[hostfreak]

Hey, ive tried everything i can think of to get rid of these popups but, no matter what I do they continue to still popup. Here is my HiJack log:

Logfile of HijackThis v1.99.1
Scan saved at 10:45:30 AM, on 3/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\twain_32\SiPix\SC-3300\USBPNP.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\WINDOWS\winagent.exe
C:\WINDOWS\newsd.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Owner\My Documents\spyware_adware_removal\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SC3300CC] C:\WINDOWS\twain_32\SiPix\SC-3300\SC3300CC.exe
O4 - HKLM\..\Run: [USBPNP] C:\WINDOWS\twain_32\SiPix\SC-3300\USBPNP.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\Stopzilla.exe /autorun
O4 - HKLM\..\Run: [Advantage Launcher] "C:\Program Files\Advantage\Advantage.exe"
O4 - HKLM\..\Run: [WinAmpAgent] C:\WINDOWS\winagent.exe /i
O4 - HKLM\..\Run: [newsfeed12] C:\WINDOWS\newsd.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitexkt32.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ipmontr] C:\WINDOWS\System32\ipmontr.exe
O4 - HKCU\..\Run: [odbcp32r] C:\WINDOWS\System32\odbcp32r.exe
O4 - HKCU\..\Run: [wmpdxm] C:\WINDOWS\System32\wmpdxm.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://download.iwon...m_8_1,0,2,5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4C48AEC-E7AC-4243-842C-FE9AE32D3D82}: NameServer = 216.49.96.1 216.49.96.2
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

Any help will greatly be appreciated. Also if it would help at all, some of the popups the come up are: System Warning Update, Warning: PC Update, NospyX adware malware and Spyware Removal nospyx, Search Results for dept consolidation . Thanks.

[Advertisements]

Welcome hostfreak to Geeks to Go!

I'm having a look at your log now. I'll post back soon.

[g2i2r4]

Welcome hostfreak to Geeks to Go!

I'm having a look at your log now. I'll post back soon.

[g2i2r4]

Download CleanUp!.
Don't run the program, we'll do that later.

***

Download Hoster
Unzip it to a convenient place and open the program.
Choose "Restore Original Hosts" and press "OK".
Close the program.

***

Download EliteToolbar removal.
Unzip the files to a convenient folder.
Reboot your machine in Safe Mode (just click onto F8 key the same moment the pc is starting, before the MS Windows flag screen) and run the EliteToolbar Remover, then click the "Kill Elite Toolbar" button and wait until it will finish its work.

***

Reboot your computer to normal mode.

***

Open HijackThis
Go to ‘config’
Go to ‘misc tools’
Press ‘open process manager’
Select the process, press ‘kill process’ (and repeat this if necessary):
C:\WINDOWS\winagent.exe
C:\WINDOWS\newsd.exe
press ‘back’ and 'scan'.

***

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O4 - HKLM\..\Run: [WinAmpAgent] C:\WINDOWS\winagent.exe /i

O4 - HKLM\..\Run: [newsfeed12] C:\WINDOWS\newsd.exe

O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitexkt32.exe

O4 - HKCU\..\Run: [ipmontr] C:\WINDOWS\System32\ipmontr.exe

O4 - HKCU\..\Run: [odbcp32r] C:\WINDOWS\System32\odbcp32r.exe

O4 - HKCU\..\Run: [wmpdxm] C:\WINDOWS\System32\wmpdxm.exe

O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://download.iwon...m_8_1,0,2,5.cab

some entries may already be gone due to the previous steps.

Click on Fix Checked when finished and exit HijackThis.

***

Reboot to safe mode.

***

We need to make sure all hidden files are showing so please:* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
***

Delete the following files:

C:\WINDOWS\winagent.exe

C:\WINDOWS\newsd.exe

C:\windows\system32\elitexkt32.exe

C:\WINDOWS\System32\ipmontr.exe

C:\WINDOWS\System32\odbcp32r.exe

C:\WINDOWS\System32\wmpdxm.exe

some files may already be gone due to the steps above

***

Find and doubleclick the file cleanup312.exe.

Go to option
Select ‘custom’
Put a check to:* Cookies
* Prefetch
* Temp
* All users.
Press 'cleanup!'

Once it's done, log off and log on again. This will remove files that were in use during the scan.

***

Post a fresh log here in your answer. Let me know how it went.

Edited by g2i2r4, 24 March 2005 - 05:11 AM.

[g2i2r4]

No reply was posted for two weeks.

This topic is now closed. If you are the topicowner and still need assistance, please send me a PM.