Yaaa!
Ok here's the first steps to take while I work on your log.
Delete all temporary files. Go to "My Computer" right click your Hard Drive, click Properties, click the "Disk Cleanup" button. Make sure all Temp/Temporary folders are selected, downloaded program files, and recycle bin.
Your computer has a number of spyware programs that we need to remove. For more info on spyware see the Spyware Tools link in my signature.
Let's start with a free program. Ad-aware.
Using Ad-aware: Open Ad-Aware and use the Check for updates now link. Download and accept the latest reference file. When finished click the Start button. When done scanning, the Abort button will change to Next. Click the Next button. Right-click in the Scanning Results window and click "Select all objects". Then click the "Next" button and confirm that you want to delete the selected entries.
CLICK HERE to download Ad-aware
Your computer has a number of spyware programs that we need to remove. For more info on spyware see the Spyware Tools link in my signature.
Let's start with a couple of free programs:
CWShredder is the first to run. Here's why: If a CoolWebSearch variant is indeed running on your system, it may actually prevent you from running spyware scans. It is smart enough to detect efforts to detect it, and stop them. Download CWShredder to your desktop or other location. Close all browser windows, double click the CWShredder icon to run, then click the Fix -> button. When finished, reboot and run Spybot Search & Destroy.
Spybot Search & Destroy Download and install. Start Spybot S&D using the "Spybot-S&D (easy mode)" link from your Start menu . Click the Search for updates button, if any are found then click the Download Updates button. After all updates are downloaded, click the Check for problems button. When the scan is complete, place a check next to anything marked in red, then click the Fix selected problems button. You may need to run Spybot S&D multiple times to remove all infections.
[http://www.geekstogo...oad&id=17]CLICK HERE to download CWShredder[/URL]
CLICK HERE to download Spybot S&D
Reboot and Post Fresh Log.
-=jonnyrotten=-
everything worked fine untill I tried to run spybot-s&d- I can't load the program. I download it to my c: drive but I can't install it....
Everytime I go in to explorer i'm still redirected to this site "
http://t.swapx.cc/h.....php?aid=20009" plus I get a popup on security (ironic) even if I keep changing my home page
here's a fresh log
Logfile of HijackThis v1.98.2
Scan saved at 00:48:18, on 2004-10-19
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr-ca\msnappau.exe
C:\WINDOWS\System32\sggkm8c4rb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\sggkm8c4rb.exe
C:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://win-eto.com/hp.htm?id=9R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\g944jmtckrbj.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr-ca\msntb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr-ca\msnappau.exe"
O4 - HKLM\..\Run: [pnpsvc_lock] C:\WINDOWS\System32\498183.exe
O4 - HKLM\..\Run: [Network Security Guard] C:\WINDOWS\System32\sggkm8c4rb.exe
O4 - HKLM\..\Run: [romahere] C:\WINDOWS\System32\matrixhere.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [romahere] C:\WINDOWS\System32\matrixhere.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O15 - Trusted Zone: *.greg-search.com
O16 - DPF: {0DD4833D-DFFA-11D3-94D7-0050DAC353B6} (DndCtrl Class) -
http://www.ofoto.com/OfotoDND.cabO16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} -
http://stream10k.red...cabs/videox.cabO16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) -
http://207.188.7.150...etzip/RdxIE.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.r...ip/RdxIE601.cabO16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) -
http://a1153.g.akama...yerAX_Win32.cabO16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) -
http://launch.gamesp...nch/alaunch.cabO16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -
http://web1.shutterf...ds/Uploader.cabO16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) -
http://fdl.msn.com/z...4/heartbeat.cabO16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) -
http://gaz-webmap-in...et.com/acgm.cabO20 - AppInit_DLLs: u1jh4cpeee6u0.dll ppzg7p814f1.tlb