Lots Of Popups

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

digbykeogh

Thread Starter
Joined
Sep 30, 2003
Messages
2
Here's my hijack this log. Can someone please tell me what I've got to do to get rid of all the popups.

Thanks muchly


Logfile of HijackThis v1.97.2
Scan saved at 9:36:24 PM, on 9/30/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\PNLT32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\LTMSG.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\AHQ\CTMIX32.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\TOTEM SHARED\UNINSTALL0001\UPD.EXE
C:\WINDOWS\SYSTEM\MSREXE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PALM\HOTSYNC.EXE
C:\PROGRAM FILES\BELKIN\BELKIN WIRELESS USB ADAPTER MANAGER\WLANMONITOR.EXE
C:\WINDOWS\START MENU\PROGRAMS\STARTUP\WINSERVS.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\KAP.GMT\KAPLAN HIGHER SCORE GMAT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.hotsearchbox.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-search.com/srchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie-search.com/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie-search.com/home.html
O1 - Hosts: 66.159.20.52 bizshura.com
O1 - Hosts: 66.159.20.52 boyanxxx.com
O1 - Hosts: 66.159.20.52 cleanadulthost.com
O1 - Hosts: 66.159.20.52 chubbyland.com
O1 - Hosts: 66.159.20.52 ethniccash.com
O1 - Hosts: 66.159.20.52 filth-hostz.com
O1 - Hosts: 66.159.20.52 fistbang.net
O1 - Hosts: 66.159.20.52 huge-****-big-****.com
O1 - Hosts: 66.159.20.52 hyperfree.com
O1 - Hosts: 66.159.20.52 fvotd.com
O1 - Hosts: 66.159.20.52 ghostgalleries.com
O1 - Hosts: 66.159.20.52 hjemmesex.dk
O1 - Hosts: 66.159.20.52 link.siccash.com
O1 - Hosts: 66.159.20.52 inaughty.com
O1 - Hosts: 66.159.20.52 lady-love.com
O1 - Hosts: 66.159.20.52 liquidservers.com
O1 - Hosts: 66.159.20.52 newsexmovies.com
O1 - Hosts: 66.159.20.52 nohiddenfaces.com
O1 - Hosts: 66.159.20.52 only10s.com
O1 - Hosts: 66.159.20.52 qualitysexvideo.com
O1 - Hosts: 66.159.20.52 snusksidan.com
O1 - Hosts: 66.159.20.52 pinkcenterfold.com
O1 - Hosts: 66.159.20.52 porn-movies-quality.com
O1 - Hosts: 66.159.20.52 pornwarp.com
O1 - Hosts: 66.159.20.52 pwgalleries.com
O1 - Hosts: 66.159.20.52 sex.com
O1 - Hosts: 66.159.20.52 voyeurarena.com
O1 - Hosts: 66.159.20.52 wildcouple.net
O1 - Hosts: 66.159.20.52 xfusioncash.com
O1 - Hosts: 66.159.20.52 xxxcomfort.com
O1 - Hosts: 66.159.20.52 yabyab.com
O1 - Hosts: 66.159.20.52 biggestdickinporn.samplehosting.com
O1 - Hosts: 66.159.20.52 blackbootycam.samplehosting.com
O1 - Hosts: 66.159.20.52 samplehosting.com
O1 - Hosts: 66.159.20.52 galleries.18blowjobs.com
O1 - Hosts: 66.159.20.52 galleries.bigtitsroundasses.com
O1 - Hosts: 66.159.20.52 galleries.bikinivoyeur.com
O1 - Hosts: 66.159.20.52 galleries.blacksonblondes.com
O1 - Hosts: 66.159.20.52 galleries.easydrunkgirls.com
O1 - Hosts: 66.159.20.52 galleries.markscash.com
O1 - Hosts: 66.159.20.52 galleries.milfwhore.com
O1 - Hosts: 66.159.20.52 galleries.springbreakspycam.com
O1 - Hosts: 66.159.20.52 galleries.sweetmoney.com
O1 - Hosts: 66.159.20.52 www.hot3movie.com
O1 - Hosts: 66.159.20.52 www.hot-adult-clips.com
O1 - Hosts: 66.159.20.52 www.hottestbabes.net
O1 - Hosts: 66.159.20.52 www.huge-****-big-****.com
O1 - Hosts: 66.159.20.52 www.hyperfree.com
O1 - Hosts: 66.159.20.52 www.inaughty.com
O1 - Hosts: 66.159.20.52 www.lady-love.com
O1 - Hosts: 66.159.20.52 www.liquidservers.com
O1 - Hosts: 66.159.20.52 www.newsexmovies.com
O1 - Hosts: 66.159.20.52 www.nohiddenfaces.com
O1 - Hosts: 66.159.20.52 www.only10s.com
O1 - Hosts: 66.159.20.52 www.pinkcenterfold.com
O1 - Hosts: 66.159.20.52 www.porn-movies-quality.com
O1 - Hosts: 66.159.20.52 www.pornwarp.com
O1 - Hosts: 66.159.20.52 www.pwgalleries.com
O1 - Hosts: 66.159.20.52 www.savagesonblondes.com
O1 - Hosts: 66.159.20.52 www.sex-smoke.com
O1 - Hosts: 66.159.20.52 www.sex-toy-teen-gallery.com
O1 - Hosts: 66.159.20.52 www.sicfreehost.com
O1 - Hosts: 66.159.20.52 www.simplycute.com
O1 - Hosts: 66.159.20.52 www.skilfulhands.tv
O1 - Hosts: 66.159.20.52 www.sleazydream.com
O1 - Hosts: 66.159.20.52 www.sluttyteenporn.com
O1 - Hosts: 66.159.20.52 www.smutfun.com
O1 - Hosts: 66.159.20.52 www.smuthosts.com
O1 - Hosts: 66.159.20.52 www.stripcountry.com
O1 - Hosts: 66.159.20.52 www.sweetcams.net
O1 - Hosts: 66.159.20.52 www.teensample.com
O1 - Hosts: 66.159.20.52 www.teens-free-pics.com
O1 - Hosts: 66.159.20.52 www.terra.es
O1 - Hosts: 66.159.20.52 www.tgp-mpegs.com
O1 - Hosts: 66.159.20.52 www.tgpprofessional.com
O1 - Hosts: 66.159.20.52 www.theministryofporn.com
O1 - Hosts: 66.159.20.52 www.thetruevoyeur.com
O1 - Hosts: 66.159.20.52 www.toptgphost.com
O1 - Hosts: 66.159.20.52 www.ultra-babes.com
O1 - Hosts: 66.159.20.52 www.ultra-skin.com
O1 - Hosts: 66.159.20.52 www.ultrawiredsex.com
O1 - Hosts: 66.159.20.52 www.upskirt-teen-pics.com
O1 - Hosts: 66.159.20.52 www.warriorrun.com
O1 - Hosts: 66.159.20.52 www.watchersweb.net
O1 - Hosts: 66.159.20.52 www.whoisbetteratsex.com
O1 - Hosts: 66.159.20.52 www.worldxxxhost.com
O1 - Hosts: 66.159.20.52 www.xxxvideohost.com
O1 - Hosts: 66.159.20.52 www.zpornstars.com
O1 - Hosts: 66.159.20.52 www1.3wisp.com
O1 - Hosts: 66.159.20.52 www1.sexls.com
O1 - Hosts: 66.159.20.52 www1.toptgphost.com
O1 - Hosts: 66.159.20.52 www2.3wisp.com
O1 - Hosts: 66.159.20.52 www2.toptgphost.com
O1 - Hosts: 66.159.20.52 www2.zpornstars.com
O1 - Hosts: 66.159.20.52 www3.zpornstars.com
O1 - Hosts: 66.159.20.52 www4.zpornstars.com
O1 - Hosts: 66.159.20.52 xxxvideohost.com
O1 - Hosts: 66.159.20.52 zpornstars.com
O1 - Hosts: 66.159.20.52 adult-cinema.org
O1 - Hosts: 66.159.20.52 adultlinks1.com
O1 - Hosts: 66.159.20.52 adultmegamovies.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: SurfBHO - {5998B08E-CFAC-11D5-822A-0050048E6E38} - C:\WINDOWS\SURFPLUGIN.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
O3 - Toolbar: (no name) - {82599E0A-8C81-11d7-9F97-0050FC5441CB} - C:\WINDOWS\SYSTEM\shdocvw.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Sharedll\AHQ\CTMIX32.EXE /t
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [PWLICLM] PNLT32.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [od-teen1] c:\program files\Webdialer\od-teen1.exe -m
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: USB Manager.lnk = C:\Program Files\Belkin\Belkin Wireless USB Adapter Manager\WlanMonitor.exe
O4 - Startup: WINSERVS.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37607.762650463
 
Joined
Dec 9, 2000
Messages
45,855
Well you've got a good collection of hijacks and trojan files there.

For starters put checks in the following HijackThis scanlog boxes, close all browser windows and click "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.hotsearchbox.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-search.com/srchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie-search.com/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie-search.com/home.html

>ALL the 01 entries

O2 - BHO: SurfBHO - {5998B08E-CFAC-11D5-822A-0050048E6E38} - C:\WINDOWS\SURFPLUGIN.DLL

O3 - Toolbar: (no name) - {82599E0A-8C81-11d7-9F97-0050FC5441CB} - C:\WINDOWS\SYSTEM\shdocvw.dll

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE

O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

O4 - HKLM\..\RunServices: [PWLICLM] PNLT32.EXE

O4 - HKCU\..\Run: [od-teen1] c:\program files\Webdialer\od-teen1.exe -m

O4 - Startup: WINSERVS.EXE
^^ this will likely have to be MANUALLY deleted from the Startup folder in the Start> programs menu.

On rebooting also delete:

C:\WINDOWS\SYSTEM\MSREXE.EXE

Part B of this cleaning is to install, UPDATE, and run Spybot, following directions here:

http://tomcoyote.org/SPYBOT/index1.html

After updating Spybot, having it check for problems, and fix all selected. Reboot and post another Scanlog.
 

digbykeogh

Thread Starter
Joined
Sep 30, 2003
Messages
2
This is what's in my registry. Can someone advise what I should get rid of to get lose all the popups?

Thx


Logfile of HijackThis v1.97.2
Scan saved at 3:32:21 PM, on 10/19/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\LTMSG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\AHQ\CTMIX32.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\PROGRAM FILES\CLEARSEARCH\LOADER.EXE
C:\PROGRAM FILES\MEDIA\MEDIA\UPDATESTATS.EXE
C:\PROGRAM FILES\DOWNLOADWARE\DW.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\UPTODATE.EXE
C:\PROGRAM FILES\KFH\CL\LAUNCHER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\APPLICATION DATA\RRAI.EXE
C:\WINDOWS\SYSTEM\WINSERVN.EXE
C:\PROGRAM FILES\CLOCKSYNC\SYNC.EXE
C:\PROGRAM FILES\EZULA\MMOD.EXE
C:\PROGRAM FILES\ALSET\HELPEXPRESS\DEFAULT\HXIUL.EXE
C:\PROGRAM FILES\ALSET\HELPEXPRESS\DEFAULT\CLIENT\HELPEXP.EXE
C:\PROGRAM FILES\COMMON FILES\KEENVALUE\KEENVALUE.EXE
C:\PALM\HOTSYNC.EXE
C:\PROGRAM FILES\BELKIN\BELKIN WIRELESS USB ADAPTER MANAGER\WLANMONITOR.EXE
C:\WINDOWS\SYSTEM\WSFBT6.EXE
C:\PROGRAM FILES\ALSET\HELPEXPRESS\DEFAULT\CLIENT\PRINTMONITOR.EXE
C:\WINDOWS\SYSTEM\WSFBT6.EXE
C:\WINDOWS\EMSW.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MMJB.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MMDIAG.EXE
C:\PROGRAM FILES\BARGAIN BUDDY\BIN2\BARGAINS.EXE
C:\PROGRAM FILES\COMMON FILES\KEENVALUE\KWM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMP\TD_0003.DIR\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://news.bbc.co.uk/
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1211.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\BIN2\APUC.DLL
O2 - BHO: SmartPops - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.DLL
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\SYSTEM\STLBDIST.DLL
O2 - BHO: (no name) - {84CAAA5E-B206-4A34-A95E-7721C3A6C741} - C:\WINDOWS\SYSTEM\RPCLTSPHX.DLL
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\SYSTEM\BHO001.DLL
O2 - BHO: NavErrRedir Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.DLL
O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINDOWS\SYSTEM\MSIEFR40.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRAM FILES\ISTBAR\ISTBAR.DLL
O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\SYSTEM\STLBDIST.DLL
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D3FA-F27BA787AD2D} - C:\PROGRA~1\POWERS~2\TOOLBAR\PWRSWMDA.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Sharedll\AHQ\CTMIX32.EXE /t
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [5QEKE7T5NG9WG2] C:\WINDOWS\SYSTEM\JqwG5f.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\SYSTEM\STLBDIST.DLL,DllRunMain
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\UPTODATE.EXE
O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P
O4 - HKLM\..\Run: [WINSTART001.EXE] C:\WINDOWS\System\WINSTART001.EXE -b
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\SYSTEM\MSIEFR40.DLL,DllRunServer
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Ottt] C:\WINDOWS\Application Data\rrai.exe
O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\SYSTEM\winservn.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Default\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Default\Client\HelpExp.exe
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: USB Manager.lnk = C:\Program Files\Belkin\Belkin Wireless USB Adapter Manager\WlanMonitor.exe
O4 - Global Startup: KeenValue.lnk = C:\Program Files\Common Files\KeenValue\keenvalue.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra button: Dell Home (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37607.762650463
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by1fd.bay1.hotmail.msn.com/activex/HMAtchmt.ocx
 
Joined
Dec 9, 2000
Messages
45,855
You have such an incredible amt of malware there that instead of going through that log and telling you what to "fix" we first need to trim it down. You are going to have to run Ad-Aware and Spybot one way or another.

First run the rapidblaster and coolwebshredder programs avalable through these sites:

http://www.wilderssecurity.net/specialinfo/rapidblaster.html

http://www.spywareinfo.com/~merijn/

Then use Ad-aware following Winchester's instructions. Have it fix EVERYthing it targets. After rebooting you can post another scanlog

Ad-Aware Home Page and Ad-Aware 6: Reference Guide by Winchester73

>> You absolutely, positively MUST update both Ad-aware and Spybot before running them.
 
Joined
Jul 26, 2002
Messages
46,331
Also you need to update Hijack This before posting another log.

Open Hijack This and click on the "Config" button in the lower right corner then click on the "Misc tools" button then click on "Check for update online" and dowload the update and post the log from that.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top