hijackthis log

Discussion in 'adware, spyware & hijack cleaning' started by luqius, May 1, 2004.

Thread Status:
Not open for further replies.
  1. luqius

    luqius Guest

    Logfile of HijackThis v1.97.7
    Scan saved at 23:57:43, on 01.05.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Programme\AVPersonal\AVGUARD.EXE
    D:\Programme\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    D:\Programme\AVPersonal\AVGNT.EXE
    D:\Programme\Logitech\MouseWare\system\em_exec.exe
    D:\Programme\Creative\SBAudigy\AudioHQ\AHQTBU.EXE
    D:\Programme\Logitech\iTouch\iTouch.exe
    D:\Programme\K9\K9.exe
    D:\Programme\Miranda\miranda32.exe
    D:\Programme\mIRC\mirc.exe
    C:\WINDOWS\explorer.exe
    F:\Steam\steam.exe
    C:\Dokumente und Einstellungen\luqius\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\gapa.exe
    D:\Programme\Cheating-Death\cdeath.exe
    D:\Programme\x2alpha\xplorer2.exe
    D:\Programme\Crazy Browser\Crazy Browser.exe
    C:\DOKUME~1\luqius\LOKALE~1\Temp\Rar$EX15.548\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.worldmpeg.com/counter/search.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\pedjkda.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\pedjkda.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\pedjkda.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\pedjkda.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\pedjkda.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\homepage.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\pedjkda.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {4DF87354-B76F-4AA7-B050-01CF839DBAFB} - C:\WINDOWS\System32\pedjkda.dll
    O2 - BHO: (no name) - {5241A794-0582-4924-9C68-E112B1005E1E} - C:\WINDOWS\pB14y.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programme\QuickSearch\QuickSearchBar1_27.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programme\QuickSearch\QuickSearchBar1_27.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [AVGCtrl] D:\Programme\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [AudioHQU] D:\Programme\Creative\SBAudigy\AudioHQ\AHQTBU.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programme\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - Startup: Launch K9.lnk = D:\Programme\K9\K9.exe
    O4 - Startup: Miranda IM.lnk = D:\Programme\Miranda\miranda32.exe
    O4 - Startup: UD Agent.lnk = D:\Programme\United Devices\UD.EXE
    O4 - Global Startup: Start GetRight.lnk = D:\Programme\GetRight\getright.exe
    O8 - Extra context menu item: Download with GetRight - D:\Programme\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - D:\Programme\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O12 - Plugin for .csm: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .csml: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cub: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cube: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .dx: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .emb: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .embl: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .gau: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .jdx: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mol: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mop: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .pdb: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .rxn: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .scr: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .skc: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .spt: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .tgf: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .xyz: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O16 - DPF: KANA IQ LiveA - http://dmzchatonly.europe.creative.com/srvs/eu/eu1.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/DE/install.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
    O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/de/win/QuickTimeInstaller.exe
    O16 - DPF: {65B818E1-F4D8-4F96-A1DF-35F3D1C86194} - http://bins.roings.com/roing.cab
    O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/register/wowbeta/si.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37922.462650463
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_AT.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A529B2D0-5D6F-4CF4-A7DF-F2364FC90F71}: NameServer = 195.58.160.2 195.58.161.3
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E6192D2E-1EC1-4471-BCEF-20F68DBC00BC}: NameServer = 195.58.160.2,195.58.161.3
     
  2. luqius

    luqius Guest

    oh sorry i forgot to mention that my problem is that about:blank adware.
    annoying this thing is.
     
  3. luqius

    luqius Guest

    i deleted C:\WINDOWS\System32\pedjkda.dll and it seems to be gone for now.

    but i still got that "The program has been damages, possibly by a bad sector or a virus. Please reinstall it" error when starting spywareblaster. and also when starting getright.
     
  4. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    Hi luqius,

    Since you have already done some fixes on your own, please post a new HJT log so we will be better able to help you.

    Regards,
    Kent
     
  5. luqius

    luqius Guest

    so here's the new log.



    Logfile of HijackThis v1.97.7
    Scan saved at 11:11:33, on 02.05.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    D:\Programme\AVPersonal\AVGUARD.EXE
    D:\Programme\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    D:\Programme\AVPersonal\AVGNT.EXE
    D:\Programme\Creative\SBAudigy\AudioHQ\AHQTBU.EXE
    D:\Programme\Logitech\iTouch\iTouch.exe
    D:\Programme\Logitech\MouseWare\system\em_exec.exe
    D:\Programme\K9\K9.exe
    D:\Programme\Miranda\miranda32.exe
    D:\Programme\United Devices\UD.EXE
    D:\Programme\United Devices\ud_1396140.exe
    D:\Programme\United Devices\ud_1396140_0.dir\ud_ligfit_Release.exe
    D:\Programme\mIRC\mirc.exe
    D:\Programme\x2alpha\xplorer2.exe
    D:\Programme\Crazy Browser\Crazy Browser.exe
    C:\Dokumente und Einstellungen\luqius\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\gapa.exe
    F:\Steam\steam.exe
    D:\Programme\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.worldmpeg.com/counter/search.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\pedjkda.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\pedjkda.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\pedjkda.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\pedjkda.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\pedjkda.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\homepage.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\pedjkda.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {4DF87354-B76F-4AA7-B050-01CF839DBAFB} - C:\WINDOWS\System32\pedjkda.dll (file missing)
    O2 - BHO: (no name) - {5241A794-0582-4924-9C68-E112B1005E1E} - C:\WINDOWS\pB14y.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programme\QuickSearch\QuickSearchBar1_27.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programme\QuickSearch\QuickSearchBar1_27.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [AVGCtrl] D:\Programme\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [AudioHQU] D:\Programme\Creative\SBAudigy\AudioHQ\AHQTBU.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programme\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKLM\..\RunOnce: [SpybotSnD] "D:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - Startup: Launch K9.lnk = D:\Programme\K9\K9.exe
    O4 - Startup: Miranda IM.lnk = D:\Programme\Miranda\miranda32.exe
    O4 - Startup: UD Agent.lnk = D:\Programme\United Devices\UD.EXE
    O4 - Global Startup: Start GetRight.lnk = D:\Programme\GetRight\getright.exe
    O8 - Extra context menu item: Download with GetRight - D:\Programme\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - D:\Programme\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O12 - Plugin for .csm: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .csml: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cub: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cube: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .dx: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .emb: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .embl: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .gau: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .jdx: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mol: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mop: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .pdb: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .rxn: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .scr: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .skc: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .spt: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .tgf: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .xyz: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O16 - DPF: KANA IQ LiveA - http://dmzchatonly.europe.creative.com/srvs/eu/eu1.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/DE/install.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
    O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/de/win/QuickTimeInstaller.exe
    O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/register/wowbeta/si.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37922.462650463
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_AT.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A529B2D0-5D6F-4CF4-A7DF-F2364FC90F71}: NameServer = 195.58.160.2 195.58.161.3
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E6192D2E-1EC1-4471-BCEF-20F68DBC00BC}: NameServer = 195.58.160.2,195.58.161.3
     
  6. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    Hi luqius,

    Welcome to Wilders.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.worldmpeg.com/counter/search.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\pedjkda.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\pedjkda.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\pedjkda.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\pedjkda.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\pedjkda.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\homepage.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\pedjkda.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {4DF87354-B76F-4AA7-B050-01CF839DBAFB} - C:\WINDOWS\System32\pedjkda.dll (file missing)
    O2 - BHO: (no name) - {5241A794-0582-4924-9C68-E112B1005E1E} - C:\WINDOWS\pB14y.dll

    O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programme\QuickSearch\QuickSearchBar1_27.dll

    O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programme\QuickSearch\QuickSearchBar1_27.dll

    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe

    O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_AT.cab

    Download CWShredder and run. Be sure ALL other windows are closed use the Fix button and follow the instructions you will receive.

    There also may be hidden files. See HERE for how to show hidden files.

    Then reboot into safe mode and delete:

    C:\WINDOWS\pB14y.dll
    C:\Programme\QuickSearch\ <-- entire folder

    Reboot and then post a fresh HijackThis log.

    Regards,
    Kent
     
  7. luqius

    luqius Guest

    thx for the help. i did as i was told. but the file C:\WINDOWS\pB14y.dll was not there (i see hidden files).

    looks fine now but i still got that "The program has been damages, possibly by a bad sector or a virus. Please reinstall it" error when starting spywareblaster. and also when starting getright.

    i tryed reinstalling again but i didnt help...

    so here my current log. taken after rebooting.


    Logfile of HijackThis v1.97.7
    Scan saved at 13:24:36, on 02.05.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    D:\Programme\AVPersonal\AVGUARD.EXE
    D:\Programme\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    D:\Programme\AVPersonal\AVGNT.EXE
    D:\Programme\Creative\SBAudigy\AudioHQ\AHQTBU.EXE
    D:\Programme\Logitech\iTouch\iTouch.exe
    D:\Programme\Logitech\MouseWare\system\em_exec.exe
    D:\Programme\K9\K9.exe
    D:\Programme\Miranda\miranda32.exe
    D:\Programme\United Devices\UD.EXE
    D:\Programme\United Devices\ud_1396140.exe
    D:\Programme\United Devices\ud_1396140_0.dir\ud_ligfit_Release.exe
    D:\Programme\Crazy Browser\Crazy Browser.exe
    D:\Programme\x2alpha\xplorer2.exe
    D:\Programme\hijackthis\HijackThis.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [AVGCtrl] D:\Programme\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [AudioHQU] D:\Programme\Creative\SBAudigy\AudioHQ\AHQTBU.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programme\Logitech\iTouch\iTouch.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - Startup: Launch K9.lnk = D:\Programme\K9\K9.exe
    O4 - Startup: Miranda IM.lnk = D:\Programme\Miranda\miranda32.exe
    O4 - Startup: UD Agent.lnk = D:\Programme\United Devices\UD.EXE
    O4 - Global Startup: Start GetRight.lnk = D:\Programme\GetRight\getright.exe
    O8 - Extra context menu item: Download with GetRight - D:\Programme\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - D:\Programme\GetRight\GRbrowse.htm
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O12 - Plugin for .csm: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .csml: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cub: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cube: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .dx: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .emb: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .embl: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .gau: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .jdx: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mol: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mop: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .pdb: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .rxn: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .scr: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .skc: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .spt: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .tgf: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .xyz: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O16 - DPF: KANA IQ LiveA - http://dmzchatonly.europe.creative.com/srvs/eu/eu1.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/DE/install.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
    O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
    O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/register/wowbeta/si.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37922.462650463
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A529B2D0-5D6F-4CF4-A7DF-F2364FC90F71}: NameServer = 195.58.160.2 195.58.161.3
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E6192D2E-1EC1-4471-BCEF-20F68DBC00BC}: NameServer = 195.58.160.2,195.58.161.3



    thx again for the help
     
  8. luqius

    luqius Guest

    i rebooted and this about:blank ware came back. i still got The program has been damages, possibly by a bad sector or a virus. Please reinstall it" error when starting spywareblaster. and also when starting getright.


    Logfile of HijackThis v1.97.7
    Scan saved at 21:00:59, on 03.05.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    D:\Programme\AVPersonal\AVGUARD.EXE
    D:\Programme\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    D:\Programme\AVPersonal\AVGNT.EXE
    D:\Programme\Creative\SBAudigy\AudioHQ\AHQTBU.EXE
    D:\Programme\Logitech\iTouch\iTouch.exe
    D:\Programme\Logitech\MouseWare\system\em_exec.exe
    C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
    D:\Programme\K9\K9.exe
    D:\Programme\Miranda\miranda32.exe
    D:\Programme\United Devices\UD.EXE
    D:\Programme\United Devices\ud_1396140.exe
    D:\Programme\United Devices\ud_1396140_0.dir\ud_ligfit_Release.exe
    D:\Programme\mIRC\mirc.exe
    D:\Programme\Crazy Browser\Crazy Browser.exe
    C:\Programme\Outlook Express\msimn.exe
    D:\Programme\x2alpha\xplorer2.exe
    D:\Programme\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\bfgopna.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\bfgopna.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\bfgopna.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\bfgopna.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\bfgopna.dll/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\bfgopna.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {39158BB2-D39E-42D2-9EF0-80E59AE75047} - C:\WINDOWS\System32\bfgopna.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [AVGCtrl] D:\Programme\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [AudioHQU] D:\Programme\Creative\SBAudigy\AudioHQ\AHQTBU.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programme\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - Startup: Launch K9.lnk = D:\Programme\K9\K9.exe
    O4 - Startup: Miranda IM.lnk = D:\Programme\Miranda\miranda32.exe
    O4 - Startup: UD Agent.lnk = D:\Programme\United Devices\UD.EXE
    O4 - Global Startup: Start GetRight.lnk = D:\Programme\GetRight\getright.exe
    O8 - Extra context menu item: Download with GetRight - D:\Programme\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - D:\Programme\GetRight\GRbrowse.htm
    O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O12 - Plugin for .csm: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .csml: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cub: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cube: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .dx: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .emb: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .embl: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .gau: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .jdx: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mol: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mop: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .pdb: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .rxn: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .scr: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .skc: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .spt: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .tgf: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .xyz: C:\Programme\Internet Explorer\Plugins\npchime.dll
    O16 - DPF: KANA IQ LiveA - http://dmzchatonly.europe.creative.com/srvs/eu/eu1.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/DE/install.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
    O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
    O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/register/wowbeta/si.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37922.462650463
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A529B2D0-5D6F-4CF4-A7DF-F2364FC90F71}: NameServer = 195.58.160.2 195.58.161.3
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E6192D2E-1EC1-4471-BCEF-20F68DBC00BC}: NameServer = 195.58.160.2,195.58.161.3
     
Thread Status:
Not open for further replies.