Logfile of HijackThis v1.98.2
Scan saved at 7:17:43 PM, on 2/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\SYSTEM32\SInstantM.exe
C:\Documents and Settings\Sean\Desktop\HijackThis19802.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\aim\aim.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
O1 - Hosts: 69.50.160.142 localhost
O1 - Hosts: 69.50.160.142 downloads.aaa1screensavers.com #[Bargin Buddy]
O1 - Hosts: 69.50.160.142 dl.aaascreensavers.com
O1 - Hosts: 69.50.160.142 abcsearch.com
O1 - Hosts: 69.50.160.142 admin.abcsearch.com
O1 - Hosts: 69.50.160.142 www3.abcsearch.com #[Browseraid]
O1 - Hosts: 69.50.160.142 www.abcsearch.com
O1 - Hosts: 69.50.160.142 abc517.net #[Trojan.Mitglieder.H]
O1 - Hosts: 69.50.160.142 absoluagency.com #[Trojan.StartPage.H]
O1 - Hosts: 69.50.160.142 acestats.com
O1 - Hosts: 69.50.160.142 www.acestats.com
O1 - Hosts: 69.50.160.142 actualnames.com #[Parasite.ActualNames][Spyware.ActualNames]
O1 - Hosts: 69.50.160.142 www.actualnames.com
O1 - Hosts: 69.50.160.142 ad-up.com
O1 - Hosts: 69.50.160.142 www.ad-up.com
O1 - Hosts: 69.50.160.142 adatom.com
O1 - Hosts: 69.50.160.142 aesp.adatom.com
O1 - Hosts: 69.50.160.142 adbest.com
O1 - Hosts: 69.50.160.142 adserv.adbonus.com
O1 - Hosts: 69.50.160.142 www.adbonus.com
O1 - Hosts: 69.50.160.142 ad2.adcept.net
O1 - Hosts: 69.50.160.142 ad3.adcept.net
O1 - Hosts: 69.50.160.142 www.adcept.net
O1 - Hosts: 69.50.160.142 adcomplete.com
O1 - Hosts: 69.50.160.142 www.adcomplete.com
O1 - Hosts: 69.50.160.142 www.adcopy.info
O1 - Hosts: 69.50.160.142 ads.adcorps.com
O1 - Hosts: 69.50.160.142 ads.addynamix.com
O1 - Hosts: 69.50.160.142 pt.server1.adexit.com
O1 - Hosts: 69.50.160.142 www.adexit.com
O1 - Hosts: 69.50.160.142 www.ad4ever.com
O1 - Hosts: 69.50.160.142 adhearus.com
O1 - Hosts: 69.50.160.142 display2.adhearus.com
O1 - Hosts: 69.50.160.142 ssl3.adhost.com
O1 - Hosts: 69.50.160.142 www2.adhost.com
O1 - Hosts: 69.50.160.142 www.addme.com
O1 - Hosts: 69.50.160.142 www.adinfinity.com
O1 - Hosts: 69.50.160.142 te.adlandpro.com
O1 - Hosts: 69.50.160.142 classic.adlink.de
O1 - Hosts: 69.50.160.142 regio.adlink.de
O1 - Hosts: 69.50.160.142 west.adlink.de
O1 - Hosts: 69.50.160.142 www.adminder.com
O1 - Hosts: 69.50.160.142 adsfac.net
O1 - Hosts: 69.50.160.142 www.adonweb.com
O1 - Hosts: 69.50.160.142 www.adrelevance.com #[NetRatings]
O1 - Hosts: 69.50.160.142 media.adrevolver.com
O1 - Hosts: 69.50.160.142 adroar.com
O1 - Hosts: 69.50.160.142 ads.adroar.com
O1 - Hosts: 69.50.160.142 delta.adroar.com
O1 - Hosts: 69.50.160.142 iads.adroar.com #[Adware.AdRoar][ADW_ADROAR.A]
O1 - Hosts: 69.50.160.142 lists.adroar.com
O1 - Hosts: 69.50.160.142 www.adroar.com
O1 - Hosts: 69.50.160.142 ads.adsag.com
O1 - Hosts: 69.50.160.142 di.adsag.com
O1 - Hosts: 69.50.160.142 img.adsag.com
O1 - Hosts: 69.50.160.142 adserv.com
O1 - Hosts: 69.50.160.142 www.adserv.com
O1 - Hosts: 69.50.160.142 ads.adtomi.com
O1 - Hosts: 69.50.160.142 www.adtomi.com #[Adware.Adtomi]
O1 - Hosts: 69.50.160.142 downldcl.adtoolsinc.com
O1 - Hosts: 69.50.160.142 www.adtoolsinc.com
O1 - Hosts: 69.50.160.142 www.adtrader.com
O1 - Hosts: 69.50.160.142 survey.advantageresearch.com
O1 - Hosts: 69.50.160.142 ad.adver.com.tw
O1 - Hosts: 69.50.160.142 ads.advertise.net
O1 - Hosts: 69.50.160.142 advertisingvision.com #[Adware.Advision]
O1 - Hosts: 69.50.160.142 www.advertisingvision.com
O1 - Hosts: 69.50.160.142 adviva.com
O1 - Hosts: 69.50.160.142 www.adviva.com
O1 - Hosts: 69.50.160.142 ads.adviva.net
O1 - Hosts: 69.50.160.142 adstats.adviva.net
O1 - Hosts: 69.50.160.142 tracker.affistats.com #[msvrl.dll]
O1 - Hosts: 69.50.160.142 www.affiliatefuel.com
O1 - Hosts: 69.50.160.142 banners.affiliatefuel.com
O1 - Hosts: 69.50.160.142 affiliatetarget.com
O1 - Hosts: 69.50.160.142 www.affiliatetarget.com
O1 - Hosts: 69.50.160.142 fcds.affiliatetracking.net
O1 - Hosts: 69.50.160.142 our.affiliatetracking.net
O1 - Hosts: 69.50.160.142 www.affiliatetracking.net
O1 - Hosts: 69.50.160.142 www.affiliatetracking.com
O1 - Hosts: 69.50.160.142 partner.ah-ha.com #[Troj/Subsear-A][Adware-SSF.dr]
O1 - Hosts: 69.50.160.142 adserver.aim4media.com
O1 - Hosts: 69.50.160.142 adtest.aim4media.com
O1 - Hosts: 69.50.160.142 pops.aim4media.com
O1 - Hosts: 69.50.160.142 www.aim4media.com
O1 - Hosts: 69.50.160.142 crs.akamai.com
O1 - Hosts: 69.50.160.142 soap.alexa.com #[Spyware.Alexa][Alexa Toolbar]
O1 - Hosts: 69.50.160.142 www.alexa.com
O1 - Hosts: 69.50.160.142 allcheapsolutions.com #[Backdoor-CIE]
O1 - Hosts: 69.50.160.142 ads.as4x.tmcs.akadns.net #[Ticketmaster]
O1 - Hosts: 69.50.160.142 bantam.ai.net
O1 - Hosts: 69.50.160.142 fiona.ai.net
O1 - Hosts: 69.50.160.142 ads.amazingmedia.com
O1 - Hosts: 69.50.160.142 bohema.amillo.net #[Trojan.Mitglieder.H]
O1 - Hosts: 69.50.160.142 adserver04.ancestry.com #[RealMedia]
O1 - Hosts: 69.50.160.142 ads.antionline.com
O1 - Hosts: 69.50.160.142 junior.apk.net
O1 - Hosts: 69.50.160.142 banner.arttoday.com
O1 - Hosts: 69.50.160.142 associmg.com #[amazon.com]
O1 - Hosts: 69.50.160.142 armbender.com #[UCSearch.ucUCSearch][W32.Adclicker.F.Trojan]
O1 - Hosts: 69.50.160.142 www.armbender.com #[UCSearch.ArmBender]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SDWin32 Class - {DBB1171E-EF63-4F50-91BD-A14CA38F1D99} - C:\WINDOWS\System32\pvrms.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [winversion] C:\WINDOWS\System32\winversion.exe
O4 - HKLM\..\Run: [AdStatus Service] C:\Program Files\AdStatus Service\AdStatServ.exe
O4 - HKLM\..\Run: [Scuba Instant Messenger] SINSTANTM.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [K04sRjJtP] shmwoa.exe
O4 - HKCU\..\RunOnce: [Scuba Instant Messenger] SINSTANTM.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
I would appreciate any help I could get.