Hello folks,
As noted in an an earlier thread, my computer also makes connection to a non existing aaawebsearch site, shows unwanted links in the favorites and makes connection to obscure sites every 10 minutes or so.

As recomended in the forementioned earlier thread, i deleted the cookies and temp files, did the updated adaware and spybot check. Problems deleted. Then hijackthis. This is the log found. Would you be so kind to have a look?
thank you a lot.

Logfile of HijackThis v1.99.0
Scan saved at 22:44:11, on 14-2-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\eDonkey2000\eDonkey2000.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe
C:\WINDOWS\system32\dvapmonsr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\wuclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aaawebsearch.com/?a=2&b=xAj
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://aaawebsearch.com/?a=2&b=xAj
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://aaawebsearch.com/?a=2&b=xAj
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://aaawebsearch.com/?a=2&b=xAj
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aaawebsearch.com/?b=xyz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://aaawebsearch.com/?a=2&b=xAj
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://aaawebsearch.com/?a=2&b=xAj
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://aaawebsearch.com/?a=2&b=xAj
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://aaawebsearch.com/?a=2&b=xAj
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://aaawebsearch.com/?a=2&b=xAj
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://aaawebsearch.com/?a=2&b=xAj
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.student.ru.nl/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
O4 - HKLM\..\Run: [A6350463] C:\WINDOWS\system32\dvapmonsr.exe
O4 - HKLM\..\Run: [DA0EE0EE] C:\WINDOWS\system32\sasnde.exe
O4 - HKLM\..\Run: [0085B9CE] C:\WINDOWS\system32\vcs1_0.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Tard] C:\Documents and Settings\anke\Application Data\awer.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [A6350463] C:\WINDOWS\system32\dvapmonsr.exe
O4 - HKCU\..\Run: [DA0EE0EE] C:\WINDOWS\system32\sasnde.exe
O4 - HKCU\..\Run: [0085B9CE] C:\WINDOWS\system32\vcs1_0.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://*.093qpeuqpmz6ebfa.com
O15 - Trusted Zone: http://*.0texkax7c6hzuidk.com
O15 - Trusted Zone: http://*.69sexsearch.com
O15 - Trusted Zone: http://*.afendis.de
O15 - Trusted Zone: http://*.rapid-pass.net
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\pghfpuxl.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107028419626
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O18 - Filter: text/html - {4755AF3B-9191-4361-AD9F-AB13FC034646} - C:\Documents and Settings\anke\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Lots of strange stuff on here. Cant guarantee anything here. If stuff continues to reload you will have to bring it to someone who can actually look at it. Theres just so much we can try online. But we can give it a try. Maybe it will clean up :eww


Reboot To Safe Mode (tap F8 on Startup)

Delete this file

C:\WINDOWS\system32\dvapmonsr.exe

Still In Safe Mode Place a check next to each of these and click Fix Checked.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aaawebsearch.com/?a=2&b=xAj
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://aaawebsearch.com/?a=2&b=xAj
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://aaawebsearch.com/?a=2&b=xAj
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://aaawebsearch.com/?a=2&b=xAj
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aaawebsearch.com/?b=xyz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://aaawebsearch.com/?a=2&b=xAj
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://aaawebsearch.com/?a=2&b=xAj
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://aaawebsearch.com/?a=2&b=xAj
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://aaawebsearch.com/?a=2&b=xAj
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://aaawebsearch.com/?a=2&b=xAj
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://aaawebsearch.com/?a=2&b=xAj
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [A6350463] C:\WINDOWS\system32\dvapmonsr.exe
O4 - HKLM\..\Run: [DA0EE0EE] C:\WINDOWS\system32\sasnde.exe
O4 - HKLM\..\Run: [0085B9CE] C:\WINDOWS\system32\vcs1_0.exe
O4 - HKCU\..\Run: [Tard] C:\Documents and Settings\anke\Application Data\awer.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [A6350463] C:\WINDOWS\system32\dvapmonsr.exe
O4 - HKCU\..\Run: [DA0EE0EE] C:\WINDOWS\system32\sasnde.exe
O4 - HKCU\..\Run: [0085B9CE] C:\WINDOWS\system32\vcs1_0.exe
O15 - Trusted Zone: http://*.093qpeuqpmz6ebfa.com
O15 - Trusted Zone: http://*.0texkax7c6hzuidk.com
O15 - Trusted Zone: http://*.69sexsearch.com
O15 - Trusted Zone: http://*.afendis.de
O15 - Trusted Zone: http://*.rapid-pass.net
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\pghfpuxl.exe
O18 - Filter: text/html - {4755AF3B-9191-4361-AD9F-AB13FC034646} - C:\Documents and Settings\anke\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat

Still In Safe Mode Delete all Temporary Internet Files, Cookies, Run AdAware and Spybot,delete what they find , Empty recycle bin.

Cant guarantee anything here. If stuff continues to reload you will have to bring it to someone who can actually look at it. Theres just so much we can try online. But we can give it a try. Maybe it will clean up

:cheers nightowl,

I followed your directions, and none of the `p.i.t.a` sites nor links re-entered the computer!
So thanks a lot for your advise.

greetz

engelschman

Post a new log, I want to make sure its clean.........Jim

Hi Jim,

here`s what hijackthis finds:

Logfile of HijackThis v1.99.0
Scan saved at 19:30:46, on 16-2-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\eDonkey2000\eDonkey2000.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.student.ru.nl/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107028419626
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Download SpywareBlaster for prevention Here is the link........Jim

http://www.javacoolsoftware.com/spywareblaster.html