strangest thing with my XP
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista warning windows worm yahoo
