Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Non-stop pop-ups


  • Please log in to reply

#1
Herb119

Herb119

    Member

  • Member
  • PipPip
  • 22 posts
I started getting pop-ups a while back, and I have tried sevral things ... MacAfee, Spybot, Ad-Aware, SWDoctor, CWShredder. But I still keep getting pop-ups. Here is my HijackThis log. Can somebody please help me?

Thank You!

Logfile of HijackThis v1.99.1
Scan saved at 9:42:41 PM, on 5/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwantsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {7B996AF3-32E1-89E6-A9CB-F9C9C1758652} - C:\DOCUME~1\THEMOE~1\APPLIC~1\SEEKFU~1\twospam.exe
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\SZIEBHO.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [abu] abu.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SetupSixthAimRoad] C:\Documents and Settings\All Users\Application Data\scr bash setup sixth\First Window.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [golumm] C:\WINDOWS\System32\golumm\services.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [REEGRUN] C:\index.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\RunServices: [Windows Compliant] exvwwp.exe
O4 - HKLM\..\RunServices: [MSNMSGR5] MSNMSGR5.exe
O4 - HKCU\..\Run: [Gbzth] C:\WINDOWS\System32\d?dplay.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [CornBags] C:\DOCUME~1\LOCALS~1\APPLIC~1\GRIMDO~1\WEBADMINCITY.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [sysinit] C:\WINDOWS\System32\golumm\services.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: {03EE37F2-24A6-2160-1236-1054485169B8} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0422EFAF-329B-1795-0B3C-0D8B2934D274} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {05669230-6FD3-0DDC-7AA1-55407243F25F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {0676AEFF-A62D-1FCC-E82F-1C93254F4816} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0776B53B-C3F1-6857-4520-09AF0EEFE301} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {082C671D-F4F9-06FC-F166-5D09798304F7} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0872BBDF-14C7-3774-0998-07285BB35361} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {08C727A5-FEE4-0032-D1A4-7B255E7133F2} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0A637158-84DF-0420-624A-19883CE5C7BE} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0A86BB98-9511-386F-7FFE-004A42E8EAA2} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0D83B617-CDF8-4DF1-F38F-34971E114000} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0F35295A-80B5-59DE-54CC-7F8419FB36D7} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1221690F-F801-46BC-C5A4-7F2B5D89436A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {133F0599-EDCA-0E96-C383-02633494CDFE} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {14F40B04-7241-28D7-C0C6-236E1633B291} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {15E449F2-291F-04B9-8187-622B4EE1645D} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {16752296-4578-13E4-9695-7B1644CE0785} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {17381D1E-BFE7-2809-15E1-22FD3FC917A6} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {19E4B143-49E9-4F74-3338-4AA40075C353} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1BB8D993-DC3A-45E2-A61C-065576196DC2} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1D290146-CD84-7E42-655C-41342F2A24E1} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1E0F16A6-B96C-3D62-D75B-71A921B37302} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1E1108AA-D7C7-3062-816A-6F394CDE1FF9} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1FBF69EA-0076-2D65-3F06-1DB757A7B27A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {20157DF1-84AA-442B-2C9C-631E40C9A805} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {201E6BC3-8CA5-47CF-C1B4-47325942684D} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {226AF947-627D-29F5-A0CE-54F44DADD751} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {23951234-3904-4381-687C-734A3A9092B2} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {250EA999-2BAC-5F42-CA25-7B395AD8473E} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {25D58DA4-3217-233F-3120-067728AE478E} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2718EB9C-4855-6ED1-1D40-36E024E2C5AB} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2C0F81F6-6F88-0F1F-F1B7-03C046BD9F54} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2D4C9DDF-CD22-34C9-86BD-6C733BC86A3B} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2F62A978-8695-6BDC-0E7F-731931F368F8} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {30A56BD6-6F33-561B-957D-63EA447DA64F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {32FF0A2A-A608-31C3-7216-1CC62106726B} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3AA2055E-BFA1-4DDE-B9B7-18907114BFDF} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3AA5132C-7F1F-3C11-BE76-62740923717B} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {3DCDF1D0-2177-5740-51E3-0C9240E99995} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3F4866BB-C41A-5A7D-D4A4-11746BA9EA19} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3F5EC855-9EA3-2E89-9074-7B753802462A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {413C611A-983A-0FEB-6393-7F7050E82AF0} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {416DFC2B-FF30-10C0-08B1-0F532750987E} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {418B24F1-1976-1570-D068-0C1976097173} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {430F9F02-3353-2D81-A514-31920FA3D754} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {43B1A3AC-5AE2-44DF-8EE2-2EBC30AB9686} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {44872CC7-3957-1C30-F754-36D820D6E2A8} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4644B9F0-0E46-3EA4-4AA4-684A0E084F6B} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {481800C3-78CD-7A20-7ED5-2BE05AFC8917} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4983E344-2991-30FE-4778-38212B8A64FC} - http://66.117.37.5/1/rdgUS116.exe
O16 - DPF: {4AB25DD3-6C80-666E-6E43-56AD6B8F00CF} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://ive.indymacb...oterisSetup.cab
O16 - DPF: {4E821B68-EE35-5671-7B78-2E900B893F55} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4E872D66-0C3F-1B55-7112-4D007048A0DE} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...84/mcinsctl.cab
O16 - DPF: {4F8372F0-161B-31D0-7E29-041B6D17E487} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {50228BD4-0516-3677-D920-055353991359} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {509CA097-8847-5650-3196-77630F54742A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {52218E93-A4AD-091F-6C49-5C5A4111ED66} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5252D6CD-B0D4-210A-CDC1-4DCE4EBCA130} - http://66.117.37.5/1/rdgUS155.exe
O16 - DPF: {53F8250A-B977-4CA1-73D2-19535DB6DB3F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {543841A0-AE36-5D50-F6F8-2CD5703F1DC3} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {54C76F6E-6364-29B9-44EB-3FA63CF598C6} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {54D5BDE1-3B5D-4561-EEC3-19AB5B185C4E} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5519E3E2-45DA-46E4-C17A-2FA07C0DDE07} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {58F96A41-F7B6-287A-0020-6AA446B9C689} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5917D317-2906-0242-757F-660818D84A58} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5B6E1CDD-D546-668B-3E25-7FFD5BF9B5DF} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5DBD0CAA-ACC3-4F6E-054F-77CB625A68CE} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5EACD49E-D698-59B5-E305-48D645FF3352} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {60545C45-8483-1A6F-932A-20801F5537AD} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {60D1AE89-18B9-3363-5DA0-08804F2AD7AF} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {61720AF7-A7C8-3ED8-76D9-087A48153556} - http://66.117.37.5/1/rdgUS116.exe
O16 - DPF: {61D9C7A6-32E8-21D4-5F9D-55933C596CAD} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6295BEBE-2C02-5DB6-1A98-4BDB0F1E8975} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {640636A7-6EFA-1F96-6BF5-09841880AE05} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {649F7E26-4BDA-00AA-01C2-50F8059FAF0E} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {64C1C944-4A18-477A-4A4C-4DC94E2F07AA} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {69439C6C-B704-556E-CF10-4D6F507E68DC} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6AC90BA3-0C00-5B6C-6A68-78CB5F2071A0} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6B3CD631-2BE4-7547-F1C2-346162DA0BBB} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6B8206BE-B91B-7D79-0E22-342C73C88A69} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6BF40242-383C-2E55-0C70-78C35572DD58} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6BFABEB1-84AA-5A95-5E34-5EF87CD9B600} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6D5CB332-00C0-5C62-673F-080A08C1EB54} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6E2DA917-E95E-6E55-13CA-53BD21234AD6} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {71BCED1B-F5EE-51B4-5A79-004158D78C90} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {722B4615-78C7-5863-B89E-51F129D8D0BB} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {72D72D79-8043-7058-F9C1-714D587C19C2} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {73B2344B-FA1C-19CB-DF46-1C7B4FEBCB4E} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {74920596-385F-2868-F0DB-76B6717C9604} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {765EACB5-BA5F-281C-7136-726006968539} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {76A947EB-68B3-7308-B7F6-5D617B0BF5E1} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {76BB7AFB-9CE8-1BA9-8707-50156B2548FC} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {7B89830B-81D0-4FA2-7A79-27CF7917A88F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {7D506635-A835-6573-9F6D-1404721215A8} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/...of.cab34501.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,21/mcgdmgr.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab34842.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwantsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

O2 - BHO: (no name) - {7B996AF3-32E1-89E6-A9CB-F9C9C1758652} - C:\DOCUME~1\THEMOE~1\APPLIC~1\SEEKFU~1\twospam.exe

O4 - HKLM\..\Run: [abu] abu.exe

O4 - HKLM\..\Run: [SetupSixthAimRoad] C:\Documents and Settings\All Users\Application Data\scr bash setup sixth\First Window.exe

O4 - HKLM\..\Run: [golumm] C:\WINDOWS\System32\golumm\services.exe

O4 - HKLM\..\Run: [REEGRUN] C:\index.exe

O4 - HKLM\..\RunServices: [Windows Compliant] exvwwp.exe
O4 - HKLM\..\RunServices: [MSNMSGR5] MSNMSGR5.exe
O4 - HKCU\..\Run: [Gbzth] C:\WINDOWS\System32\d?dplay.exe

O4 - HKCU\..\Run: [CornBags] C:\DOCUME~1\LOCALS~1\APPLIC~1\GRIMDO~1\WEBADMINCITY.exe

O4 - HKCU\..\Run: [sysinit] C:\WINDOWS\System32\golumm\services.exe

O16 - DPF: {03EE37F2-24A6-2160-1236-1054485169B8} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0422EFAF-329B-1795-0B3C-0D8B2934D274} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {05669230-6FD3-0DDC-7AA1-55407243F25F} - http://69.50.188.54/1/gdnUS208.exe

O16 - DPF: {0676AEFF-A62D-1FCC-E82F-1C93254F4816} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0776B53B-C3F1-6857-4520-09AF0EEFE301} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {082C671D-F4F9-06FC-F166-5D09798304F7} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0872BBDF-14C7-3774-0998-07285BB35361} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {08C727A5-FEE4-0032-D1A4-7B255E7133F2} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0A637158-84DF-0420-624A-19883CE5C7BE} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0A86BB98-9511-386F-7FFE-004A42E8EAA2} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0D83B617-CDF8-4DF1-F38F-34971E114000} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0F35295A-80B5-59DE-54CC-7F8419FB36D7} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1221690F-F801-46BC-C5A4-7F2B5D89436A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {133F0599-EDCA-0E96-C383-02633494CDFE} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {14F40B04-7241-28D7-C0C6-236E1633B291} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {15E449F2-291F-04B9-8187-622B4EE1645D} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {16752296-4578-13E4-9695-7B1644CE0785} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {17381D1E-BFE7-2809-15E1-22FD3FC917A6} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {19E4B143-49E9-4F74-3338-4AA40075C353} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1BB8D993-DC3A-45E2-A61C-065576196DC2} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1D290146-CD84-7E42-655C-41342F2A24E1} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1E0F16A6-B96C-3D62-D75B-71A921B37302} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1E1108AA-D7C7-3062-816A-6F394CDE1FF9} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1FBF69EA-0076-2D65-3F06-1DB757A7B27A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {20157DF1-84AA-442B-2C9C-631E40C9A805} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {201E6BC3-8CA5-47CF-C1B4-47325942684D} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {226AF947-627D-29F5-A0CE-54F44DADD751} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {23951234-3904-4381-687C-734A3A9092B2} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {250EA999-2BAC-5F42-CA25-7B395AD8473E} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {25D58DA4-3217-233F-3120-067728AE478E} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2718EB9C-4855-6ED1-1D40-36E024E2C5AB} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2C0F81F6-6F88-0F1F-F1B7-03C046BD9F54} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2D4C9DDF-CD22-34C9-86BD-6C733BC86A3B} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2F62A978-8695-6BDC-0E7F-731931F368F8} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {30A56BD6-6F33-561B-957D-63EA447DA64F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {32FF0A2A-A608-31C3-7216-1CC62106726B} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3AA2055E-BFA1-4DDE-B9B7-18907114BFDF} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3AA5132C-7F1F-3C11-BE76-62740923717B} - http://69.50.188.54/1/gdnUS208.exe

O16 - DPF: {3DCDF1D0-2177-5740-51E3-0C9240E99995} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3F4866BB-C41A-5A7D-D4A4-11746BA9EA19} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3F5EC855-9EA3-2E89-9074-7B753802462A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {413C611A-983A-0FEB-6393-7F7050E82AF0} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {416DFC2B-FF30-10C0-08B1-0F532750987E} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {418B24F1-1976-1570-D068-0C1976097173} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {430F9F02-3353-2D81-A514-31920FA3D754} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {43B1A3AC-5AE2-44DF-8EE2-2EBC30AB9686} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {44872CC7-3957-1C30-F754-36D820D6E2A8} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4644B9F0-0E46-3EA4-4AA4-684A0E084F6B} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {481800C3-78CD-7A20-7ED5-2BE05AFC8917} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4983E344-2991-30FE-4778-38212B8A64FC} - http://66.117.37.5/1/rdgUS116.exe
O16 - DPF: {4AB25DD3-6C80-666E-6E43-56AD6B8F00CF} - http://69.50.188.54/1/gdnUS208.exe

O16 - DPF: {4E821B68-EE35-5671-7B78-2E900B893F55} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4E872D66-0C3F-1B55-7112-4D007048A0DE} - http://69.50.188.54/1/gdnUS208.exe

O16 - DPF: {4F8372F0-161B-31D0-7E29-041B6D17E487} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {50228BD4-0516-3677-D920-055353991359} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {509CA097-8847-5650-3196-77630F54742A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {52218E93-A4AD-091F-6C49-5C5A4111ED66} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5252D6CD-B0D4-210A-CDC1-4DCE4EBCA130} - http://66.117.37.5/1/rdgUS155.exe
O16 - DPF: {53F8250A-B977-4CA1-73D2-19535DB6DB3F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {543841A0-AE36-5D50-F6F8-2CD5703F1DC3} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {54C76F6E-6364-29B9-44EB-3FA63CF598C6} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {54D5BDE1-3B5D-4561-EEC3-19AB5B185C4E} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5519E3E2-45DA-46E4-C17A-2FA07C0DDE07} - http://69.50.188.54/1/gdnUS208.exe

O16 - DPF: {58F96A41-F7B6-287A-0020-6AA446B9C689} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5917D317-2906-0242-757F-660818D84A58} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5B6E1CDD-D546-668B-3E25-7FFD5BF9B5DF} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5DBD0CAA-ACC3-4F6E-054F-77CB625A68CE} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5EACD49E-D698-59B5-E305-48D645FF3352} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {60545C45-8483-1A6F-932A-20801F5537AD} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {60D1AE89-18B9-3363-5DA0-08804F2AD7AF} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {61720AF7-A7C8-3ED8-76D9-087A48153556} - http://66.117.37.5/1/rdgUS116.exe
O16 - DPF: {61D9C7A6-32E8-21D4-5F9D-55933C596CAD} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6295BEBE-2C02-5DB6-1A98-4BDB0F1E8975} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {640636A7-6EFA-1F96-6BF5-09841880AE05} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {649F7E26-4BDA-00AA-01C2-50F8059FAF0E} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {64C1C944-4A18-477A-4A4C-4DC94E2F07AA} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {69439C6C-B704-556E-CF10-4D6F507E68DC} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6AC90BA3-0C00-5B6C-6A68-78CB5F2071A0} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6B3CD631-2BE4-7547-F1C2-346162DA0BBB} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6B8206BE-B91B-7D79-0E22-342C73C88A69} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6BF40242-383C-2E55-0C70-78C35572DD58} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6BFABEB1-84AA-5A95-5E34-5EF87CD9B600} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6D5CB332-00C0-5C62-673F-080A08C1EB54} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6E2DA917-E95E-6E55-13CA-53BD21234AD6} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {71BCED1B-F5EE-51B4-5A79-004158D78C90} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {722B4615-78C7-5863-B89E-51F129D8D0BB} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {72D72D79-8043-7058-F9C1-714D587C19C2} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {73B2344B-FA1C-19CB-DF46-1C7B4FEBCB4E} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {74920596-385F-2868-F0DB-76B6717C9604} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {765EACB5-BA5F-281C-7136-726006968539} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {76A947EB-68B3-7308-B7F6-5D617B0BF5E1} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {76BB7AFB-9CE8-1BA9-8707-50156B2548FC} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {7B89830B-81D0-4FA2-7A79-27CF7917A88F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {7D506635-A835-6573-9F6D-1404721215A8} - http://69.50.188.54/1/gdnUS208.exe

Download and run CWShredder from:
http://www.intermute...r_download.html
Use the Fix button.

Then reboot and post a new HijackThis log.

Regards,
  • 0

#3
Herb119

Herb119

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thank you so much for the guidance! I did as you instructed, and here is my new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 5:50:25 PM, on 5/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwantsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\SZIEBHO.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://ive.indymacb...oterisSetup.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...84/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/...of.cab34501.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,21/mcgdmgr.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab34842.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
  • 0

#4
Herb119

Herb119

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I just booted up my computer and got on to the Web, and sure enough, three pop-ups hit me within the first minute!

Thank for all of the help you are giving me!
  • 0

#5
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Can you change your startpage and see if it stays the way you set it.

I wouldn't be surprised if the popups originated there.

Regards,
  • 0

#6
Herb119

Herb119

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Yes, I have had this start page problem for quite some time. Regardless of what I change the start page to, it always goes back to http://www.iwantsearch.com/
  • 0

#7
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Please download Agent Ransack from:
http://www.mythicsof...m/agentransack/

Run the program and make sure there are Checkmarks in the Expert User and Containing Text boxes on the Advanced tab.

In the bottom bar type or paste iwantsearch

Then click Start Search.

It will take quite a while before it's done.

When it is click "Save results" (icon #4 from the left)
Choose save to clipboard and paste them into your next post.

Regards,
  • 0

#8
Herb119

Herb119

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello,

I did exactly as instructed, and the search lasts less than 1 second and I get 0 results. I have tried it several times, but no luck.

Thank you for your advice.
  • 0

#9
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Umm. It should look in C: by default, but can you check?
Because there is one thing this program can't do and that's be fast. :tazz:

Regards,
  • 0

#10
Herb119

Herb119

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello,

I got Agent Ransack to work (I did not have search subfolders clicked first time!)

Here is the log from the scan I ran:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Statistics.ini (4 KB, 5/4/2005 6:09:24 AM)
163 [Iwantsearch]

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.050327-1216.log (2 KB, 3/27/2005 1:20:38 PM)
7 27.03.2005 12:18:22 - found: Iwantsearch Settings
8 27.03.2005 12:18:22 - found: Iwantsearch Uninstall settings

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.050327-1220.txt (3 KB, 3/27/2005 1:20:38 PM)
31 Iwantsearch: Uninstall settings (Registry key, nothing done)
34 Iwantsearch: Settings (Registry key, nothing done)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.050327-1907.txt (3 KB, 3/27/2005 8:07:15 PM)
31 Iwantsearch: Uninstall settings (Registry key, fixed)
34 Iwantsearch: Settings (Registry key, fixed)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Iwantsearch.zip (1 KB, 3/27/2005 8:05:47 PM)
1 PK ¸˜{2“¸ §̃sbRecovery.reg;Ó` i² ˜° Gù ­d̀læ%Ú-UÜ"Ơê@©9rWPü–ÿ—â@’_›¹y]ns £aỈÜ Ô|Ơm<¦.¡= £=XÙ́bª‚[«Iƒ ÜR(ƯÓ¾] Ư·™¡L>z0_̉ă)ZP¾ËÎ ••@xß+ڨŨ<ëø­ =AÈ©p%z ½ÆÑô@́\ ÙÍ o¼+´ƠJ¿ø¡, ÚF™dAMÎEÛ îTÏ„íæo ;D­Â´MW Lˆ j› ! Ä–:EGƠ[ œÛÓ˜ PK “¸ §̃PK ¸˜{2Zhèƒÿ0 sbRecovery.iniEÖßÏêø ø( á®dA– X x 2 €ˆx qƒZ¢b¥ [6à0Ư/”?ˆ ̉ ¡hßÚj{ 7 ÁÆ ö›ađ¦̉ A¢ó1o x²lw²R̉& ‹ô 8O à £ ¦ LCú *@ è̀w§J FÇO‡ }¼‡‚+³V E ̉”Ø $5¡̃²¹₫¡3û²–!× ´½vƠN jÏ->} ’Ÿü;ip Ăç‚°‰wµS»NX] — 4ª e£ Å¢Ç* ›ÜĂ—, Éå  k”êTt‡¤ÏĂ >Ô–IĂéµ÷̣K¹µÔ~ ƒƯ:Ưo°ˆQ” ¢`‹¹́bh ÄPK Zhèƒÿ0 PK ¸˜{2“¸ §̃ €sbRecovery.regPK ¸˜{2Zhèƒÿ0 € sbRecovery.iniPK xA Grecovery information for Iwantsearch for use with Spybot-Search&Destroy

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Iwantsearch1.zip (1 KB, 3/27/2005 8:05:47 PM)
1 PK ¸˜{2 ß‚kèÀ sbRecovery.reg;Ó` i² ˜° GqR¤9̃~́™cÆ|ª²̣z™u ƒ8t{¿©«ă(× i K#Ä ‡: ç9|#ưĐ;µL¿ˆĐ$ sÙ¦æĐ P"@¿ 7 §Îûuïà1¢Æ÷T̉ U¨ûÛL >! q6f™X̣¢&˜c çA<·M}Ë!«É̉UÚG ¥º¤í¼ØÜÆÿRsNªè’ £¨á­Ăịär>³E₫áÆVOó1s] Ø${$ Z¿ °KÚ:œ<¸ƒîùoÉz × Dsqîrdç ú ±¶¤øY áƯ‘Ô(J¯×ïb/è˜ vPK ß‚kèÀ PK ¸˜{2Ÿv’±ú( sbRecovery.iniEÖßÏêø ø( á®lÔỮ\̉ä ŸÚZ*€,ư 2₫| S¢QVa+µÇç¦ÓÄ ´öæ v< „§(ͺ̀ Dè Åê€!ú OØbe*1ê×ă^^̀–øB8,ØP—ÑŒƯ ¤Ip” Ï'ĐÇi“ mäÉ gÜÑ pÄ3ư4‹)»¬¢ă¾"Ùí§¼|¯AzpÔ|áÖ{ä! X‡‚@‰L«ÉÆ)Éă¥?¯Æ<<:“æ60Ô ÃU 1~¢dNO]vaFIh¾ƒ' ¡à§$xÜ](SÔ¨ C¡½M7 «P/_ n -Cë§aÜÁ$° ̉?ö [PK Ÿv’±ú( PK ¸˜{2 ß‚kèÀ €sbRecovery.regPK ¸˜{2Ÿv’±ú( €$ sbRecovery.iniPK xZ Grecovery information for Iwantsearch for use with Spybot-Search&Destroy

C:\Documents and Settings\The Moe Family\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2004-09-24 02-35-51.txt (122 KB, 9/24/2004 2:35:51 AM)
2362 Data : IWantSearch.url
2364 Comment : Problematic URL discovered: http://www.iwantsearch.com

C:\Documents and Settings\The Moe Family\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2004-09-26 09-13-13.txt (110 KB, 9/26/2004 9:13:13 AM)
896 Possible Browser Hijack attempt : S-1-5-21-1177238915-602162358-725345543-1004\Software\Microsoft\Internet Explorer\MainStart Pageiwantsearch.com
900 Data : "http://www.iwantsearch.com"
906 Data : "http://www.iwantsearch.com"
2287 Data : IWantSearch.url
2289 Comment : Problematic URL discovered: http://www.iwantsearch.com

C:\Documents and Settings\The Moe Family\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2004-09-27 18-01-42.txt (62 KB, 9/27/2004 6:01:42 PM)
1048 Possible Browser Hijack attempt : S-1-5-21-1177238915-602162358-725345543-1004\Software\Microsoft\Internet Explorer\MainStart Pageiwantsearch.com
1052 Data : "http://www.iwantsearch.com"
1058 Data : "http://www.iwantsearch.com"

C:\Documents and Settings\The Moe Family\Local Settings\History\History.IE5\index.dat (192 KB, 5/28/2005 11:17:27 AM)
0 arch.ebay.com/dodger-mat_W0QQsojsZ1QQfromZR40'đ­ đ­ đ­ đ­ đ­ URL Ü{!mbÅ Ü{!mbÅ Â2‹ `h₫ ´»2p đ­ Visited: The Moe Family@http://t.trafficmp.com/b.t/emB4/1990449571555701320đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ URL ?JqbÅ ?JqbÅ Â2D `h₫ ¼»2© đ­ Visited: The Moe Family@http://contact.ebay.com/ws/eBayISAPI.dll?AskSellerQuestionđ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ URL @É¡sÁbÅ @É¡sÁbÅ Â2ưk`h₫ Œ»2ăl đ­ Visited: The Moe Family@about:blankđ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ URL €;"́»bÅ €;"́»bÅ Â2‹f`h₫ ¬D»2pg đ­ Visited: The Moe Family@http://www.geekstogo.com/forum/index.phpđ­ 0Please stand by...đ­ đ­ đ­ đ­ URL àà":²cÅ àà":²cÅ Ă2ï‘`h₫ œ¨¼2Ô’ đ­ Visited: The Moe Family@http://cbs.sportsline.com­ ”NFL, MLB, NBA, NHL, NCAA, Fantasy Sports and more: CBS SportsLine.comđ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ URL ­'£»bÅ ­'£»bÅ Â2Jf`h₫ Øt»2/g đ­ Visited: The Moe Family@http://www.getfound.com/bin/gethtmlcustom.asp?affid=782&popid=50078&mt=microsoft+office`Shopping for microsoft office - Click Now!đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ URL €ñ“â»bÅ €ñ“â»bÅ Â2ƒf`h₫ ́»2hg đ­ Visited: The Moe Family@http://ads.cc214142.com/hserver/site=AIUSA.DGSW/area=DGSW.MONSTERRETNEW.600X400.956/uid=3480228827084215722URL @ #¼bÅ @ #¼bÅ Â2»f`h₫ Đ`»2"h đ­ Visited: The Moe Family@http://www.getfound.com/bin/gethtmlcustom.asp?affid=782&popid=50104&mt=donate­ LShopping for donate - Click Now!đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ URL ÇƯ-¼bÅ ÇƯ-¼bÅ Â2Æf`h₫ Đœ»2+h đ­ Visited: The Moe Family@http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.htmlˆGeeks To Go Forums -> Malware Removal - HiJackThis Logs Go Heređ­ đ­ đ­ đ­ đ­ URL P²!2¼bÅ P²!2¼bÅ Â2f`h₫ ´<»2/h đ­ Visited: The Moe Family@http://www.geekstogo.com/forum/Metallica-m7027.html(Viewing Profileđ­ đ­ đ­ đ­ URL `× O¼bÅ `× O¼bÅ Â2äf`h₫ À»2Ih đ­ Visited: The Moe Family@http://z1.adserver.com/w/cp.x;rid=1;tid=2;ev=1;dt=3;ac=14;c=98;đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ URL đ1 é±cÅ đ1 é±cÅ Ă2§‘`h₫ È„¼2Œ’ đ­ Visited: The Moe Family@http://www.geekstogo.com/forum/index.php?act=Post&CODE=02&f=37&t=28994pGeeks To Go Forums -> Replying in Non-stop pop-upsđ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ URL „‘»bÅ „‘»bÅ Â2ff`h₫ œx»2Kg đ­ Visited: The Moe Family@http://www.iwantsearch.comdIwantSearch.com - best search for your needs!đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ URL Wî ¼bÅ Wî ¼bÅ Â2·f`h₫ Èl»2 h đ­ Visited: The Moe Family@http://www.geekstogo.com/forum/index.php?showtopic=28994&st=0&p=144251&XGeeks To Go Forums -> Non-stop pop-upsđ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ URL °> ¤±cÅ °> ¤±cÅ Ă2i‘`h₫ ¼¼2N’ đ­ Visited: The Moe Family@java script:redirect_to('&act=Search&CODE=getreplied', 0)đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ URL B<O¼bÅ B<O¼bÅ Â2äf`h₫ Ø»2Ih đ­ Visited: The Moe Family@http://media.fastclick.net/w/pop.cgi?sid=20722&m=2&CK=N&JS=N&c=3601018623372969769&SZ=1đ­ đ­ đ­ đ­ đ­ URL ßEO¼bÅ ßEO¼bÅ Â2äf`h₫ È»2Ih đ­ Visited: The Moe Family@http://z1.adserver.com/w/cp.x;rid=1;tid=2;ev=1;dt=3;ac=14;c=98;;nc=1đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ URL P¾Œ¦±cÅ P¾Œ¦±cÅ Ă2k‘`h₫ <¼2P’ đ­ Visited: The Moe Family@http://www.geekstogo.com/forum/index.php?act=Search&nav=gr&CODE=show&searchid=2df6b525039d31324e42b07f0642e185&search_in=posts&result_type=topics­ (Search Resultsđ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ URL ° d ²cÅ ° d ²cÅ Ă2¢’`h₫ ¬D¼2¢’ đ­ Visited: The Moe Family@http://www.geekstogo.com/forum/index.php?­ 0Please stand by...đ­ đ­ đ­ đ­ URL đƯsÎÀbÅ đƯsÎÀbÅ Â2jk`h₫ ”,»2Ol đ­ Visited: The Moe Family@http://www.cnn.comCNN.comđ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ URL `s´«ÀbÅ `s´«ÀbÅ Â2Kk`h₫ <»20l đ­ Visited: The Moe Family@http://www.geekstogo.com/forum/index.php?act=Search&nav=gr&CODE=show&searchid=0f14431b1a99d1529918ec2f9cfb8eb1&search_in=posts&result_type=topics­ (Search Resultsđ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ đ­ URL ­ƠÎÀbÅ ­ƠÎÀbÅ Â2jk`h₫ ´8»2Ol đ­ Visited: The Moe Family@http://www.cnn.com/cnn_adspaces/adsPopup2.html?0đ­ $Advertisementđ­ đ­ đ­ đ­ đ­ URL ̀ÎÀbÅ ̀ÎÀbÅ Â2jk`h₫ è(»2Ol đ­ Visited: The Moe

C:\Documents and Settings\The Moe Family\Local Settings\Temporary Internet Files\Content.IE5\GDIJKHIN\index[3].htm (83 KB, 5/28/2005 11:20:19 AM)
32 ='middle' alt='' />&nbsp;&nbsp;&nbsp;<input type="radio" class="radiobutton" name="iconid" value="10" />&nbsp;&nbsp;<img src="style_images/1/folder_post_icons/icon10.gif" align='middle' alt='' />&nbsp;&nbsp;&nbsp;<input type="radio" class="radiobutton" name="iconid" value="11" />&nbsp;&nbsp;<img src="style_images/1/folder_post_icons/icon11.gif" align='middle' alt='' />&nbsp;&nbsp;&nbsp;<input type="radio" class="radiobutton" name="iconid" value="12" />&nbsp;&nbsp;<img src="style_images/1/folder_post_icons/icon12.gif" align='middle' alt='' />&nbsp;&nbsp;&nbsp;<input type="radio" class="radiobutton" name="iconid" value="13" />&nbsp;&nbsp;<img src="style_images/1/folder_post_icons/icon13.gif" align='middle' alt='' />&nbsp;&nbsp;&nbsp;<input type="radio" class="radiobutton" name="iconid" value="14" />&nbsp;&nbsp;<img src="style_images/1/folder_post_icons/icon14.gif" align='middle' alt='' /><br /> <input type="radio" class="radiobutton" name="iconid" value="0" checked="checked" />&nbsp;&nbsp;[ Use None ] </td> </tr> <tr> <td colspan="2" class="formsubtitle">File Attachments</td> </tr> <tr> <td class="pformleft" valign="top"><b>Attachments</b><br />Global Space Left: 2mb</td> <td class="pformright"><input class="forminput" type="file" size="30" name="FILE_UPLOAD" /> <input type="submit" onclick="Override=1;" name="attachgo" value="Add This Attachment" class="button" /><!--IBF.UPLOADED_ITEMS--></td> </tr> <tr> <td class="formbuttonrow" colspan="2"> <input type="submit" name="submit" value="Add Reply" tabindex="7" class="button" accesskey="s" />&nbsp; <input type="submit" name="preview" value="Preview Post" tabindex="8" class="button" /> </td> </tr> </table> </div> </form> <br style="clear: all;" /><br /> <div class="borderwrap"> <div class="maintitle">Last 10 Posts [ In reverse order ]</div> <table cellspacing="1"><tr> <td class="row2" valign="top" width="20%"><b>Metallica</b></td> <td class="row2" valign="top" width="80%">Posted Yesterday, 06:35 AM</td> </tr> <tr> <td class="row1" valign="top" width="20%">&nbsp;</td> <td class="row1" valign="top" width="80%"><span class="postcolor">Please download Agent Ransack from: <br /><a href='http://www.mythicsoft.com/agentransack/' target='_blank'>http://www.mythicsof...entransack/</a> <br /><br />Run the program and make sure there are Checkmarks in the Expert User and Containing Text boxes on the Advanced tab. <br /><br />In the bottom bar type or paste <b>iwantsearch</b><br /><br />Then click Start Search. <br /><br />It will take quite a while before it's done. <br /><br />When it is click &quot;Save results&quot; (icon #4 from the left) <br />Choose save to clipboard and paste them into your next post. <br /><br />Regards,</span></td> </tr><tr> <td class="row2" valign="top" width="20%"><b>Herb119</b></td> <td class="row2" valign="top" width="80%">Posted Yesterday, 06:00 AM</td> </tr> <tr> <td class="row1" valign="top" width="20%">&nbsp;</td> <td class="row1" valign="top" width="80%"><span class="postcolor">Yes, I have had this start page problem for quite some time. Regardless of what I change the start page to, it always goes back to <a href='http://www.iwantsearch.com/' target='_blank'>http://www.iwantsear.../a></span></td> </tr><tr> <td class="row2" valign="top" width="20%"><b>Metallica</b></td> <td class="row2" valign="top" width="80%">Posted May 26 2005, 11:40 PM</td> </tr> <tr> <td class="row1" valign="top" width="20%">&nbsp;</td> <td class="row1" valign="top" width="80%"><span class="postcolor">Can you change your startpage and see if it stays the way you set it.<br /><br />I wouldn't be surprised if the popups originated there.<br /><br />Regards,</span></td> </tr><tr> <td class="row2" valign="top" width="20%"><b>Herb119</b></td> <td class="row2" valign="top" width="80%">Posted May 26 2005, 08:35 PM</td> </tr> <tr> <td class="row1" valign="top" width="20%">&nbsp;</td> <td class="row1" valign="top" width="80%"><span class="postcolor">I just booted up my computer and got on to the Web, and sure enough, three pop-ups hit me within the first minute!<br /><br />Thank for all of the help you are giving me!</span></td> </tr><tr> <td class="row2" valign="top" width="20%"><b>Herb119</b></td> <td class="row2" valign="top" width="80%">Posted May 26 2005, 05:51 PM</td> </tr> <tr> <td class="row1" valign="top" width="20%">&nbsp;</td> <td class="row1" valign="top" width="80%"><span class="postcolor">Thank you so much for the guidance! I did as you instructed, and here is my new HijackThis log:<br /><br />Logfile of HijackThis v1.99.1<br />Scan saved at 5:50:25 PM, on 5/26/2005<br />Platform: Windows XP SP2 (WinNT 5.01.2600)<br />MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)<br /><br />Running processes:<br />C:\WINDOWS\System32\smss.exe<br />C:\WINDOWS\system32\csrss.exe<br />C:\WINDOWS\system32\winl
33 exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\Program Files\STOPzilla!\szntsvc.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\system32\spoolsv.exe<br />C:\PROGRA~1\mcafee.com\agent\mcagent.exe<br />C:\Program Files\STOPzilla!\Stopzilla.exe<br />C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe<br />C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe<br />c:\progra~1\mcafee.com\vso\mcvsescn.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe<br />C:\WINDOWS\system32\RUNDLL32.EXE<br />C:\Program Files\Spyware Doctor\swdoctor.exe<br />C:\Program Files\Internet Explorer\iexplore.exe<br />c:\progra~1\intern~1\iexplore.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe<br />C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe<br />C:\WINDOWS\System32\CTsvcCDA.exe<br />C:\WINDOWS\system32\drivers\dcfssvc.exe<br />C:\PROGRA~1\Iomega\System32\AppServices.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe<br />C:\WINDOWS\System32\nvsvc32.exe<br />C:\WINDOWS\system32\wdfmgr.exe<br />C:\WINDOWS\System32\MsPMSPSv.exe<br />c:\progra~1\mcafee.com\vso\mcvsftsn.exe<br />C:\Program Files\Messenger\msmsgs.exe<br />C:\Program Files\MSN Messenger\msnmsgr.exe<br />c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe<br />c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe<br />c:\PROGRA~1\mcafee.com\vso\mcshield.exe<br />C:\WINDOWS\explorer.exe<br />C:\Program Files\MSN\MSNCoreFiles\msn.exe<br />C:\Program Files\HijackThis\HijackThis.exe<br /><br />R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = <a href='http://searchmiracle.com/sp.php' target='_blank'>http://searchmiracle...m/sp.php</a><br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://www.iwantsearch.com' target='_blank'>http://www.iwantsear...arch.com</a><br />R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank<br />R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm<br />R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online<br />R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1<br />O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll<br />O2 - BHO: (no name) - {7B996AF3-32E1-89E6-A9CB-F9C9C1758652} - C:\DOCUME~1\THEMOE~1\APPLIC~1\SEEKFU~1\twospam.exe<br />O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll<br />O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\SZIEBHO.dll<br />O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll<br />O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup<br />O4 - HKLM\..\Run: [diagent] &quot;C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe&quot; startup<br />O4 - HKLM\..\Run: [VSOCheckTask] &quot;c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe&quot; /checktask<br />O4 - HKLM\..\Run: [VirusScan Online] &quot;c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe&quot;<br />O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe<br />O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe<br />O4 - HKLM\..\Run: [STOPzilla] &quot;C:\Program Files\STOPzilla!\Stopzilla.exe&quot; /autorun<br />O4 - HKLM\..\Run: [abu] abu.exe<br />O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe<br />O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files&

C:\Documents and Settings\The Moe Family\Local Settings\Temporary Internet Files\Content.IE5\GDIJKHIN\index[4].htm (102 KB, 5/28/2005 11:21:04 AM)
17 exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\Program Files\STOPzilla!\szntsvc.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\system32\spoolsv.exe<br />C:\PROGRA~1\mcafee.com\agent\mcagent.exe<br />C:\Program Files\STOPzilla!\Stopzilla.exe<br />C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe<br />C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe<br />c:\progra~1\mcafee.com\vso\mcvsescn.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe<br />C:\WINDOWS\system32\RUNDLL32.EXE<br />C:\Program Files\Spyware Doctor\swdoctor.exe<br />C:\Program Files\Internet Explorer\iexplore.exe<br />c:\progra~1\intern~1\iexplore.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe<br />C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe<br />C:\WINDOWS\System32\CTsvcCDA.exe<br />C:\WINDOWS\system32\drivers\dcfssvc.exe<br />C:\PROGRA~1\Iomega\System32\AppServices.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe<br />C:\WINDOWS\System32\nvsvc32.exe<br />C:\WINDOWS\system32\wdfmgr.exe<br />C:\WINDOWS\System32\MsPMSPSv.exe<br />c:\progra~1\mcafee.com\vso\mcvsftsn.exe<br />C:\Program Files\Messenger\msmsgs.exe<br />C:\Program Files\MSN Messenger\msnmsgr.exe<br />c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe<br />c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe<br />c:\PROGRA~1\mcafee.com\vso\mcshield.exe<br />C:\WINDOWS\explorer.exe<br />C:\Program Files\MSN\MSNCoreFiles\msn.exe<br />C:\Program Files\HijackThis\HijackThis.exe<br /><br />R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = <a href='http://searchmiracle.com/sp.php' target='_blank'>http://searchmiracle...m/sp.php</a><br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://www.iwantsearch.com' target='_blank'>http://www.iwantsear...arch.com</a><br />R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank<br />R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm<br />R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online<br />R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1<br />O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll<br />O2 - BHO: (no name) - {7B996AF3-32E1-89E6-A9CB-F9C9C1758652} - C:\DOCUME~1\THEMOE~1\APPLIC~1\SEEKFU~1\twospam.exe<br />O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll<br />O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\SZIEBHO.dll<br />O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll<br />O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup<br />O4 - HKLM\..\Run: [diagent] &quot;C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe&quot; startup<br />O4 - HKLM\..\Run: [VSOCheckTask] &quot;c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe&quot; /checktask<br />O4 - HKLM\..\Run: [VirusScan Online] &quot;c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe&quot;<br />O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe<br />O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe<br />O4 - HKLM\..\Run: [STOPzilla] &quot;C:\Program Files\STOPzilla!\Stopzilla.exe&quot; /autorun<br />O4 - HKLM\..\Run: [abu] abu.exe<br />O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe<br />O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files&
17 Win2k, XP and Mandrake<br /> </span><br /> <img src="style_images/1/spacer.gif" alt="" width="160" height="1" /><br /> </td> <td width="100%" valign="top" class="post1"> <!-- THE POST 142287 --> <div class="postcolor">Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:<br /><br />R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = <a href='http://searchmiracle.com/sp.php' target='_blank'>http://searchmiracle...m/sp.php</a><br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://www.iwantsearch.com' target='_blank'>http://www.iwantsear...arch.com</a><br />R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank<br /><br />O2 - BHO: (no name) - {7B996AF3-32E1-89E6-A9CB-F9C9C1758652} - C:\DOCUME~1\THEMOE~1\APPLIC~1\SEEKFU~1\twospam.exe<br /><br />O4 - HKLM\..\Run: [abu] abu.exe<br /><br />O4 - HKLM\..\Run: [SetupSixthAimRoad] C:\Documents and Settings\All Users\Application Data\scr bash setup sixth\First Window.exe<br /><br />O4 - HKLM\..\Run: [golumm] C:\WINDOWS\System32\golumm\services.exe<br /><br />O4 - HKLM\..\Run: [REEGRUN] C:\index.exe<br /><br />O4 - HKLM\..\RunServices: [Windows Compliant] exvwwp.exe<br />O4 - HKLM\..\RunServices: [MSNMSGR5] MSNMSGR5.exe<br />O4 - HKCU\..\Run: [Gbzth] C:\WINDOWS\System32\d?dplay.exe<br /><br />O4 - HKCU\..\Run: [CornBags] C:\DOCUME~1\LOCALS~1\APPLIC~1\GRIMDO~1\WEBADMINCITY.exe<br /><br />O4 - HKCU\..\Run: [sysinit] C:\WINDOWS\System32\golumm\services.exe<br /><br />O16 - DPF: {03EE37F2-24A6-2160-1236-1054485169B8} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0422EFAF-329B-1795-0B3C-0D8B2934D274} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {05669230-6FD3-0DDC-7AA1-55407243F25F} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br /><br />O16 - DPF: {0676AEFF-A62D-1FCC-E82F-1C93254F4816} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0776B53B-C3F1-6857-4520-09AF0EEFE301} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {082C671D-F4F9-06FC-F166-5D09798304F7} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0872BBDF-14C7-3774-0998-07285BB35361} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {08C727A5-FEE4-0032-D1A4-7B255E7133F2} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0A637158-84DF-0420-624A-19883CE5C7BE} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0A86BB98-9511-386F-7FFE-004A42E8EAA2} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0D83B617-CDF8-4DF1-F38F-34971E114000} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0F35295A-80B5-59DE-54CC-7F8419FB36D7} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {1221690F-F801-46BC-C5A4-7F2B5D89436A} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {133F0599-EDCA-0E96-C383-02633494CDFE} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {14F40B04-7241-28D7-C0C6-236E1633B291} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {15E449F2-291F-04B9-8187-622B4EE1645D} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {16752296-4578-13E4-9695-7B1644CE0785} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {17381D1E-BFE7-2809-15E1-22FD3FC917A6} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {19E4B143-49E9-4F74-3338-4AA40075C353} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {1BB8D993-DC3A-45E2-A61C-065576196DC2} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/1/gdnUS208
19 esses:<br />C:\WINDOWS\System32\smss.exe<br />C:\WINDOWS\system32\csrss.exe<br />C:\WINDOWS\system32\winlogon.exe<br />C:\WINDOWS\system32\services.exe<br />C:\WINDOWS\system32\lsass.exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\Program Files\STOPzilla!\szntsvc.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\Explorer.EXE<br />C:\WINDOWS\system32\spoolsv.exe<br />C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe<br />C:\PROGRA~1\mcafee.com\agent\mcagent.exe<br />C:\Program Files\STOPzilla!\Stopzilla.exe<br />C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe<br />C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe<br />c:\progra~1\mcafee.com\vso\mcvsescn.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe<br />C:\WINDOWS\system32\RUNDLL32.EXE<br />C:\PROGRA~1\SPYWAR~1\swdoctor.exe<br />C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe<br />C:\WINDOWS\System32\CTsvcCDA.exe<br />C:\WINDOWS\system32\drivers\dcfssvc.exe<br />C:\PROGRA~1\Iomega\System32\AppServices.exe<br />c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe<br />C:\WINDOWS\System32\nvsvc32.exe<br />C:\WINDOWS\system32\wdfmgr.exe<br />C:\WINDOWS\System32\MsPMSPSv.exe<br />c:\PROGRA~1\mcafee.com\vso\mcshield.exe<br />C:\WINDOWS\System32\alg.exe<br />C:\Program Files\MSN\MSNCoreFiles\msn.exe<br />C:\Program Files\MSN Messenger\msnmsgr.exe<br />c:\progra~1\mcafee.com\vso\mcvsftsn.exe<br />C:\Program Files\Messenger\msmsgs.exe<br />C:\Program Files\HijackThis\HijackThis.exe<br /><br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://www.iwantsearch.com' target='_blank'>http://www.iwantsear...arch.com</a><br />R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm<br />R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online<br />R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1<br />O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll<br />O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll<br />O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\SZIEBHO.dll<br />O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll<br />O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup<br />O4 - HKLM\..\Run: [diagent] &quot;C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe&quot; startup<br />O4 - HKLM\..\Run: [VSOCheckTask] &quot;c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe&quot; /checktask<br />O4 - HKLM\..\Run: [VirusScan Online] &quot;c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe&quot;<br />O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe<br />O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe<br />O4 - HKLM\..\Run: [STOPzilla] &quot;C:\Program Files\STOPzilla!\Stopzilla.exe&quot; /autorun<br />O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe<br />O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe<br />O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe<br />O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\iba
22 Windows XP<br /> </span><br /> <img src="style_images/1/spacer.gif" alt="" width="160" height="1" /><br /> </td> <td width="100%" valign="top" class="post1"> <!-- THE POST 144251 --> <div class="postcolor">Yes, I have had this start page problem for quite some time. Regardless of what I change the start page to, it always goes back to <a href='http://www.iwantsearch.com/' target='_blank'>http://www.iwantsearch.com/</a> <!--IBF.ATTACHMENT_144251--></div> <!-- THE POST --> </td> </tr> <tr> <td class="formbuttonrow" nowrap="nowrap"> <div style='text-align:left'><img src='style_images/1/p_online.gif' border='0' alt='User is online!' /><a href="java script:PopUp('http://www.geekstogo.com/forum/index.php?act=Profile&amp;CODE=showcard&amp;MID=57168','AddressCard','600','300','0','1','1','1')" title="Show Contact Card"><img src='style_images/1/p_card.gif' border='0' alt='Profile Card' /></a><a href="http://www.geekstogo...MID=57168"><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><!--<a href="http://www.geekstogo...7168.html"><img src='style_images/1/p_email.gif' border='0' alt='Email Poster' /></a>--></div> </td> <td class="formbuttonrow" nowrap="nowrap"> <!-- PM / EMAIL / WWW / MSGR --> <div style="float: left;"> <a href="java script:scroll(0,0);"><img src='style_images/1/p_up.gif' border='0' alt='Go to the top of the page' /></a> </div> <!-- REPORT / UP --> <div align="right"> <a href="http://www.geekstogo...&#38;st=0"><img src='style_images/1/p_edit.gif' border='0' alt='Edit Post' /></a><a href="#" onclick="multiquote_add(144251); return false;" title="Toggle multiquote addition"><img src="style_images/1/p_mq_add.gif" name="mad_144251" alt="+" /></a><a href="http://www.geekstogo...38;qpid=144251" title="Reply directly to this post"><img src='style_images/1/p_quote.gif' border='0' alt='Quote Post' /></a> </div> </td> </tr><tr> <td class="catend" colspan="2"><!-- no content --></td> </tr> </table><!--Begin Msg Number 144299--> <table cellspacing="1"> <tr> <td valign="middle" class="row2" width="1%"><a name="entry144299"></a><span class="normalname"><a href='http://www.geekstogo.com/forum/Metallica-m7027.html'>Metallica</a></span></td> <td class="row2" valign="top" width="99%"> <!-- POSTED DATE DIV --> <div style="float: left;"> <span class="postdetails"> <img src='style_images/1/to_post_off.gif' alt='post' border='0' style='padding-bottom:2px' /> Yesterday, 06:35 AM</span> </div> <!-- REPORT / DELETE / EDIT / QUOTE DIV --> <div align="right"> <span class="postdetails"> Post <a title="Show the link to this post" href="#" onclick="link_to_post(144299); return false;">#7</a> </span> </div> </td> </tr> <tr> <td valign="top" class="post2"> <span class="postdetails"> <img src='http://www.geekstogo.com/forum/uploads/av-7027.gif' border='0' width='60' height='23' alt='' /><br /><br /> Malware Expert<br /> <img src="staff.gif" alt="Group Icon" /><br /><br /> Group: Global Moderator<br /> Posts: 3,447<br /> Joined: 23-November 04<br /> Member No.: 7,027<br /> Operating System:<br />
23 Win2k, XP and Mandrake<br /> </span><br /> <img src="style_images/1/spacer.gif" alt="" width="160" height="1" /><br /> </td> <td width="100%" valign="top" class="post2"> <!-- THE POST 144299 --> <div class="postcolor">Please download Agent Ransack from: <br /><a href='http://www.mythicsoft.com/agentransack/' target='_blank'>http://www.mythicsof...entransack/</a> <br /><br />Run the program and make sure there are Checkmarks in the Expert User and Containing Text boxes on the Advanced tab. <br /><br />In the bottom bar type or paste <b>iwantsearch</b><br /><br />Then click Start Search. <br /><br />It will take quite a while before it's done. <br /><br />When it is click &quot;Save results&quot; (icon #4 from the left) <br />Choose save to clipboard and paste them into your next post. <br /><br />Regards, <!--IBF.ATTACHMENT_144299--></div> <br /><br />--------------------<br /> <div class="signature"><span style='color:brown'><b>Pieter</b></span><br /><br /><a href='http://metallica.geekstogo.com/' target='_blank'><span style='color:red'><b>Remove & prevent spyware</b></span></a></div> <!-- THE POST --> </td> </tr> <tr> <td class="formbuttonrow" nowrap="nowrap"> <div style='text-align:left'><img src='style_images/1/p_offline.gif' border='0' alt='User is offline' /><a href="java script:PopUp('http://www.geekstogo.com/forum/index.php?act=Profile&amp;CODE=showcard&amp;MID=7027','AddressCard','600','300','0','1','1','1')" title="Show Contact Card"><img src='style_images/1/p_card.gif' border='0' alt='Profile Card' /></a><a href="http://www.geekstogo...;MID=7027"><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><!----></div> </td> <td class="formbuttonrow" nowrap="nowrap"> <!-- PM / EMAIL / WWW / MSGR --> <div style="float: left;"> <a href="java script:scroll(0,0);"><img src='style_images/1/p_up.gif' border='0' alt='Go to the top of the page' /></a> </div> <!-- REPORT / UP --> <div align="right"> <a href="#" onclick="multiquote_add(144299); return false;" title="Toggle multiquote addition"><img src="style_images/1/p_mq_add.gif" name="mad_144299" alt="+" /></a><a href="http://www.geekstogo...38;qpid=144299" title="Reply directly to this post"><img src='style_images/1/p_quote.gif' border='0' alt='Quote Post' /></a> </div> </td> </tr><tr> <td class="catend" colspan="2"><!-- no content --></td> </tr> </table><!--Begin Msg Number 146172--> <table cellspacing="1"> <tr> <td valign="middle" class="row2" width="1%"><a name="entry146172"></a><span class="normalname"><a href='http://www.geekstogo.com/forum/Herb119-m57168.html'>Herb119</a></span></td> <td class="row2" valign="top" width="99%"> <!-- POSTED DATE DIV --> <div style="float: left;"> <span class="postdetails"> <img src='style_images/1/to_post_off.gif' alt='post' border='0' style='padding-bottom:2px' /> Today, 11:20 AM</span> </div> <!-- REPORT / DELETE / EDIT / QUOTE DIV --> <div align="right"> <span class="postdetails"> Post <a title="Show the link to this post" href="#" onclick="link_to_post(146172); return false;">#8</a> </span> </div> </td> </tr> <tr> <td valign="top" class="post1"> <span class="postdetails"> <br /><br /> Member<br /> <img src='style_images/1/pip.gif' border='0' alt='*' /><img src='style_images/1/pip.gif' border='0' alt='*' /><br /><br /> Group: Member<br /> Posts: 6<br /> Joined: 25-May 05<br /> Member No.: 57,168<br /> Operating System:<br />

C:\Documents and Settings\The Moe Family\Local Settings\Temporary Internet Files\Content.IE5\GDIJKHIN\Non_stop_pop_ups-t28994[1].htm (99 KB, 5/28/2005 11:18:33 AM)
17 exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\Program Files\STOPzilla!\szntsvc.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\system32\spoolsv.exe<br />C:\PROGRA~1\mcafee.com\agent\mcagent.exe<br />C:\Program Files\STOPzilla!\Stopzilla.exe<br />C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe<br />C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe<br />c:\progra~1\mcafee.com\vso\mcvsescn.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe<br />C:\WINDOWS\system32\RUNDLL32.EXE<br />C:\Program Files\Spyware Doctor\swdoctor.exe<br />C:\Program Files\Internet Explorer\iexplore.exe<br />c:\progra~1\intern~1\iexplore.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe<br />C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe<br />C:\WINDOWS\System32\CTsvcCDA.exe<br />C:\WINDOWS\system32\drivers\dcfssvc.exe<br />C:\PROGRA~1\Iomega\System32\AppServices.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe<br />C:\WINDOWS\System32\nvsvc32.exe<br />C:\WINDOWS\system32\wdfmgr.exe<br />C:\WINDOWS\System32\MsPMSPSv.exe<br />c:\progra~1\mcafee.com\vso\mcvsftsn.exe<br />C:\Program Files\Messenger\msmsgs.exe<br />C:\Program Files\MSN Messenger\msnmsgr.exe<br />c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe<br />c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe<br />c:\PROGRA~1\mcafee.com\vso\mcshield.exe<br />C:\WINDOWS\explorer.exe<br />C:\Program Files\MSN\MSNCoreFiles\msn.exe<br />C:\Program Files\HijackThis\HijackThis.exe<br /><br />R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = <a href='http://searchmiracle.com/sp.php' target='_blank'>http://searchmiracle...m/sp.php</a><br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://www.iwantsearch.com' target='_blank'>http://www.iwantsear...arch.com</a><br />R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank<br />R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm<br />R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online<br />R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1<br />O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll<br />O2 - BHO: (no name) - {7B996AF3-32E1-89E6-A9CB-F9C9C1758652} - C:\DOCUME~1\THEMOE~1\APPLIC~1\SEEKFU~1\twospam.exe<br />O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll<br />O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\SZIEBHO.dll<br />O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll<br />O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup<br />O4 - HKLM\..\Run: [diagent] &quot;C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe&quot; startup<br />O4 - HKLM\..\Run: [VSOCheckTask] &quot;c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe&quot; /checktask<br />O4 - HKLM\..\Run: [VirusScan Online] &quot;c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe&quot;<br />O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe<br />O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe<br />O4 - HKLM\..\Run: [STOPzilla] &quot;C:\Program Files\STOPzilla!\Stopzilla.exe&quot; /autorun<br />O4 - HKLM\..\Run: [abu] abu.exe<br />O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe<br />O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files&
17 Win2k, XP and Mandrake<br /> </span><br /> <img src="style_images/1/spacer.gif" alt="" width="160" height="1" /><br /> </td> <td width="100%" valign="top" class="post1"> <!-- THE POST 142287 --> <div class="postcolor">Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:<br /><br />R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = <a href='http://searchmiracle.com/sp.php' target='_blank'>http://searchmiracle...m/sp.php</a><br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://www.iwantsearch.com' target='_blank'>http://www.iwantsear...arch.com</a><br />R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank<br /><br />O2 - BHO: (no name) - {7B996AF3-32E1-89E6-A9CB-F9C9C1758652} - C:\DOCUME~1\THEMOE~1\APPLIC~1\SEEKFU~1\twospam.exe<br /><br />O4 - HKLM\..\Run: [abu] abu.exe<br /><br />O4 - HKLM\..\Run: [SetupSixthAimRoad] C:\Documents and Settings\All Users\Application Data\scr bash setup sixth\First Window.exe<br /><br />O4 - HKLM\..\Run: [golumm] C:\WINDOWS\System32\golumm\services.exe<br /><br />O4 - HKLM\..\Run: [REEGRUN] C:\index.exe<br /><br />O4 - HKLM\..\RunServices: [Windows Compliant] exvwwp.exe<br />O4 - HKLM\..\RunServices: [MSNMSGR5] MSNMSGR5.exe<br />O4 - HKCU\..\Run: [Gbzth] C:\WINDOWS\System32\d?dplay.exe<br /><br />O4 - HKCU\..\Run: [CornBags] C:\DOCUME~1\LOCALS~1\APPLIC~1\GRIMDO~1\WEBADMINCITY.exe<br /><br />O4 - HKCU\..\Run: [sysinit] C:\WINDOWS\System32\golumm\services.exe<br /><br />O16 - DPF: {03EE37F2-24A6-2160-1236-1054485169B8} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0422EFAF-329B-1795-0B3C-0D8B2934D274} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {05669230-6FD3-0DDC-7AA1-55407243F25F} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br /><br />O16 - DPF: {0676AEFF-A62D-1FCC-E82F-1C93254F4816} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0776B53B-C3F1-6857-4520-09AF0EEFE301} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {082C671D-F4F9-06FC-F166-5D09798304F7} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0872BBDF-14C7-3774-0998-07285BB35361} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {08C727A5-FEE4-0032-D1A4-7B255E7133F2} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0A637158-84DF-0420-624A-19883CE5C7BE} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0A86BB98-9511-386F-7FFE-004A42E8EAA2} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0D83B617-CDF8-4DF1-F38F-34971E114000} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0F35295A-80B5-59DE-54CC-7F8419FB36D7} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {1221690F-F801-46BC-C5A4-7F2B5D89436A} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {133F0599-EDCA-0E96-C383-02633494CDFE} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {14F40B04-7241-28D7-C0C6-236E1633B291} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {15E449F2-291F-04B9-8187-622B4EE1645D} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {16752296-4578-13E4-9695-7B1644CE0785} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {17381D1E-BFE7-2809-15E1-22FD3FC917A6} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {19E4B143-49E9-4F74-3338-4AA40075C353} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {1BB8D993-DC3A-45E2-A61C-065576196DC2} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>http://69.50.188.54/1/gdnUS208
19 esses:<br />C:\WINDOWS\System32\smss.exe<br />C:\WINDOWS\system32\csrss.exe<br />C:\WINDOWS\system32\winlogon.exe<br />C:\WINDOWS\system32\services.exe<br />C:\WINDOWS\system32\lsass.exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\Program Files\STOPzilla!\szntsvc.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\Explorer.EXE<br />C:\WINDOWS\system32\spoolsv.exe<br />C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe<br />C:\PROGRA~1\mcafee.com\agent\mcagent.exe<br />C:\Program Files\STOPzilla!\Stopzilla.exe<br />C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe<br />C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe<br />c:\progra~1\mcafee.com\vso\mcvsescn.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe<br />C:\WINDOWS\system32\RUNDLL32.EXE<br />C:\PROGRA~1\SPYWAR~1\swdoctor.exe<br />C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe<br />C:\WINDOWS\System32\CTsvcCDA.exe<br />C:\WINDOWS\system32\drivers\dcfssvc.exe<br />C:\PROGRA~1\Iomega\System32\AppServices.exe<br />c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe<br />C:\WINDOWS\System32\nvsvc32.exe<br />C:\WINDOWS\system32\wdfmgr.exe<br />C:\WINDOWS\System32\MsPMSPSv.exe<br />c:\PROGRA~1\mcafee.com\vso\mcshield.exe<br />C:\WINDOWS\System32\alg.exe<br />C:\Program Files\MSN\MSNCoreFiles\msn.exe<br />C:\Program Files\MSN Messenger\msnmsgr.exe<br />c:\progra~1\mcafee.com\vso\mcvsftsn.exe<br />C:\Program Files\Messenger\msmsgs.exe<br />C:\Program Files\HijackThis\HijackThis.exe<br /><br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://www.iwantsearch.com' target=&
  • 0

Advertisements


#11
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Nothing really significant. Backups from Spybot and AdAware and Temporary Internet files.

Copy the part in bold below and save it as iwsrem.reg

REGEDIT4

[-HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1]

[-HKEY_CLASSES_ROOT\ToolBand.ToolBandObj]

[-HKEY_CLASSES_ROOT\ToolBand.StartBHO.1]

[-HKEY_CLASSES_ROOT\ToolBand.StartBHO]

[-HKEY_CLASSES_ROOT\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{30192F8D-0958-44E6-B54D-331FD39AC959}]

[-HKEY_CURRENT_USER\Software\SerG]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www."google.com/"

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SBSoft]


Doubleclick the file you made and confirm you want to merge it with the regsitry.

Reboot and post a new HijackThis log.

Regards,
  • 0

#12
Herb119

Herb119

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
This is new territory for me.

How exactly do I make a .reg file?

Thank you.
  • 0

#13
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Start Notepad and copy the part in bold below into notepad and save it as iwsrem.reg
Set Filetype to All files.

REGEDIT4

[-HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1]

[-HKEY_CLASSES_ROOT\ToolBand.ToolBandObj]

[-HKEY_CLASSES_ROOT\ToolBand.StartBHO.1]

[-HKEY_CLASSES_ROOT\ToolBand.StartBHO]

[-HKEY_CLASSES_ROOT\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{30192F8D-0958-44E6-B54D-331FD39AC959}]

[-HKEY_CURRENT_USER\Software\SerG]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www."google.com/"

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SBSoft]


Regards,
  • 0

#14
Herb119

Herb119

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thank you for the help.

Here is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 9:27:17 PM, on 6/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\SZIEBHO.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://ive.indymacb...oterisSetup.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...84/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/...of.cab34501.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,21/mcgdmgr.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab34842.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
  • 0

#15
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
The log is clean. But is your computer behaving now?

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP