Pls I need help! I've been hijaked by aaawebsearch, I getting crazy with a lot of IE popups!
Thanks in advance for the support!
Here my HijackThis log file:
Logfile of HijackThis v1.99.0
Scan saved at 12.50.37, on 27/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\Program Files\NavNT\DefWatch.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.11\Inetd\inetd32.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\Program Files\Network ICE\BlackICE\RapApp.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pctspk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
D:\OmniPagePro14.0\WorkFlowTray.exe
D:\OmniPagePro14.0\Opware14.exe
D:\OmniPagePro14.0\OpScheduler.exe
C:\WINNT\system32\xpsp2fw.exe
C:\WINNT\system32\EWMmg.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\WINNT\system32\internat.exe
C:\WINNT\NCLAUNCH.EXe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
D:\Olympus_Camedia\CM_camera.exe
C:\MSOffice\Office\OSA.EXE
C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
D:\Antivirus\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aaawebsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://aaawebsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://aaawebsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://aaawebsearch.com/?a=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aaawebsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://aaawebsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://aaawebsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://aaawebsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://aaawebsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://aaawebsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://aaawebsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://http-proxy.eu...i-bin/proxy.cgi
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http-proxy.np.ge.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;<local>
R3 - URLSearchHook: (no name) - {387E7382-A174-8B88-81BB-37A36A9975EF} - C:\WINNT\system32\EWMmg.exe
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINNT\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [WorkFlowTray] "D:\OmniPagePro14.0\WorkFlowTray.exe"
O4 - HKLM\..\Run: [Opware14] "D:\OmniPagePro14.0\Opware14.exe"
O4 - HKLM\..\Run: [OpScheduler] "D:\OmniPagePro14.0\OpScheduler.exe"
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINNT\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [81C6F98B] C:\WINNT\system32\EWMmg.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINNT\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINNT\system32\wuclient.exe
O4 - HKCU\..\Run: [81C6F98B] C:\WINNT\system32\EWMmg.exe
O4 - Global Startup: BlackICE Agent.lnk = ?
O4 - Global Startup: CAMEDIA Master.lnk = D:\Olympus_Camedia\CM_camera.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\MSOffice\Office\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Ricerca AltaVista - file://C:\Program Files\ALTAVISTA Toolbar\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Traduci - file://C:\Program Files\ALTAVISTA Toolbar\Cache\SelectedContextTranslation.htm
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - FTP Prefix:
O15 - Trusted Zone: http://*.69sexsearch.com
O15 - Trusted Zone: http://*.addictivetechnologies.net
O15 - Trusted Zone: http://*.c4tdownload.com
O15 - Trusted Zone: http://*.mt-download.com
O15 - Trusted Zone: http://*.overpro.com
O15 - Trusted Zone: http://*.searchmiracle.com
O15 - Trusted Zone: http://*.windupdates.com
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://medquickplace02.ge.com/qp2.cab
O16 - DPF: {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - http://toolbar.altav...ab?r=1093345008
O16 - DPF: {601B418B-E6A6-47FC-A094-07248741CEB3} (Camtronics Medical Systems Web Viewer) - file://E:\vwr_data\WebVwr.cab
O16 - DPF: {BDFC91DC-AAE6-4E27-A624-EC2DE54E2F67} (IntraLaunch.MainControl) - file://E:\zzz_menu\IntraLaunch.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://www.ge.com/fi...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = euro.med.ge.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = euro.med.ge.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = euro.med.ge.com,med.ge.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = euro.med.ge.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = euro.med.ge.com,med.ge.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = euro.med.ge.com,med.ge.com
O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Contivity VPN Service - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Hummingbird Inetd - Hummingbird Ltd. - C:\WINNT\System32\Hummingbird\Connectivity\7.11\Inetd\inetd32.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: PPPoE Service - Unknown - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe
O23 - Service: ReplService - Unknown - C:\Trilogy\ReplService\repl.exe