HSA, Search Extender and Shooping Wizard
Please, I really tried to do what was said on the Removal Guide but when it comes to computer fixing I really suck!!! I can't get rid of this adware, spyware, vírus, or whatever it's called. Please, help me! :bawling:
This is my hijackthis logfile in normal mode:
Logfile of HijackThis v1.98.2
Scan saved at 21:06:12, on 06/09/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\ARQUIVOS DE PROGRAMAS\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\ARQUIVOS DE PROGRAMAS\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARQUIVOS DE PROGRAMAS\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\ARQUIVOS DE PROGRAMAS\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\ARQUIVOS DE PROGRAMAS\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\TQIIDD.EXE
C:\ARQUIVOS DE PROGRAMAS\SCANNERU\KYESCAN.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\ARQUIVOS DE PROGRAMAS\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\Arquivos de programas\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
C:\WINDOWS\MSIC32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\MEUS DOCUMENTOS\PAULA\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lxwmz.dll/sp.html#37680
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lxwmz.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\lxwmz.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lxwmz.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lxwmz.dll/sp.html#37680
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lxwmz.dll/sp.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lxwmz.dll/sp.html#37680
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Class - {7FA16CA9-D279-0148-C524-E714A991E7D8} - C:\WINDOWS\SYSTEM\APPGM32.DLL
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NPROTECT] C:\Arquivos de programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [NAV DefAlert] C:\ARQUIV~1\NORTON~1\NORTON~2\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\ARQUIV~1\NORTON~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Arquivos de programas\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\Arquivos de programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Arquivos de programas\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CRBR.EXE] C:\WINDOWS\CRBR.EXE
O4 - HKLM\..\RunServices: [APIAY32.EXE] C:\WINDOWS\APIAY32.EXE
O4 - HKLM\..\RunServices: [ADDDX32.EXE] C:\WINDOWS\ADDDX32.EXE
O4 - HKLM\..\RunServices: [D3ER32.EXE] C:\WINDOWS\SYSTEM\D3ER32.EXE
O4 - HKLM\..\RunServices: [APIPX32.EXE] C:\WINDOWS\SYSTEM\APIPX32.EXE
O4 - HKLM\..\RunServices: [NTUB32.EXE] C:\WINDOWS\SYSTEM\NTUB32.EXE
O4 - HKLM\..\RunServices: [JAVALL.EXE] C:\WINDOWS\JAVALL.EXE
O4 - HKLM\..\RunServices: [MSMA.EXE] C:\WINDOWS\SYSTEM\MSMA.EXE
O4 - HKLM\..\RunServices: [IPRE.EXE] C:\WINDOWS\IPRE.EXE
O4 - HKLM\..\RunServices: [NETEN.EXE] C:\WINDOWS\NETEN.EXE
O4 - HKLM\..\RunServices: [SYSNR.EXE] C:\WINDOWS\SYSTEM\SYSNR.EXE
O4 - HKLM\..\RunServices: [MSPR.EXE] C:\WINDOWS\SYSTEM\MSPR.EXE
O4 - HKLM\..\RunServices: [CRIZ32.EXE] C:\WINDOWS\CRIZ32.EXE
O4 - HKLM\..\RunServices: [SYSIQ32.EXE] C:\WINDOWS\SYSTEM\SYSIQ32.EXE
O4 - HKLM\..\RunServices: [NTTD32.EXE] C:\WINDOWS\SYSTEM\NTTD32.EXE
O4 - HKLM\..\RunServices: [APPJQ32.EXE] C:\WINDOWS\SYSTEM\APPJQ32.EXE
O4 - HKLM\..\RunServices: [APIZX.EXE] C:\WINDOWS\SYSTEM\APIZX.EXE
O4 - HKLM\..\RunServices: [NTNV.EXE] C:\WINDOWS\NTNV.EXE
O4 - HKLM\..\RunServices: [WINGD32.EXE] C:\WINDOWS\WINGD32.EXE
O4 - HKLM\..\RunServices: [APPIA.EXE] C:\WINDOWS\SYSTEM\APPIA.EXE
O4 - HKLM\..\RunServices: [SDKLE.EXE] C:\WINDOWS\SYSTEM\SDKLE.EXE
O4 - HKLM\..\RunServices: [WINBW.EXE] C:\WINDOWS\WINBW.EXE
O4 - HKLM\..\RunServices: [APPLV.EXE] C:\WINDOWS\APPLV.EXE
O4 - HKLM\..\RunServices: [NETQX.EXE] C:\WINDOWS\NETQX.EXE
O4 - HKLM\..\RunServices: [WINRO.EXE] C:\WINDOWS\SYSTEM\WINRO.EXE
O4 - HKLM\..\RunServices: [SDKXU.EXE] C:\WINDOWS\SYSTEM\SDKXU.EXE
O4 - HKLM\..\RunServices: [SDKOX.EXE] C:\WINDOWS\SYSTEM\SDKOX.EXE
O4 - HKLM\..\RunServices: [SDKOE.EXE] C:\WINDOWS\SYSTEM\SDKOE.EXE
O4 - HKLM\..\RunServices: [NTLS32.EXE] C:\WINDOWS\NTLS32.EXE
O4 - HKLM\..\RunServices: [MSCX32.EXE] C:\WINDOWS\SYSTEM\MSCX32.EXE
O4 - HKLM\..\RunServices: [NETLB32.EXE] C:\WINDOWS\NETLB32.EXE
O4 - HKLM\..\RunServices: [D3MH.EXE] C:\WINDOWS\SYSTEM\D3MH.EXE
O4 - HKLM\..\RunServices: [JAVAYG32.EXE] C:\WINDOWS\JAVAYG32.EXE
O4 - HKLM\..\RunServices: [APPVZ32.EXE] C:\WINDOWS\APPVZ32.EXE
O4 - HKLM\..\RunServices: [CRUD32.EXE] C:\WINDOWS\CRUD32.EXE
O4 - HKLM\..\RunServices: [MSLX32.EXE] C:\WINDOWS\MSLX32.EXE
O4 - HKLM\..\RunServices: [NETBJ32.EXE] C:\WINDOWS\SYSTEM\NETBJ32.EXE
O4 - HKLM\..\RunServices: [IPJV32.EXE] C:\WINDOWS\IPJV32.EXE
O4 - HKLM\..\RunServices: [JAVAHQ.EXE] C:\WINDOWS\JAVAHQ.EXE
O4 - HKLM\..\RunServices: [NETQP32.EXE] C:\WINDOWS\NETQP32.EXE
O4 - HKLM\..\RunServices: [SDKND32.EXE] C:\WINDOWS\SDKND32.EXE
O4 - HKLM\..\RunServices: [D3FU32.EXE] C:\WINDOWS\SYSTEM\D3FU32.EXE
O4 - HKLM\..\RunServices: [JAVAJE32.EXE] C:\WINDOWS\JAVAJE32.EXE
O4 - HKLM\..\RunServices: [JAVASK.EXE] C:\WINDOWS\JAVASK.EXE
O4 - HKLM\..\RunServices: [D3PQ32.EXE] C:\WINDOWS\SYSTEM\D3PQ32.EXE
O4 - HKLM\..\RunServices: [SDKDC32.EXE] C:\WINDOWS\SDKDC32.EXE
O4 - HKLM\..\RunServices: [NTOK32.EXE] C:\WINDOWS\SYSTEM\NTOK32.EXE
O4 - HKLM\..\RunServices: [CRAG.EXE] C:\WINDOWS\CRAG.EXE
O4 - HKLM\..\RunServices: [APPSI.EXE] C:\WINDOWS\APPSI.EXE
O4 - HKLM\..\RunServices: [NETTR32.EXE] C:\WINDOWS\SYSTEM\NETTR32.EXE
O4 - HKLM\..\RunServices: [MFCKQ.EXE] C:\WINDOWS\MFCKQ.EXE
O4 - HKLM\..\RunServices: [NETWM.EXE] C:\WINDOWS\NETWM.EXE
O4 - HKLM\..\RunServices: [JAVAGS.EXE] C:\WINDOWS\SYSTEM\JAVAGS.EXE
O4 - HKLM\..\RunServices: [JAVAUZ32.EXE] C:\WINDOWS\JAVAUZ32.EXE
O4 - HKLM\..\RunServices: [NETUQ.EXE] C:\WINDOWS\NETUQ.EXE
O4 - HKLM\..\RunServices: [SDKVB.EXE] C:\WINDOWS\SYSTEM\SDKVB.EXE
O4 - HKLM\..\RunServices: [NTSP32.EXE] C:\WINDOWS\NTSP32.EXE
O4 - HKLM\..\RunServices: [SYSYI32.EXE] C:\WINDOWS\SYSYI32.EXE
O4 - HKLM\..\RunServices: [CRXT.EXE] C:\WINDOWS\SYSTEM\CRXT.EXE
O4 - HKLM\..\RunServices: [APPYN.EXE] C:\WINDOWS\APPYN.EXE
O4 - HKLM\..\RunServices: [D3UO32.EXE] C:\WINDOWS\SYSTEM\D3UO32.EXE
O4 - HKLM\..\RunServices: [SDKJF.EXE] C:\WINDOWS\SYSTEM\SDKJF.EXE
O4 - HKLM\..\RunServices: [SYSST32.EXE] C:\WINDOWS\SYSTEM\SYSST32.EXE
O4 - HKLM\..\RunServices: [MSIC32.EXE] C:\WINDOWS\MSIC32.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Lkao] C:\WINDOWS\SYSTEM\tqiidd.exe
O4 - Startup: KYESCAN.lnk = C:\ARQUIV~1\SCANNERU\KYESCAN.EXE
O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Smart Sweep-Internet Sweep do CleanSweep.lnk = C:\Arquivos de programas\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: PowerReg SchedulerV2.exe
O8 - Extra context menu item: &Google Search - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O12 - Plugin for .spop: C:\ARQUIV~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mpeg: C:\ARQUIV~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1025435.exe
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://xxxtrayicon.com/xtrayinst.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
And this is the hijackthis logfile in safe mode:
Logfile of HijackThis v1.98.2
Scan saved at 21:29:37, on 06/09/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\MEUS DOCUMENTOS\PAULA\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hpanl.dll/sp.html#37680
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hpanl.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hpanl.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hpanl.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hpanl.dll/sp.html#37680
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hpanl.dll/sp.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hpanl.dll/sp.html#37680
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Class - {7FA16CA9-D279-0148-C524-E714A991E7D8} - C:\WINDOWS\SYSTEM\APPGM32.DLL
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NPROTECT] C:\Arquivos de programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [NAV DefAlert] C:\ARQUIV~1\NORTON~1\NORTON~2\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\ARQUIV~1\NORTON~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Arquivos de programas\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\Arquivos de programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Arquivos de programas\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CRBR.EXE] C:\WINDOWS\CRBR.EXE
O4 - HKLM\..\RunServices: [APIAY32.EXE] C:\WINDOWS\APIAY32.EXE
O4 - HKLM\..\RunServices: [ADDDX32.EXE] C:\WINDOWS\ADDDX32.EXE
O4 - HKLM\..\RunServices: [D3ER32.EXE] C:\WINDOWS\SYSTEM\D3ER32.EXE
O4 - HKLM\..\RunServices: [APIPX32.EXE] C:\WINDOWS\SYSTEM\APIPX32.EXE
O4 - HKLM\..\RunServices: [NTUB32.EXE] C:\WINDOWS\SYSTEM\NTUB32.EXE
O4 - HKLM\..\RunServices: [JAVALL.EXE] C:\WINDOWS\JAVALL.EXE
O4 - HKLM\..\RunServices: [MSMA.EXE] C:\WINDOWS\SYSTEM\MSMA.EXE
O4 - HKLM\..\RunServices: [IPRE.EXE] C:\WINDOWS\IPRE.EXE
O4 - HKLM\..\RunServices: [NETEN.EXE] C:\WINDOWS\NETEN.EXE
O4 - HKLM\..\RunServices: [SYSNR.EXE] C:\WINDOWS\SYSTEM\SYSNR.EXE
O4 - HKLM\..\RunServices: [MSPR.EXE] C:\WINDOWS\SYSTEM\MSPR.EXE
O4 - HKLM\..\RunServices: [CRIZ32.EXE] C:\WINDOWS\CRIZ32.EXE
O4 - HKLM\..\RunServices: [SYSIQ32.EXE] C:\WINDOWS\SYSTEM\SYSIQ32.EXE
O4 - HKLM\..\RunServices: [NTTD32.EXE] C:\WINDOWS\SYSTEM\NTTD32.EXE
O4 - HKLM\..\RunServices: [APPJQ32.EXE] C:\WINDOWS\SYSTEM\APPJQ32.EXE
O4 - HKLM\..\RunServices: [APIZX.EXE] C:\WINDOWS\SYSTEM\APIZX.EXE
O4 - HKLM\..\RunServices: [NTNV.EXE] C:\WINDOWS\NTNV.EXE
O4 - HKLM\..\RunServices: [WINGD32.EXE] C:\WINDOWS\WINGD32.EXE
O4 - HKLM\..\RunServices: [APPIA.EXE] C:\WINDOWS\SYSTEM\APPIA.EXE
O4 - HKLM\..\RunServices: [SDKLE.EXE] C:\WINDOWS\SYSTEM\SDKLE.EXE
O4 - HKLM\..\RunServices: [WINBW.EXE] C:\WINDOWS\WINBW.EXE
O4 - HKLM\..\RunServices: [APPLV.EXE] C:\WINDOWS\APPLV.EXE
O4 - HKLM\..\RunServices: [NETQX.EXE] C:\WINDOWS\NETQX.EXE
O4 - HKLM\..\RunServices: [WINRO.EXE] C:\WINDOWS\SYSTEM\WINRO.EXE
O4 - HKLM\..\RunServices: [SDKXU.EXE] C:\WINDOWS\SYSTEM\SDKXU.EXE
O4 - HKLM\..\RunServices: [SDKOX.EXE] C:\WINDOWS\SYSTEM\SDKOX.EXE
O4 - HKLM\..\RunServices: [SDKOE.EXE] C:\WINDOWS\SYSTEM\SDKOE.EXE
O4 - HKLM\..\RunServices: [NTLS32.EXE] C:\WINDOWS\NTLS32.EXE
O4 - HKLM\..\RunServices: [MSCX32.EXE] C:\WINDOWS\SYSTEM\MSCX32.EXE
O4 - HKLM\..\RunServices: [NETLB32.EXE] C:\WINDOWS\NETLB32.EXE
O4 - HKLM\..\RunServices: [D3MH.EXE] C:\WINDOWS\SYSTEM\D3MH.EXE
O4 - HKLM\..\RunServices: [JAVAYG32.EXE] C:\WINDOWS\JAVAYG32.EXE
O4 - HKLM\..\RunServices: [APPVZ32.EXE] C:\WINDOWS\APPVZ32.EXE
O4 - HKLM\..\RunServices: [CRUD32.EXE] C:\WINDOWS\CRUD32.EXE
O4 - HKLM\..\RunServices: [MSLX32.EXE] C:\WINDOWS\MSLX32.EXE
O4 - HKLM\..\RunServices: [NETBJ32.EXE] C:\WINDOWS\SYSTEM\NETBJ32.EXE
O4 - HKLM\..\RunServices: [IPJV32.EXE] C:\WINDOWS\IPJV32.EXE
O4 - HKLM\..\RunServices: [JAVAHQ.EXE] C:\WINDOWS\JAVAHQ.EXE
O4 - HKLM\..\RunServices: [NETQP32.EXE] C:\WINDOWS\NETQP32.EXE
O4 - HKLM\..\RunServices: [SDKND32.EXE] C:\WINDOWS\SDKND32.EXE
O4 - HKLM\..\RunServices: [D3FU32.EXE] C:\WINDOWS\SYSTEM\D3FU32.EXE
O4 - HKLM\..\RunServices: [JAVAJE32.EXE] C:\WINDOWS\JAVAJE32.EXE
O4 - HKLM\..\RunServices: [JAVASK.EXE] C:\WINDOWS\JAVASK.EXE
O4 - HKLM\..\RunServices: [D3PQ32.EXE] C:\WINDOWS\SYSTEM\D3PQ32.EXE
O4 - HKLM\..\RunServices: [SDKDC32.EXE] C:\WINDOWS\SDKDC32.EXE
O4 - HKLM\..\RunServices: [NTOK32.EXE] C:\WINDOWS\SYSTEM\NTOK32.EXE
O4 - HKLM\..\RunServices: [CRAG.EXE] C:\WINDOWS\CRAG.EXE
O4 - HKLM\..\RunServices: [APPSI.EXE] C:\WINDOWS\APPSI.EXE
O4 - HKLM\..\RunServices: [NETTR32.EXE] C:\WINDOWS\SYSTEM\NETTR32.EXE
O4 - HKLM\..\RunServices: [MFCKQ.EXE] C:\WINDOWS\MFCKQ.EXE
O4 - HKLM\..\RunServices: [NETWM.EXE] C:\WINDOWS\NETWM.EXE
O4 - HKLM\..\RunServices: [JAVAGS.EXE] C:\WINDOWS\SYSTEM\JAVAGS.EXE
O4 - HKLM\..\RunServices: [JAVAUZ32.EXE] C:\WINDOWS\JAVAUZ32.EXE
O4 - HKLM\..\RunServices: [NETUQ.EXE] C:\WINDOWS\NETUQ.EXE
O4 - HKLM\..\RunServices: [SDKVB.EXE] C:\WINDOWS\SYSTEM\SDKVB.EXE
O4 - HKLM\..\RunServices: [NTSP32.EXE] C:\WINDOWS\NTSP32.EXE
O4 - HKLM\..\RunServices: [SYSYI32.EXE] C:\WINDOWS\SYSYI32.EXE
O4 - HKLM\..\RunServices: [CRXT.EXE] C:\WINDOWS\SYSTEM\CRXT.EXE
O4 - HKLM\..\RunServices: [APPYN.EXE] C:\WINDOWS\APPYN.EXE
O4 - HKLM\..\RunServices: [D3UO32.EXE] C:\WINDOWS\SYSTEM\D3UO32.EXE
O4 - HKLM\..\RunServices: [SDKJF.EXE] C:\WINDOWS\SYSTEM\SDKJF.EXE
O4 - HKLM\..\RunServices: [SYSST32.EXE] C:\WINDOWS\SYSTEM\SYSST32.EXE
O4 - HKLM\..\RunServices: [MSIC32.EXE] C:\WINDOWS\MSIC32.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Lkao] C:\WINDOWS\SYSTEM\tqiidd.exe
O4 - Startup: KYESCAN.lnk = C:\ARQUIV~1\SCANNERU\KYESCAN.EXE
O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Smart Sweep-Internet Sweep do CleanSweep.lnk = C:\Arquivos de programas\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: PowerReg SchedulerV2.exe
O8 - Extra context menu item: &Google Search - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O12 - Plugin for .spop: C:\ARQUIV~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mpeg: C:\ARQUIV~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1025435.exe
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://xxxtrayicon.com/xtrayinst.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
This is my hijackthis logfile in normal mode:
Logfile of HijackThis v1.98.2
Scan saved at 21:06:12, on 06/09/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\ARQUIVOS DE PROGRAMAS\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\ARQUIVOS DE PROGRAMAS\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARQUIVOS DE PROGRAMAS\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\ARQUIVOS DE PROGRAMAS\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\ARQUIVOS DE PROGRAMAS\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\TQIIDD.EXE
C:\ARQUIVOS DE PROGRAMAS\SCANNERU\KYESCAN.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\ARQUIVOS DE PROGRAMAS\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\Arquivos de programas\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
C:\WINDOWS\MSIC32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\MEUS DOCUMENTOS\PAULA\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lxwmz.dll/sp.html#37680
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lxwmz.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\lxwmz.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lxwmz.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lxwmz.dll/sp.html#37680
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lxwmz.dll/sp.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lxwmz.dll/sp.html#37680
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Class - {7FA16CA9-D279-0148-C524-E714A991E7D8} - C:\WINDOWS\SYSTEM\APPGM32.DLL
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NPROTECT] C:\Arquivos de programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [NAV DefAlert] C:\ARQUIV~1\NORTON~1\NORTON~2\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\ARQUIV~1\NORTON~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Arquivos de programas\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\Arquivos de programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Arquivos de programas\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CRBR.EXE] C:\WINDOWS\CRBR.EXE
O4 - HKLM\..\RunServices: [APIAY32.EXE] C:\WINDOWS\APIAY32.EXE
O4 - HKLM\..\RunServices: [ADDDX32.EXE] C:\WINDOWS\ADDDX32.EXE
O4 - HKLM\..\RunServices: [D3ER32.EXE] C:\WINDOWS\SYSTEM\D3ER32.EXE
O4 - HKLM\..\RunServices: [APIPX32.EXE] C:\WINDOWS\SYSTEM\APIPX32.EXE
O4 - HKLM\..\RunServices: [NTUB32.EXE] C:\WINDOWS\SYSTEM\NTUB32.EXE
O4 - HKLM\..\RunServices: [JAVALL.EXE] C:\WINDOWS\JAVALL.EXE
O4 - HKLM\..\RunServices: [MSMA.EXE] C:\WINDOWS\SYSTEM\MSMA.EXE
O4 - HKLM\..\RunServices: [IPRE.EXE] C:\WINDOWS\IPRE.EXE
O4 - HKLM\..\RunServices: [NETEN.EXE] C:\WINDOWS\NETEN.EXE
O4 - HKLM\..\RunServices: [SYSNR.EXE] C:\WINDOWS\SYSTEM\SYSNR.EXE
O4 - HKLM\..\RunServices: [MSPR.EXE] C:\WINDOWS\SYSTEM\MSPR.EXE
O4 - HKLM\..\RunServices: [CRIZ32.EXE] C:\WINDOWS\CRIZ32.EXE
O4 - HKLM\..\RunServices: [SYSIQ32.EXE] C:\WINDOWS\SYSTEM\SYSIQ32.EXE
O4 - HKLM\..\RunServices: [NTTD32.EXE] C:\WINDOWS\SYSTEM\NTTD32.EXE
O4 - HKLM\..\RunServices: [APPJQ32.EXE] C:\WINDOWS\SYSTEM\APPJQ32.EXE
O4 - HKLM\..\RunServices: [APIZX.EXE] C:\WINDOWS\SYSTEM\APIZX.EXE
O4 - HKLM\..\RunServices: [NTNV.EXE] C:\WINDOWS\NTNV.EXE
O4 - HKLM\..\RunServices: [WINGD32.EXE] C:\WINDOWS\WINGD32.EXE
O4 - HKLM\..\RunServices: [APPIA.EXE] C:\WINDOWS\SYSTEM\APPIA.EXE
O4 - HKLM\..\RunServices: [SDKLE.EXE] C:\WINDOWS\SYSTEM\SDKLE.EXE
O4 - HKLM\..\RunServices: [WINBW.EXE] C:\WINDOWS\WINBW.EXE
O4 - HKLM\..\RunServices: [APPLV.EXE] C:\WINDOWS\APPLV.EXE
O4 - HKLM\..\RunServices: [NETQX.EXE] C:\WINDOWS\NETQX.EXE
O4 - HKLM\..\RunServices: [WINRO.EXE] C:\WINDOWS\SYSTEM\WINRO.EXE
O4 - HKLM\..\RunServices: [SDKXU.EXE] C:\WINDOWS\SYSTEM\SDKXU.EXE
O4 - HKLM\..\RunServices: [SDKOX.EXE] C:\WINDOWS\SYSTEM\SDKOX.EXE
O4 - HKLM\..\RunServices: [SDKOE.EXE] C:\WINDOWS\SYSTEM\SDKOE.EXE
O4 - HKLM\..\RunServices: [NTLS32.EXE] C:\WINDOWS\NTLS32.EXE
O4 - HKLM\..\RunServices: [MSCX32.EXE] C:\WINDOWS\SYSTEM\MSCX32.EXE
O4 - HKLM\..\RunServices: [NETLB32.EXE] C:\WINDOWS\NETLB32.EXE
O4 - HKLM\..\RunServices: [D3MH.EXE] C:\WINDOWS\SYSTEM\D3MH.EXE
O4 - HKLM\..\RunServices: [JAVAYG32.EXE] C:\WINDOWS\JAVAYG32.EXE
O4 - HKLM\..\RunServices: [APPVZ32.EXE] C:\WINDOWS\APPVZ32.EXE
O4 - HKLM\..\RunServices: [CRUD32.EXE] C:\WINDOWS\CRUD32.EXE
O4 - HKLM\..\RunServices: [MSLX32.EXE] C:\WINDOWS\MSLX32.EXE
O4 - HKLM\..\RunServices: [NETBJ32.EXE] C:\WINDOWS\SYSTEM\NETBJ32.EXE
O4 - HKLM\..\RunServices: [IPJV32.EXE] C:\WINDOWS\IPJV32.EXE
O4 - HKLM\..\RunServices: [JAVAHQ.EXE] C:\WINDOWS\JAVAHQ.EXE
O4 - HKLM\..\RunServices: [NETQP32.EXE] C:\WINDOWS\NETQP32.EXE
O4 - HKLM\..\RunServices: [SDKND32.EXE] C:\WINDOWS\SDKND32.EXE
O4 - HKLM\..\RunServices: [D3FU32.EXE] C:\WINDOWS\SYSTEM\D3FU32.EXE
O4 - HKLM\..\RunServices: [JAVAJE32.EXE] C:\WINDOWS\JAVAJE32.EXE
O4 - HKLM\..\RunServices: [JAVASK.EXE] C:\WINDOWS\JAVASK.EXE
O4 - HKLM\..\RunServices: [D3PQ32.EXE] C:\WINDOWS\SYSTEM\D3PQ32.EXE
O4 - HKLM\..\RunServices: [SDKDC32.EXE] C:\WINDOWS\SDKDC32.EXE
O4 - HKLM\..\RunServices: [NTOK32.EXE] C:\WINDOWS\SYSTEM\NTOK32.EXE
O4 - HKLM\..\RunServices: [CRAG.EXE] C:\WINDOWS\CRAG.EXE
O4 - HKLM\..\RunServices: [APPSI.EXE] C:\WINDOWS\APPSI.EXE
O4 - HKLM\..\RunServices: [NETTR32.EXE] C:\WINDOWS\SYSTEM\NETTR32.EXE
O4 - HKLM\..\RunServices: [MFCKQ.EXE] C:\WINDOWS\MFCKQ.EXE
O4 - HKLM\..\RunServices: [NETWM.EXE] C:\WINDOWS\NETWM.EXE
O4 - HKLM\..\RunServices: [JAVAGS.EXE] C:\WINDOWS\SYSTEM\JAVAGS.EXE
O4 - HKLM\..\RunServices: [JAVAUZ32.EXE] C:\WINDOWS\JAVAUZ32.EXE
O4 - HKLM\..\RunServices: [NETUQ.EXE] C:\WINDOWS\NETUQ.EXE
O4 - HKLM\..\RunServices: [SDKVB.EXE] C:\WINDOWS\SYSTEM\SDKVB.EXE
O4 - HKLM\..\RunServices: [NTSP32.EXE] C:\WINDOWS\NTSP32.EXE
O4 - HKLM\..\RunServices: [SYSYI32.EXE] C:\WINDOWS\SYSYI32.EXE
O4 - HKLM\..\RunServices: [CRXT.EXE] C:\WINDOWS\SYSTEM\CRXT.EXE
O4 - HKLM\..\RunServices: [APPYN.EXE] C:\WINDOWS\APPYN.EXE
O4 - HKLM\..\RunServices: [D3UO32.EXE] C:\WINDOWS\SYSTEM\D3UO32.EXE
O4 - HKLM\..\RunServices: [SDKJF.EXE] C:\WINDOWS\SYSTEM\SDKJF.EXE
O4 - HKLM\..\RunServices: [SYSST32.EXE] C:\WINDOWS\SYSTEM\SYSST32.EXE
O4 - HKLM\..\RunServices: [MSIC32.EXE] C:\WINDOWS\MSIC32.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Lkao] C:\WINDOWS\SYSTEM\tqiidd.exe
O4 - Startup: KYESCAN.lnk = C:\ARQUIV~1\SCANNERU\KYESCAN.EXE
O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Smart Sweep-Internet Sweep do CleanSweep.lnk = C:\Arquivos de programas\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: PowerReg SchedulerV2.exe
O8 - Extra context menu item: &Google Search - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O12 - Plugin for .spop: C:\ARQUIV~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mpeg: C:\ARQUIV~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1025435.exe
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://xxxtrayicon.com/xtrayinst.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
And this is the hijackthis logfile in safe mode:
Logfile of HijackThis v1.98.2
Scan saved at 21:29:37, on 06/09/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\MEUS DOCUMENTOS\PAULA\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hpanl.dll/sp.html#37680
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hpanl.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hpanl.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hpanl.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hpanl.dll/sp.html#37680
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hpanl.dll/sp.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hpanl.dll/sp.html#37680
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Class - {7FA16CA9-D279-0148-C524-E714A991E7D8} - C:\WINDOWS\SYSTEM\APPGM32.DLL
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NPROTECT] C:\Arquivos de programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [NAV DefAlert] C:\ARQUIV~1\NORTON~1\NORTON~2\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\ARQUIV~1\NORTON~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Arquivos de programas\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\Arquivos de programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Arquivos de programas\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CRBR.EXE] C:\WINDOWS\CRBR.EXE
O4 - HKLM\..\RunServices: [APIAY32.EXE] C:\WINDOWS\APIAY32.EXE
O4 - HKLM\..\RunServices: [ADDDX32.EXE] C:\WINDOWS\ADDDX32.EXE
O4 - HKLM\..\RunServices: [D3ER32.EXE] C:\WINDOWS\SYSTEM\D3ER32.EXE
O4 - HKLM\..\RunServices: [APIPX32.EXE] C:\WINDOWS\SYSTEM\APIPX32.EXE
O4 - HKLM\..\RunServices: [NTUB32.EXE] C:\WINDOWS\SYSTEM\NTUB32.EXE
O4 - HKLM\..\RunServices: [JAVALL.EXE] C:\WINDOWS\JAVALL.EXE
O4 - HKLM\..\RunServices: [MSMA.EXE] C:\WINDOWS\SYSTEM\MSMA.EXE
O4 - HKLM\..\RunServices: [IPRE.EXE] C:\WINDOWS\IPRE.EXE
O4 - HKLM\..\RunServices: [NETEN.EXE] C:\WINDOWS\NETEN.EXE
O4 - HKLM\..\RunServices: [SYSNR.EXE] C:\WINDOWS\SYSTEM\SYSNR.EXE
O4 - HKLM\..\RunServices: [MSPR.EXE] C:\WINDOWS\SYSTEM\MSPR.EXE
O4 - HKLM\..\RunServices: [CRIZ32.EXE] C:\WINDOWS\CRIZ32.EXE
O4 - HKLM\..\RunServices: [SYSIQ32.EXE] C:\WINDOWS\SYSTEM\SYSIQ32.EXE
O4 - HKLM\..\RunServices: [NTTD32.EXE] C:\WINDOWS\SYSTEM\NTTD32.EXE
O4 - HKLM\..\RunServices: [APPJQ32.EXE] C:\WINDOWS\SYSTEM\APPJQ32.EXE
O4 - HKLM\..\RunServices: [APIZX.EXE] C:\WINDOWS\SYSTEM\APIZX.EXE
O4 - HKLM\..\RunServices: [NTNV.EXE] C:\WINDOWS\NTNV.EXE
O4 - HKLM\..\RunServices: [WINGD32.EXE] C:\WINDOWS\WINGD32.EXE
O4 - HKLM\..\RunServices: [APPIA.EXE] C:\WINDOWS\SYSTEM\APPIA.EXE
O4 - HKLM\..\RunServices: [SDKLE.EXE] C:\WINDOWS\SYSTEM\SDKLE.EXE
O4 - HKLM\..\RunServices: [WINBW.EXE] C:\WINDOWS\WINBW.EXE
O4 - HKLM\..\RunServices: [APPLV.EXE] C:\WINDOWS\APPLV.EXE
O4 - HKLM\..\RunServices: [NETQX.EXE] C:\WINDOWS\NETQX.EXE
O4 - HKLM\..\RunServices: [WINRO.EXE] C:\WINDOWS\SYSTEM\WINRO.EXE
O4 - HKLM\..\RunServices: [SDKXU.EXE] C:\WINDOWS\SYSTEM\SDKXU.EXE
O4 - HKLM\..\RunServices: [SDKOX.EXE] C:\WINDOWS\SYSTEM\SDKOX.EXE
O4 - HKLM\..\RunServices: [SDKOE.EXE] C:\WINDOWS\SYSTEM\SDKOE.EXE
O4 - HKLM\..\RunServices: [NTLS32.EXE] C:\WINDOWS\NTLS32.EXE
O4 - HKLM\..\RunServices: [MSCX32.EXE] C:\WINDOWS\SYSTEM\MSCX32.EXE
O4 - HKLM\..\RunServices: [NETLB32.EXE] C:\WINDOWS\NETLB32.EXE
O4 - HKLM\..\RunServices: [D3MH.EXE] C:\WINDOWS\SYSTEM\D3MH.EXE
O4 - HKLM\..\RunServices: [JAVAYG32.EXE] C:\WINDOWS\JAVAYG32.EXE
O4 - HKLM\..\RunServices: [APPVZ32.EXE] C:\WINDOWS\APPVZ32.EXE
O4 - HKLM\..\RunServices: [CRUD32.EXE] C:\WINDOWS\CRUD32.EXE
O4 - HKLM\..\RunServices: [MSLX32.EXE] C:\WINDOWS\MSLX32.EXE
O4 - HKLM\..\RunServices: [NETBJ32.EXE] C:\WINDOWS\SYSTEM\NETBJ32.EXE
O4 - HKLM\..\RunServices: [IPJV32.EXE] C:\WINDOWS\IPJV32.EXE
O4 - HKLM\..\RunServices: [JAVAHQ.EXE] C:\WINDOWS\JAVAHQ.EXE
O4 - HKLM\..\RunServices: [NETQP32.EXE] C:\WINDOWS\NETQP32.EXE
O4 - HKLM\..\RunServices: [SDKND32.EXE] C:\WINDOWS\SDKND32.EXE
O4 - HKLM\..\RunServices: [D3FU32.EXE] C:\WINDOWS\SYSTEM\D3FU32.EXE
O4 - HKLM\..\RunServices: [JAVAJE32.EXE] C:\WINDOWS\JAVAJE32.EXE
O4 - HKLM\..\RunServices: [JAVASK.EXE] C:\WINDOWS\JAVASK.EXE
O4 - HKLM\..\RunServices: [D3PQ32.EXE] C:\WINDOWS\SYSTEM\D3PQ32.EXE
O4 - HKLM\..\RunServices: [SDKDC32.EXE] C:\WINDOWS\SDKDC32.EXE
O4 - HKLM\..\RunServices: [NTOK32.EXE] C:\WINDOWS\SYSTEM\NTOK32.EXE
O4 - HKLM\..\RunServices: [CRAG.EXE] C:\WINDOWS\CRAG.EXE
O4 - HKLM\..\RunServices: [APPSI.EXE] C:\WINDOWS\APPSI.EXE
O4 - HKLM\..\RunServices: [NETTR32.EXE] C:\WINDOWS\SYSTEM\NETTR32.EXE
O4 - HKLM\..\RunServices: [MFCKQ.EXE] C:\WINDOWS\MFCKQ.EXE
O4 - HKLM\..\RunServices: [NETWM.EXE] C:\WINDOWS\NETWM.EXE
O4 - HKLM\..\RunServices: [JAVAGS.EXE] C:\WINDOWS\SYSTEM\JAVAGS.EXE
O4 - HKLM\..\RunServices: [JAVAUZ32.EXE] C:\WINDOWS\JAVAUZ32.EXE
O4 - HKLM\..\RunServices: [NETUQ.EXE] C:\WINDOWS\NETUQ.EXE
O4 - HKLM\..\RunServices: [SDKVB.EXE] C:\WINDOWS\SYSTEM\SDKVB.EXE
O4 - HKLM\..\RunServices: [NTSP32.EXE] C:\WINDOWS\NTSP32.EXE
O4 - HKLM\..\RunServices: [SYSYI32.EXE] C:\WINDOWS\SYSYI32.EXE
O4 - HKLM\..\RunServices: [CRXT.EXE] C:\WINDOWS\SYSTEM\CRXT.EXE
O4 - HKLM\..\RunServices: [APPYN.EXE] C:\WINDOWS\APPYN.EXE
O4 - HKLM\..\RunServices: [D3UO32.EXE] C:\WINDOWS\SYSTEM\D3UO32.EXE
O4 - HKLM\..\RunServices: [SDKJF.EXE] C:\WINDOWS\SYSTEM\SDKJF.EXE
O4 - HKLM\..\RunServices: [SYSST32.EXE] C:\WINDOWS\SYSTEM\SYSST32.EXE
O4 - HKLM\..\RunServices: [MSIC32.EXE] C:\WINDOWS\MSIC32.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Lkao] C:\WINDOWS\SYSTEM\tqiidd.exe
O4 - Startup: KYESCAN.lnk = C:\ARQUIV~1\SCANNERU\KYESCAN.EXE
O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Smart Sweep-Internet Sweep do CleanSweep.lnk = C:\Arquivos de programas\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: PowerReg SchedulerV2.exe
O8 - Extra context menu item: &Google Search - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O12 - Plugin for .spop: C:\ARQUIV~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mpeg: C:\ARQUIV~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1025435.exe
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://xxxtrayicon.com/xtrayinst.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
0
This discussion has been closed.
Comments
http://www.atribune.org/downloads/AboutBuster.zip