Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help my browser has been hijacked by iwantsearch

Started by irlandese , Sep 16 2004 01:27 PM

Please log in to reply

#1
irlandese

Posted 16 September 2004 - 01:27 PM

Member

Member
10 posts

i did find a removal tool for this hijacker, sadly when i reboot it returns

so i downloaded hijack this and ran it and here are the results <_<

Logfile of HijackThis v1.97.7
Scan saved at 21:15:24, on 16/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\JIT\schednt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
D:\Program Files\PestPatrol\PPControl.exe
D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
D:\PROGRA~1\PESTPA~1\CookiePatrol.exe
D:\Program Files\Logitech\Keyboard\iTouch\iTouch.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Logitech\MouseWare\MouseWare\system\em_exec.exe
D:\Program Files\The Cleaner\tca.exe
D:\Program Files\MSN MsngrPlus\MsgPlus.exe
d:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
D:\Program Files\BootXP2\BootXP.exe
C:\WINDOWS\System32\atwtusb.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\TBLMOUSE.EXE
D:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
D:\Program Files\CloneCD\CloneCDTray.exe
D:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\JIT\sched.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
D:\Program Files\washer\Webroot\Washer\wwDisp.exe
E:\Program Files\PBooost 1.4\PBooost.exe
D:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
D:\PROGRA~1\XEMICO~1\ACTIVE~1\ADC.exe
D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
D:\Program Files\YahooPOPs\YahooPOPs.exe
d:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Paint Shop Pro 9.exe
D:\Program Files\Edit Pad Pro\EditPadPro.exe
D:\Program Files\Avant Browser\iexplore.exe
C:\Documents and Settings\Theresa\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwantsear...8-752ACFCEBF83}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Theresa's Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://shell.windows...dir.asp?Ext=lid
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rundlg32.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\Theresa\Application Data\Mozilla\Profiles\default\8auakbut.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://d%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_UK.src"); (C:\Documents and Settings\Theresa\Application Data\Mozilla\Profiles\default\8auakbut.slt\prefs.js)
O1 - Hosts: 203.161.127.141 www.dcsresearch.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CA6C3EA-2054-4011-BC9F-8BBC017A169C} - C:\Documents and Settings\Theresa\Application Data\SBSoft\uns.dll
O2 - BHO: (no name) - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rundlg32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rundlg32.dll
O4 - HKLM\..\Run: [PestPatrol Control Center] d:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] D:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [zBrowser Launcher] d:\Program Files\Logitech\Keyboard\iTouch\iTouch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] d:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [tcactive] d:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] d:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MSN MsngrPlus\MsgPlus.exe"
O4 - HKLM\..\Run: [BootXP] D:\Program Files\BootXP2\BootXP.exe /min /change
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [APVXDWIN] "d:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "d:\Program Files\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [JITScheduler] "D:\Program Files\JIT\sched.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Window Washer] D:\Program Files\washer\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SymNetDrv\SNDMon.exe
O4 - HKCU\..\Run: [IncrediMail] D:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Hogsoft PoserBooost] "E:\Program Files\PBooost 1.4\PBooost.exe" runMinimized
O4 - HKCU\..\Run: [Active Desktop Calendar] D:\PROGRA~1\XEMICO~1\ACTIVE~1\ADC.exe
O4 - HKLM\..\RunOnce: [Index Washer] D:\Program Files\washer\Webroot\Washer\WashIdx.exe "Theresa"
O4 - Startup: YahooPOPs.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to AD Black List - D:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Block All Images from the Same Server - D:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Druid: Download All Files - d:\Program Files\XemiComputers\Download Druid\Druid.html
O8 - Extra context menu item: Druid: Download Highlighted Files - d:\Program Files\XemiComputers\Download Druid\DruidHighLighted.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - D:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - D:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Save Flash - res://d:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Search - D:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra button: Download (HKLM)
O9 - Extra 'Tools' menuitem: Druid: Download All Files (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Druid Bar (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Flash (HKCU)
O10 - Broken Internet access because of LSP provider 'imslsp.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7768.6356018518
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95D19531-C0B3-48DD-B8D3-FC59E406F3A3}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{95D19531-C0B3-48DD-B8D3-FC59E406F3A3}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{95D19531-C0B3-48DD-B8D3-FC59E406F3A3}: NameServer = 192.168.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{95D19531-C0B3-48DD-B8D3-FC59E406F3A3}: NameServer = 192.168.0.1

#2
freek

Posted 16 September 2004 - 01:47 PM

Member

Member
167 posts

What you want to do is rescan with HJT with no browsers or windows open besides HJT, and then after it completes, check R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwantsear...8-752ACFCEBF83}

And then click "Fix Checked". I hope this helps.

#3
irlandese

Posted 16 September 2004 - 03:32 PM

Member

Topic Starter
Member
10 posts

thanks but that did not fix it <_<

i rescanned ---- with all windows closed --- then fixed the line u mentioned and rescanned again --- then i rebooted and it came back --- below are the 3 scans in the order mentioned here --- can u help me further please?

scan before fix

Logfile of HijackThis v1.97.7
Scan saved at 23:21:26, on 16/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\JIT\schednt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
D:\Program Files\PestPatrol\PPControl.exe
D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
D:\PROGRA~1\PESTPA~1\CookiePatrol.exe
D:\Program Files\Logitech\Keyboard\iTouch\iTouch.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Logitech\MouseWare\MouseWare\system\em_exec.exe
D:\Program Files\The Cleaner\tca.exe
D:\Program Files\MSN MsngrPlus\MsgPlus.exe
d:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
D:\Program Files\BootXP2\BootXP.exe
C:\WINDOWS\System32\atwtusb.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\TBLMOUSE.EXE
D:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
D:\Program Files\CloneCD\CloneCDTray.exe
D:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\JIT\sched.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
D:\Program Files\washer\Webroot\Washer\wwDisp.exe
E:\Program Files\PBooost 1.4\PBooost.exe
D:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
D:\PROGRA~1\XEMICO~1\ACTIVE~1\ADC.exe
D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
D:\Program Files\YahooPOPs\YahooPOPs.exe
d:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Edit Pad Pro\EditPadPro.exe
D:\Program Files\Avant Browser\iexplore.exe
C:\Documents and Settings\Theresa\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwantsear...8-752ACFCEBF83}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Theresa's Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://shell.windows...dir.asp?Ext=lid
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rundlg32.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\Theresa\Application Data\Mozilla\Profiles\default\8auakbut.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://d%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_UK.src"); (C:\Documents and Settings\Theresa\Application Data\Mozilla\Profiles\default\8auakbut.slt\prefs.js)
O1 - Hosts: 203.161.127.141 www.dcsresearch.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CA6C3EA-2054-4011-BC9F-8BBC017A169C} - C:\Documents and Settings\Theresa\Application Data\SBSoft\uns.dll
O2 - BHO: (no name) - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rundlg32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rundlg32.dll
O4 - HKLM\..\Run: [PestPatrol Control Center] d:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] D:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [zBrowser Launcher] d:\Program Files\Logitech\Keyboard\iTouch\iTouch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] d:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [tcactive] d:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] d:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MSN MsngrPlus\MsgPlus.exe"
O4 - HKLM\..\Run: [BootXP] D:\Program Files\BootXP2\BootXP.exe /min /change
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [APVXDWIN] "d:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "d:\Program Files\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [JITScheduler] "D:\Program Files\JIT\sched.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Window Washer] D:\Program Files\washer\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SymNetDrv\SNDMon.exe
O4 - HKCU\..\Run: [IncrediMail] D:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Hogsoft PoserBooost] "E:\Program Files\PBooost 1.4\PBooost.exe" runMinimized
O4 - HKCU\..\Run: [Active Desktop Calendar] D:\PROGRA~1\XEMICO~1\ACTIVE~1\ADC.exe
O4 - HKLM\..\RunOnce: [Index Washer] D:\Program Files\washer\Webroot\Washer\WashIdx.exe "Theresa"
O4 - Startup: YahooPOPs.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to AD Black List - D:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Block All Images from the Same Server - D:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Druid: Download All Files - d:\Program Files\XemiComputers\Download Druid\Druid.html
O8 - Extra context menu item: Druid: Download Highlighted Files - d:\Program Files\XemiComputers\Download Druid\DruidHighLighted.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - D:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - D:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Save Flash - res://d:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Search - D:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra button: Download (HKLM)
O9 - Extra 'Tools' menuitem: Druid: Download All Files (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Druid Bar (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Flash (HKCU)
O10 - Broken Internet access because of LSP provider 'imslsp.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7768.6356018518
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95D19531-C0B3-48DD-B8D3-FC59E406F3A3}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{95D19531-C0B3-48DD-B8D3-FC59E406F3A3}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{95D19531-C0B3-48DD-B8D3-FC59E406F3A3}: NameServer = 192.168.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{95D19531-C0B3-48DD-B8D3-FC59E406F3A3}: NameServer = 192.168.0.1

Scan after fix

Logfile of HijackThis v1.97.7
Scan saved at 23:23:45, on 16/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\JIT\schednt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
D:\Program Files\PestPatrol\PPControl.exe
D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
D:\PROGRA~1\PESTPA~1\CookiePatrol.exe
D:\Program Files\Logitech\Keyboard\iTouch\iTouch.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Logitech\MouseWare\MouseWare\system\em_exec.exe
D:\Program Files\The Cleaner\tca.exe
D:\Program Files\MSN MsngrPlus\MsgPlus.exe
d:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
D:\Program Files\BootXP2\BootXP.exe
C:\WINDOWS\System32\atwtusb.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\TBLMOUSE.EXE
D:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
D:\Program Files\CloneCD\CloneCDTray.exe
D:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\JIT\sched.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
D:\Program Files\washer\Webroot\Washer\wwDisp.exe
E:\Program Files\PBooost 1.4\PBooost.exe
D:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
D:\PROGRA~1\XEMICO~1\ACTIVE~1\ADC.exe
D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
D:\Program Files\YahooPOPs\YahooPOPs.exe
d:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Edit Pad Pro\EditPadPro.exe
D:\Program Files\Avant Browser\iexplore.exe
C:\Documents and Settings\Theresa\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Theresa's Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://shell.windows...dir.asp?Ext=lid
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rundlg32.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\Theresa\Application Data\Mozilla\Profiles\default\8auakbut.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://d%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_UK.src"); (C:\Documents and Settings\Theresa\Application Data\Mozilla\Profiles\default\8auakbut.slt\prefs.js)
O1 - Hosts: 203.161.127.141 www.dcsresearch.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CA6C3EA-2054-4011-BC9F-8BBC017A169C} - C:\Documents and Settings\Theresa\Application Data\SBSoft\uns.dll
O2 - BHO: (no name) - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rundlg32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rundlg32.dll
O4 - HKLM\..\Run: [PestPatrol Control Center] d:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] D:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [zBrowser Launcher] d:\Program Files\Logitech\Keyboard\iTouch\iTouch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] d:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [tcactive] d:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] d:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MSN MsngrPlus\MsgPlus.exe"
O4 - HKLM\..\Run: [BootXP] D:\Program Files\BootXP2\BootXP.exe /min /change
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [APVXDWIN] "d:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "d:\Program Files\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [JITScheduler] "D:\Program Files\JIT\sched.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Window Washer] D:\Program Files\washer\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SymNetDrv\SNDMon.exe
O4 - HKCU\..\Run: [IncrediMail] D:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Hogsoft PoserBooost] "E:\Program Files\PBooost 1.4\PBooost.exe" runMinimized
O4 - HKCU\..\Run: [Active Desktop Calendar] D:\PROGRA~1\XEMICO~1\ACTIVE~1\ADC.exe
O4 - HKLM\..\RunOnce: [Index Washer] D:\Program Files\washer\Webroot\Washer\WashIdx.exe "Theresa"
O4 - Startup: YahooPOPs.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to AD Black List - D:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Block All Images from the Same Server - D:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Druid: Download All Files - d:\Program Files\XemiComputers\Download Druid\Druid.html
O8 - Extra context menu item: Druid: Download Highlighted Files - d:\Program Files\XemiComputers\Download Druid\DruidHighLighted.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - D:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - D:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Save Flash - res://d:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Search - D:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra button: Download (HKLM)
O9 - Extra 'Tools' menuitem: Druid: Download All Files (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Druid Bar (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Flash (HKCU)
O10 - Broken Internet access because of LSP provider 'imslsp.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7768.6356018518
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95D19531-C0B3-48DD-B8D3-FC59E406F3A3}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{95D19531-C0B3-48DD-B8D3-FC59E406F3A3}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{95D19531-C0B3-48DD-B8D3-FC59E406F3A3}: NameServer = 192.168.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{95D19531-C0B3-48DD-B8D3-FC59E406F3A3}: NameServer = 192.168.0.1

Scan after reboot

Logfile of HijackThis v1.97.7
Scan saved at 23:28:17, on 16/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\JIT\schednt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
d:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
D:\Program Files\PestPatrol\PPControl.exe
D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
D:\PROGRA~1\PESTPA~1\CookiePatrol.exe
D:\Program Files\Logitech\Keyboard\iTouch\iTouch.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Logitech\MouseWare\MouseWare\system\em_exec.exe
D:\Program Files\The Cleaner\tca.exe
D:\Program Files\MSN MsngrPlus\MsgPlus.exe
D:\Program Files\BootXP2\BootXP.exe
C:\WINDOWS\System32\atwtusb.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\TBLMOUSE.EXE
D:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
D:\Program Files\CloneCD\CloneCDTray.exe
D:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\JIT\sched.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
D:\Program Files\washer\Webroot\Washer\wwDisp.exe
E:\Program Files\PBooost 1.4\PBooost.exe
D:\PROGRA~1\XEMICO~1\ACTIVE~1\ADC.exe
D:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
D:\Program Files\YahooPOPs\YahooPOPs.exe
d:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Documents and Settings\Theresa\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwantsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Theresa's Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://shell.windows...dir.asp?Ext=lid
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rundlg32.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\Theresa\Application Data\Mozilla\Profiles\default\8auakbut.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://d%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_UK.src"); (C:\Documents and Settings\Theresa\Application Data\Mozilla\Profiles\default\8auakbut.slt\prefs.js)
O1 - Hosts: 203.161.127.141 www.dcsresearch.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CA6C3EA-2054-4011-BC9F-8BBC017A169C} - C:\Documents and Settings\Theresa\Application Data\SBSoft\uns.dll
O2 - BHO: (no name) - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rundlg32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rundlg32.dll
O4 - HKLM\..\Run: [PestPatrol Control Center] d:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] D:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [zBrowser Launcher] d:\Program Files\Logitech\Keyboard\iTouch\iTouch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] d:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [tcactive] d:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] d:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MSN MsngrPlus\MsgPlus.exe"
O4 - HKLM\..\Run: [BootXP] D:\Program Files\BootXP2\BootXP.exe /min /change
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [APVXDWIN] "d:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "d:\Program Files\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [JITScheduler] "D:\Program Files\JIT\sched.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Window Washer] D:\Program Files\washer\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SymNetDrv\SNDMon.exe
O4 - HKCU\..\Run: [IncrediMail] D:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Hogsoft PoserBooost] "E:\Program Files\PBooost 1.4\PBooost.exe" runMinimized
O4 - HKCU\..\Run: [Active Desktop Calendar] D:\PROGRA~1\XEMICO~1\ACTIVE~1\ADC.exe
O4 - HKLM\..\RunOnce: [Index Washer] D:\Program Files\washer\Webroot\Washer\WashIdx.exe "Theresa"
O4 - Startup: YahooPOPs.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to AD Black List - D:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Block All Images from the Same Server - D:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Druid: Download All Files - d:\Program Files\XemiComputers\Download Druid\Druid.html
O8 - Extra context menu item: Druid: Download Highlighted Files - d:\Program Files\XemiComputers\Download Druid\DruidHighLighted.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - D:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - D:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Save Flash - res://d:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Search - D:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra button: Download (HKLM)
O9 - Extra 'Tools' menuitem: Druid: Download All Files (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Druid Bar (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Flash (HKCU)
O10 - Broken Internet access because of LSP provider 'imslsp.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7768.6356018518
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95D19531-C0B3-48DD-B8D3-FC59E406F3A3}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{95D19531-C0B3-48DD-B8D3-FC59E406F3A3}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{95D19531-C0B3-48DD-B8D3-FC59E406F3A3}: NameServer = 192.168.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{95D19531-C0B3-48DD-B8D3-FC59E406F3A3}: NameServer = 192.168.0.1

#4
freek

Posted 16 September 2004 - 03:42 PM

Member

Member
167 posts

Please do the same thing with the scan as before, and then select these:

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwantsearch.com

This should work, post a new log to let us now how it's working <_<

#5
irlandese

Posted 16 September 2004 - 03:58 PM

Member

Topic Starter
Member
10 posts

ye gads its fixed!

tytytyty so much

T <_<

#6
freek

Posted 16 September 2004 - 03:58 PM

Member

Member
167 posts

Congratulations! Your system is CLEAN <_<

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use).

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.
Link to SpywareBlaster: http://www.geekstogo...tion=show&id=12

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend Firefox.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats.

INSTALL SERVICE PACK 2

Edited by freek, 16 September 2004 - 03:59 PM.

#7
irlandese

Posted 16 September 2004 - 04:18 PM

Member

Topic Starter
Member
10 posts

thanks! i did have adware installed but it would not update for some reason when i went to run it this time <_<

so i uninstalled it this evening and was about to reinstall it... will look at the spyware blaster... i do have firefox installed

i mainly use avant browser - i know it runs off the ie engine but i run a couple of groups on msn and am unable to post images if i use either firefox or netscape, i did write to msn about this and they told me it is due to the fact that msn groups are optimized for ie browser arghhhhhhhhhh

i am worried about putting sp2 on - many people i know have had severe problems with it... and for that reason i have been hesitating in downloading it

i am about to put a new hard drive on tomorrow and use it as my primary drive - when i do that i will take the sun java - i had some java issues the other week and swapped to the ms java machine - which seems to haved rectified that - i am a drag me kicking and screaming i wont reformat person LOL

thanks a million once again

#8
Smokey

Posted 16 September 2004 - 07:14 PM

Member 1K

Retired Staff
1,423 posts

That's the way, NEVER reformat <_<

. If your system is spyware free (which it is now), upgrading should go hithout a hitch. There is a news story about if you should upgrade on our homepage:

http://www.geekstogo.com/

#9
irlandese

Posted 17 September 2004 - 10:44 AM

Member

Topic Starter
Member
10 posts

hehehe yeah never reformat thats me - cant understand why so many people reformat so often lol

thanks for the link gonna go check that out now <_<

#10
OzAngel82

Posted 18 September 2004 - 10:35 PM

New Member

Member
4 posts

HI, If you want to remove the annoying iwantsearch.com that keeps changing your homepage then keep reading.
I searched everywhere for a removal tool for this annoying little bugger and got quite frustrated at not finding anything. So i decided to wtire to the website people and tell them just how annoying it was and how could I get rid of it? Well imagine my embarrassment when I sent off the email to them (with a few choice words in there) and a page opened explaining how to uninstall it lol.

So all you have to do is go to start>control panel>add remove programs and uninstall the 'sbsoft' program. This will uninstall it, even if it says it occured errors, change Your homepage back to what you usually have it set to and I bet the iwantsearch doesnt comeback (well it didnt for me, and I even restarted my pc just in case) <_<