Logfile of HijackThis v1.99.1
Scan saved at 23:08:52, on 05–02–24
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMSPOOL32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMMSTASK.EXE
C:PROGRAM FILESCOMMON FILESWINTOOLSWTOOLSA.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSEXPLORER.EXE
C:WINDOWSSYSTEMINTERNAT.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:PROGRAM FILESA4TECHMOUSEAMOUMAIN.EXE
C:PROGRAM FILESNETROPAMULTIMEDIA KEYBOARDMMKEYBD.EXE
C:PROGRAM FILESHEWLETT–PACKARDHP SOFTWARE UPDATEHPWUSCHD.EXE
C:PROGRAM FILESHPHPCORETECHHPCMPMGR.EXE
C:PROGRAM FILESNETROPAMULTIMEDIA KEYBOARDTRAYMON.EXE
C:WINDOWSSYSTEMHPZTSB09.EXE
C:PROGRAM FILESNETROPAONSCREEN DISPLAYOSD.EXE
C:PROGRAM FILESHEWLETT–PACKARDDIGITAL IMAGINGBINHPOTDD01.EXE
C:PROGRAM FILESWEBHANCERPROGRAMSWHSURVEY.EXE
C:PROGRAM FILESEDONKEY2000EDONKEY2000.EXE
C:WINDOWSRUNDLL32.EXE
C:PROGRAM FILESMYWEBSEARCHBAR1.BINMWSOEMON.EXE
C:PROGRAM FILESWEBHANCERPROGRAMSWHAGENT.EXE
C:PROGRAM FILESPREVIEW ADSERVICEPREVADSERV.EXE
C:WINDOWSSYSTEMSYSTIME.EXE
C:PROGRAM FILESNORTON ANTIVIRUSNAVAPW32.EXE
C:PROGRAM FILESPREVIEW ADSERVICEPREVADKEEP.EXE
C:PROGRAM FILESINTERNET OPTIMIZEROPTIMIZE.EXE
C:TEMPSALM.EXE
C:WINDOWSSYSTEMAP9H4QMO.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:PROGRAM FILESTLEN.PLTLEN.EXE
C:PROGRAM FILESSKYPEPHONESKYPE.EXE
C:PROGRAM FILESPLANETWL–8303RTLWAKE.EXE
C:PROGRAM FILESGADU–GADUGG.EXE
C:WINDOWSSYSTEMRNAAPP.EXE
C:WINDOWSSYSTEMTAPISRV.EXE
C:PROGRAM FILESMICROSOFT OFFICEOFFICEWINWORD.EXE
C:PROGRAM FILESWINZIPWINZIP32.EXE
C:WINDOWSTEMPHIJACKTHIS.EXE

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50193
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 – URLSearchHook: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – C:PROGRA~1COMMON~1WINTOOLSWTOOLSB.DLL
O1 – Hosts: 127.0.0.3 www.greg–tut.com
O1 – Hosts: 127.0.0.3 nylonsexy.com
O1 – Hosts: 127.0.0.3 www.nylonsexy.com
O1 – Hosts: 127.0.0.3 vparivalka.com
O1 – Hosts: 127.0.0.3 www.vparivalka.comtoescrowpay.com
O1 – Hosts: 127.0.0.3 www.awmdabest.com
O1 – Hosts: 127.0.0.3 www.sexfiles.nu
O1 – Hosts: 127.0.0.3 awmdabest.com
O1 – Hosts: 127.0.0.3 sexfiles.nu
O1 – Hosts: 127.0.0.3 allforadult.com
O1 – Hosts: 127.0.0.3 www.allforadult.com
O1 – Hosts: 127.0.0.3 www.iframe.biz
O1 – Hosts: 127.0.0.3 iframe.biz
O1 – Hosts: 127.0.0.3 www.newiframe.biz
O1 – Hosts: 127.0.0.3 newiframe.biz
O1 – Hosts: 127.0.0.3 www.vesbiz.biz
O1 – Hosts: 127.0.0.3 vesbiz.biz
O1 – Hosts: 127.0.0.3 www.pizdato.biz
O1 – Hosts: 127.0.0.3 pizdato.biz
O1 – Hosts: 127.0.0.3 www.aaasexypics.com
O1 – Hosts: 127.0.0.3 aaasexypics.com
O1 – Hosts: 127.0.0.3 www.virgin–tgp.net
O1 – Hosts: 127.0.0.3 virgin–tgp.net
O1 – Hosts: 127.0.0.3 www.awmcash.biz
O1 – Hosts: 127.0.0.3 awmcash.biz
O1 – Hosts: 127.0.0.3 buldog–stats.com
O1 – Hosts: 127.0.0.3 www.buldog–stats.com
O1 – Hosts: 127.0.0.3 fregat.drocherway.com
O1 – Hosts: 127.0.0.3 slutmania.biz
O1 – Hosts: 127.0.0.3 www.slutmania.biz
O1 – Hosts: 127.0.0.3 toolbarpartner.com
O1 – Hosts: 127.0.0.3 www.toolbarpartner.com
O1 – Hosts: 127.0.0.3 www.megapornix.com
O1 – Hosts: 127.0.0.3 megapornix.com
O1 – Hosts: 127.0.0.3 www.sp2fucked.biz
O1 – Hosts: 127.0.0.3 sp2fucked.biz
O1 – Hosts: 127.0.0.3 greg–tut.com
O1 – Hosts: http://213.159.117.203/dkprogs/hosts.txt
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:PROGRAM FILESADOBEACROBAT 5.0READERACTIVEXACROIEHELPER.OCX (file missing)
O2 – BHO: WhIeHelperObj Class – {c900b400–cdfe–11d3–976a–00e02913a9e0} – C:PROGRAM FILESWEBHANCERPROGRAMSWHIEHLPR.DLL
O2 – BHO: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – C:PROGRA~1COMMON~1WINTOOLSWTOOLSB.DLL
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:Program FilesNewDotNet ewdotnet6_38.dll
O2 – BHO: mwsBar BHO – {07B18EA1–A523–4961–B6BB–170DE4475CCA} – C:PROGRAM FILESMYWEBSEARCHBAR1.BINMWSBAR.DLL
O2 – BHO: MyWebSearch Search Assistant BHO – {00A6FAF1–072E–44cf–8957–5838F569A31D} – C:PROGRAM FILESMYWEBSEARCHSRCHASTT1.BINMWSSRCAS.DLL
O2 – BHO: (no name) – {B72F75B8–93F3–429D–B13E–660B206D897A} – C:WINDOWSSYSTEMporynt.dll
O2 – BHO: (no name) – {0F9561D0–03B2–44a3–89A6–E95E417CBA25} – C:WINDOWSCERBMOD.DLL
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton AntiVirusNavShExt.dll
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWSNEM220.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSYSTEMMSDXM.OCX
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [internat.exe] internat.exe
O4 – HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 – HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [Zasobnik systemowy] SysTray.Exe
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TECHMOUSEAMOUMAIN.EXE
O4 – HKLM..Run: [MULTIMEDIA KEYBOARD] C:Program FilesNetropaMultimedia KeyboardMMKeybd.exe
O4 – HKLM..Run: [HP Software Update] "C:Program FilesHewlett–PackardHP Software UpdateHPWuSchd.exe"
O4 – HKLM..Run: [HP Component Manager] "C:PROGRAM FILESHPHPCORETECHHPCMPMGR.EXE"
O4 – HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSYSTEMhpztsb09.exe
O4 – HKLM..Run: [DeviceDiscovery] C:Program FilesHewlett–PackardDigital Imaginginhpotdd01.exe
O4 – HKLM..Run: [PlaylistNation] C:PROGRAM FILESPLAYLISTNATIONPlaylistnation.exe /autostart
O4 – HKLM..Run: [webHancer Survey Companion] "C:Program FileswebHancerProgramswhSurvey.exe"
O4 – HKLM..Run: [eDonkey2000] "C:PROGRAM FILESEDONKEY2000EDONKEY2000.EXE" –t
O4 – HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~2.DLL,NewDotNetStartup –s
O4 – HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1BAR1.BINMWSOEMON.EXE
O4 – HKLM..Run: [webHancer Agent] "C:Program FileswebHancerProgramswhAgent.exe"
O4 – HKLM..Run: [Preview AdService] C:PROGRAM FILESPREVIEW ADSERVICEPREVADSERV.EXE
O4 – HKLM..Run: [SysTime] C:WINDOWSSYSTEMsystime.exe
O4 – HKLM..Run: [NAV Agent] C:PROGRA~1NORTON~1NAVAPW32.EXE
O4 – HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMON.EXE
O4 – HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 – HKLM..Run: [salm] c: empsalm.exe
O4 – HKLM..Run: [ap9h4qmo] C:WINDOWSSYSTEMap9h4qmo.exe
O4 – HKLM..Run: [abasa5jrp] C:WINDOWSSYSTEMabasa5jrp.exe
O4 – HKLM..Run: [dmxadgv] C:WINDOWSdmxadgv.exe
O4 – HKLM..Run: [WinTools] C:PROGRA~1COMMON~1WINTOOLSWTOOLSA.EXE
O4 – HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..RunServices: [SchedulingAgent] mstask.exe
O4 – HKLM..RunServices: [WinTools] C:PROGRA~1COMMON~1WINTOOLSWTOOLSA.EXE
O4 – HKLM..RunServices: [ScriptBlocking] "C:Program FilesCommon FilesSymantec SharedScript BlockingSBServ.exe" –reg
O4 – HKLM..RunServicesOnce: [WinTools] C:PROGRA~1COMMON~1WINTOOLSWTOOLSA.EXE /boot
O4 – HKCU..Run: [Komunikator] C:PROGRAM FILESTLEN.PLTLEN.EXE
O4 – HKCU..Run: [Gadu–Gadu] "C:PROGRAM FILESGADU–GADUGG.EXE" /tray
O4 – HKCU..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1BAR1.BINMWSOEMON.EXE
O4 – HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 – Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 – Startup: PLANET WL–8303.lnk = C:Program FilesPLANETWL–8303RtlWake.exe
O4 – Startup: XChat.lnk = C:Program Filesxchatxchat.exe
O4 – Startup: MyWebSearch Email Plugin.lnk = C:Program FilesMyWebSearchar1.binMWSOEMON.EXE
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZNxmk044YYPL
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by WebHancer
O12 – Plugin for .spop: C:PROGRA~1INTERN~1PluginsNPDocBox.dll
O12 – Plugin for .pca: C:PROGRA~1INTERN~1PLUGINS ppcaplg.dll
O12 – Plugin for .mp3: C:PROGRA~1INTERN~1PLUGINS pqtplugin3.dll
O12 – Plugin for .mov: C:PROGRA~1INTERN~1PLUGINS pqtplugin.dll
O12 – Plugin for .mpg: C:PROGRA~1INTERN~1PLUGINS pqtplugin3.dll
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O16 – DPF: RaptisoftGameLoader – http://www.raptisoft.com/webgames/raptisoftgameloader.cab
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei–2/SmileyCentralFWBInitialSetup1.0.0.8–2.cab
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge–c282.cab
O17 – HKLMSystemCCSServicesVxDMSTCP: Domain = a
O17 – HKLMSystemCCSServicesVxDMSTCP: NameServer = 192.168.54.1
O18 – Filter: text/html – {B72F75B8–93F3–429D–B13E–660B206D897A} – C:WINDOWSSYSTEMporynt.dll
O18 – Filter: text/plain – {B72F75B8–93F3–429D–B13E–660B206D897A} – C:WINDOWSSYSTEMporynt.dll