I hope somebody can help me! I detected several trojans on my computer yesterday, from a stupid mp3 site. One of them was winfavs (Winfavorites.exe), the other mscache, and I think there was one more which the scan doesn't pick up anymore. That stupid lop toolbar also was installed, but I removed it. I think I managed to remove all traces of the trojans manually, but now, whenever I start Internet explorer, it takes ages to connect to my homepage, up to a minute. also, it crashes quite frequently. WHY? Housecall does not pick anything up anymore. I really thought I had finally got rid of those filthy trojans! :-( Any ideas? I really appreciate it!

Logfile of HijackThis v1.97.7 Scan saved at 23:39:50, on 15/12/2003 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\DRIVERS\CDANTSRV.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINNT\System32\svchost.exe C:\Program Files\NavNT\rtvscan.exe C:\WINNT\System32\nvsvc32.exe C:\Softimage\XSI_2.0.1\Application\bin\ray3xsi2_0server.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\MsgSys.exe C:\WINNT\Explorer.exe D:\nero\INCD\InCD.exe C:\Program Files\NavNT\vptray.exe C:\WINNT\system32\internat.exe D:\Program Files\CoffeeCup Software\Spam Blocker\SpamBlocker.exe C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.exe C:\Program Files\CConnect\CConnect.exe C:\Program Files\WinZip\WZQKPICK.exe C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe C:\Program Files\ScanPanel\ScnPanel.exe C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\NavNT\VPC32.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Agaimwonyi\Local Settings\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/broadband/broadband.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ntlworld.com/broadband/broadband.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/broadband/broadband.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com O2 - BHO: (no name) - {5DFB4634-5160-DD27-CD9D-A2CE7A6A38B4} - C:\WINNT\system32\obwuogaw.dll O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file) O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll O2 - BHO: (no name) - {BA29EC56-DA40-F8CD-F0BD-5AE8AF0ECAF7} - C:\WINNT\system32\cxsqolte.dll O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\bin2\apuc.dll (file missing) O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [InCD] D:\nero\INCD\InCD.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [CoffeeCup Spam Blocker] "D:\Program Files\CoffeeCup Software\Spam Blocker\SpamBlocker.exe" -min O4 - Startup: ePrompter.lnk = D:\Program Files\ePrompter\ePrompter.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.exe O4 - Global Startup: ScanPanel.lnk = C:\Program Files\ScanPanel\ScnPanel.exe O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: ATI TV (HKLM) O9 - Extra button: FlashGet (HKLM) O9 - Extra 'Tools' menuitem: &FlashGet (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab O16 - DPF: {226906C8-B910-11D3-82A3-0000F81A655B} (Mbayactx Control) - http://www.messagebay.com/plugins/mbayactx.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = c26973.tjdo.com O17 - HKLM\System\CCS\Services\Tcpip\..\{827C6DB4-963C-43DD-BE6F-7A368F810D01}: Domain = c26973.tjdo.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = c26973.tjdo.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = c26973.tjdo.com

Hi Judith, Run HijackThis again and place a check in the box next to the following items. Doublecheck so as to be sure not to miss one. Next, close all browser Windows, and have HT 'fix checked'. You Must restart your computer when you're done. R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com O2 - BHO: (no name) - {5DFB4634-5160-DD27-CD9D-A2CE7A6A38B4} - C:\WINNT\system32\obwuogaw.dll O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file) O2 - BHO: (no name) - {BA29EC56-DA40-F8CD-F0BD-5AE8AF0ECAF7} - C:\WINNT\system32\cxsqolte.dll O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\bin2\apuc.dll (file missing) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = c26973.tjdo.com O17 - HKLM\System\CCS\Services\Tcpip\..\{827C6DB4-963C-43DD-BE6F-7A368F810D01}: Domain = c26973.tjdo.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = c26973.tjdo.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = c26973.tjdo.com

Thank you, Tom. I have done what you suggested, however the problem still persists. :-( This is my hijack log now: Logfile of HijackThis v1.97.7 Scan saved at 10:21:03, on 16/12/2003 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\DRIVERS\CDANTSRV.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINNT\System32\svchost.exe C:\Program Files\NavNT\rtvscan.exe C:\WINNT\System32\nvsvc32.exe C:\Softimage\XSI_2.0.1\Application\bin\ray3xsi2_0server.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\MsgSys.exe C:\WINNT\Explorer.exe D:\nero\INCD\InCD.exe C:\Program Files\NavNT\vptray.exe C:\WINNT\system32\internat.exe D:\Program Files\CoffeeCup Software\Spam Blocker\SpamBlocker.exe C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.exe C:\Program Files\CConnect\CConnect.exe C:\Program Files\WinZip\WZQKPICK.exe C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe C:\Program Files\ScanPanel\ScnPanel.exe D:\Program Files\ePrompter\ePrompter.exe C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe C:\Program Files\Internet Explorer\IEXPLORE.exe C:\Program Files\Microsoft Office\Office\WINWORD.exe C:\WINNT\msagent\AgentSvr.exe D:\My Documents\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/broadband/broadband.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ntlworld.com/broadband/broadband.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/broadband/broadband.htm O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [InCD] D:\nero\INCD\InCD.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [CoffeeCup Spam Blocker] "D:\Program Files\CoffeeCup Software\Spam Blocker\SpamBlocker.exe" -min O4 - Startup: ePrompter.lnk = D:\Program Files\ePrompter\ePrompter.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.exe O4 - Global Startup: ScanPanel.lnk = C:\Program Files\ScanPanel\ScnPanel.exe O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: ATI TV (HKLM) O9 - Extra button: FlashGet (HKLM) O9 - Extra 'Tools' menuitem: &FlashGet (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab O16 - DPF: {226906C8-B910-11D3-82A3-0000F81A655B} (Mbayactx Control) - http://www.messagebay.com/plugins/mbayactx.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab It's really annoying because I don't know what is wrong!

I have even updated spybot and run it, and it found loads of spyware including n-case and bargain buddy, which I all removed. I even let spybot run at startup, where it detected cdilla, but I was afraid to remove that, because I don't know if I should? The Internet explorer still takes a minute to find my homepage.