Solved

hijack this file

Posted on 2004-10-13
13
359 Views
Last Modified: 2013-12-29
This is a WIN 98 SE OS on a DELL laptop 3800 with 64 MB of memory and a 500 mhz processor.   Can someone please help me diagnose this hijack file?  Thanks.

Logfile of HijackThis v1.97.7
Scan saved at 8:16:43 PM, on 10/13/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ATI2PLXX.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\APOINT\APOINT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\NAVISEARCH\BIN\NLS.EXE
C:\PROGRAM FILES\BULLSEYE NETWORK\BIN\BARGAINS.EXE
C:\PROGRAM FILES\CASHBACK\BIN\CASHBACK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\VVSN\VVSN.EXE
C:\PROGRAM FILES\EZULA\MMOD.EXE
C:\PROGRAM FILES\WEB OFFER\WO.EXE
C:\WINDOWS\APOINT\APWHEEL.EXE
C:\PROGRAM FILES\LINKSYS\WIRELESS-G NOTEBOOK ADAPTER\WPC54CFG.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\PROGRAM FILES\TV MEDIA\TVMBHO.DLL
O2 - BHO: (no name) - {0A67A106-487F-0EC0-C885-A6E35D036DAC} - C:\windows\system\awtsmrea.dll
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\NETI.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\SYSTEM\MSBE.DLL
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\SYSTEM\MSCB.DLL
O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\SYSTEM\NVMS.DLL
O2 - BHO: (no name) - {E8CC495C-FB92-84E7-80E7-B57EA94B563A} - C:\WINDOWS\Nlqkptkp.dll
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - C:\PROGRAM FILES\SE\V11\SE.DLL
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\RECOMMENDED HOTFIX - 421701D\V15\RH.DLL
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: (no name) - {3D0BDAB3-12F4-471C-8966-E35A2C6C7DE7} - (no file)
O3 - Toolbar: Search - {A83A3CCA-A9FC-20C5-2829-292D6448FA23} - C:\WINDOWS\Nlqkptkp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [AlpsPoint] c:\windows\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SystemTray] systray.exe
O4 - HKLM\..\Run: [ATIPOLAB] ati2plxx.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CPortPatch] C:\WINDOWS\Quick Install\CPPatch.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [newsgroup ml070e] "c:\program files\newsgroup\newsgroup.exe"
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System\}
O4 - HKLM\..\Run: [// Browser Detec] c:\WINDOWS\System\// Browser Detection
O4 - HKLM\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINDOWS\System\IE4plus = (document.all) ? true : false;
O4 - HKLM\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINDOWS\System\ver4 = (NS4 || IE4plus) ? true : false;
O4 - HKLM\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINDOWS\System\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKLM\..\Run: [IE5plus = IE5 || ] c:\WINDOWS\System\IE5plus = IE5 || IE6;
O4 - HKLM\..\Run: [IEMajor ] c:\WINDOWS\System\IEMajor = 0;
O4 - HKLM\..\Run: [if (IE4p] c:\WINDOWS\System\if (IE4plus)
O4 - HKLM\..\Run: [      IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINDOWS\System\      IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKLM\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINDOWS\System\// Body onload utility (supports multiple onload functions)
O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\WINDOWS\System\var gSafeOnload = new Array();
O4 - HKLM\..\Run: [function SafeAddOnloa] c:\WINDOWS\System\function SafeAddOnload(f)
O4 - HKLM\..\Run: [      if (IEmac && IE4)  // IE 4.5 blows out on testing window.on] c:\WINDOWS\System\      if (IEmac && IE4)  // IE 4.5 blows out on testing window.onload
O4 - HKLM\..\Run: [            window.onload = SafeOnl] c:\WINDOWS\System\            window.onload = SafeOnload;
O4 - HKLM\..\Run: [            gSafeOnload[gSafeOnload.length] ] c:\WINDOWS\System\            gSafeOnload[gSafeOnload.length] = f;
O4 - HKLM\..\Run: [      else if  (window.onl] c:\WINDOWS\System\      else if  (window.onload)
O4 - HKLM\..\Run: [            if (window.onload != SafeOnl] c:\WINDOWS\System\            if (window.onload != SafeOnload)
O4 - HKLM\..\Run: [                  gSafeOnload[0] = window.onl] c:\WINDOWS\System\                  gSafeOnload[0] = window.onload;
O4 - HKLM\..\Run: [                  window.onload = SafeOnl] c:\WINDOWS\System\                  window.onload = SafeOnload;
O4 - HKLM\..\Run: [      ] c:\WINDOWS\System\      else
O4 - HKLM\..\Run: [            window.onload ] c:\WINDOWS\System\            window.onload = f;
O4 - HKLM\..\Run: [function SafeOnlo] c:\WINDOWS\System\function SafeOnload()
O4 - HKLM\..\Run: [            gSafeOnload[i] c:\WINDOWS\System\            gSafeOnload[i]();
O4 - HKLM\..\Run: [function isInt(nu] c:\WINDOWS\System\function isInt(numIn)
O4 - HKLM\..\Run: [      var checknum = parseInt(num] c:\WINDOWS\System\      var checknum = parseInt(numIn);
O4 - HKLM\..\Run: [      return !isNaN(checkn] c:\WINDOWS\System\      return !isNaN(checknum);
O4 - HKLM\..\Run: [function PUW_In] c:\WINDOWS\System\function PUW_Init()
O4 - HKLM\..\Run: [      if (gPopupWindow.CheckFrequenc] c:\WINDOWS\System\      if (gPopupWindow.CheckFrequency())
O4 - HKLM\..\Run: [function PUW_Sh] c:\WINDOWS\System\function PUW_Show()
O4 - HKLM\..\Run: [      var newWin = window.open(this.url,this.name,settin] c:\WINDOWS\System\      var newWin = window.open(this.url,this.name,settings);
O4 - HKLM\..\Run: [      if (! this.on] c:\WINDOWS\System\      if (! this.ontop)
O4 - HKLM\..\Run: [            window.focu] c:\WINDOWS\System\            window.focus();
O4 - HKLM\..\Run: [function PUW_CheckFrequen] c:\WINDOWS\System\function PUW_CheckFrequency()
O4 - HKLM\..\Run: [      var shouldShow = this.frequency !] c:\WINDOWS\System\      var shouldShow = this.frequency != 0;
O4 - HKLM\..\Run: [            var allCookies = document.coo] c:\WINDOWS\System\            var allCookies = document.cookie;
O4 - HKLM\..\Run: [                        end = allCookies.len] c:\WINDOWS\System\                        end = allCookies.length;
O4 - HKLM\..\Run: [                  var freqStr = allCookies.substring(start+9,e] c:\WINDOWS\System\                  var freqStr = allCookies.substring(start+9,end);
O4 - HKLM\..\Run: [                  if (isInt(freqS] c:\WINDOWS\System\                  if (isInt(freqStr))
O4 - HKLM\..\Run: [                        this.frequency = parseInt(freqS] c:\WINDOWS\System\                        this.frequency = parseInt(freqStr);
O4 - HKLM\..\Run: [                  this.frequenc] c:\WINDOWS\System\                  this.frequency--;
O4 - HKLM\..\Run: [            ] c:\WINDOWS\System\            else
O4 - HKLM\..\Run: [                  shouldShow = fa] c:\WINDOWS\System\                  shouldShow = false;
O4 - HKLM\..\Run: [            var exp = new Dat] c:\WINDOWS\System\            var exp = new Date();
O4 - HKLM\..\Run: [            exp.setTime(exp.getTime()+this.renew*60*60] c:\WINDOWS\System\            exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKLM\..\Run: [      return shouldS] c:\WINDOWS\System\      return shouldShow;
O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\WINDOWS\System\function PopupWindow(url,width,height)
O4 - HKLM\..\Run: [      this.width = wi] c:\WINDOWS\System\      this.width = width;
O4 - HKLM\..\Run: [      this.height = hei] c:\WINDOWS\System\      this.height = height;
O4 - HKLM\..\Run: [      this.top = screen.availHeight/2 - height/2; // ce] c:\WINDOWS\System\      this.top = screen.availHeight/2 - height/2; // center
O4 - HKLM\..\Run: [      this.left = screen.availWidth/2 - width/2; // ce] c:\WINDOWS\System\      this.left = screen.availWidth/2 - width/2; // center
O4 - HKLM\..\Run: [      this.url = ] c:\WINDOWS\System\      this.url = url;
O4 - HKLM\..\Run: [      this.showDelay = 2] c:\WINDOWS\System\      this.showDelay = 2000;
O4 - HKLM\..\Run: [      this.frequency = 1; // how many times show per renewal time pe] c:\WINDOWS\System\      this.frequency = 1; // how many times show per renewal time period
O4 - HKLM\..\Run: [      this.renew = 1; // renew showing every x h] c:\WINDOWS\System\      this.renew = 1; // renew showing every x hours
O4 - HKLM\..\Run: [      this.scrollbars= fa] c:\WINDOWS\System\      this.scrollbars= false;
O4 - HKLM\..\Run: [      this.toolbar= fa] c:\WINDOWS\System\      this.toolbar= false;
O4 - HKLM\..\Run: [      this.statusbar= fa] c:\WINDOWS\System\      this.statusbar= false;
O4 - HKLM\..\Run: [      this.resizable = fa] c:\WINDOWS\System\      this.resizable = false;
O4 - HKLM\..\Run: [      this.locationbar = fa] c:\WINDOWS\System\      this.locationbar = false;
O4 - HKLM\..\Run: [      this.menubar = fa] c:\WINDOWS\System\      this.menubar = false;
O4 - HKLM\..\Run: [      this.ontop = fa] c:\WINDOWS\System\      this.ontop = false;
O4 - HKLM\..\Run: [      this.Init = PUW_I] c:\WINDOWS\System\      this.Init = PUW_Init;
O4 - HKLM\..\Run: [      this.Show = PUW_S] c:\WINDOWS\System\      this.Show = PUW_Show;
O4 - HKLM\..\Run: [      this.CheckFrequency = PUW_CheckFreque] c:\WINDOWS\System\      this.CheckFrequency = PUW_CheckFrequency;
O4 - HKLM\..\Run: [function PUWSta] c:\WINDOWS\System\function PUWStart()
O4 - HKLM\..\Run: [      gPopupWindow.Ini] c:\WINDOWS\System\      gPopupWindow.Init();
O4 - HKLM\..\Run: [SafeAddOnload(PUWSta] c:\WINDOWS\System\SafeAddOnload(PUWStart);
O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\WINDOWS\System\gPopupWindow.toolbar = false;
O4 - HKLM\..\Run: [gPopupWindow.statusbar = fa] c:\WINDOWS\System\gPopupWindow.statusbar = false;
O4 - HKLM\..\Run: [gPopupWindow.resizable = fa] c:\WINDOWS\System\gPopupWindow.resizable = false;
O4 - HKLM\..\Run: [gPopupWindow.ontop = fa] c:\WINDOWS\System\gPopupWindow.ontop = false;
O4 - HKLM\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINDOWS\System\A:hover {background: #FFCC00; color: black;}
O4 - HKLM\..\Run: [<H] c:\WINDOWS\System\<Head>
O4 - HKLM\..\Run: [<title>advertisement</ti] c:\WINDOWS\System\<title>advertisement</title>
O4 - HKLM\..\Run: [</h] c:\WINDOWS\System\</head>
O4 - HKLM\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINDOWS\System\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
O4 - HKLM\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINDOWS\System\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKLM\..\Run: [<script language="javascript" type="text/javascri] c:\WINDOWS\System\<script language="javascript" type="text/javascript">
O4 - HKLM\..\Run: [var d=docum] c:\WINDOWS\System\var d=document;
O4 - HKLM\..\Run: [var NN4=d.layers?] c:\WINDOWS\System\var NN4=d.layers?1:0;
O4 - HKLM\..\Run: [if(!NN] c:\WINDOWS\System\if(!NN4)      {
O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINDOWS\System\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKLM\..\Run: [} el] c:\WINDOWS\System\} else {
O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINDOWS\System\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
O4 - HKLM\..\Run: [Search-Exe] "C:\PROGRAM FILES\SE\V11\SE.EXE" /H
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [VVSN] C:\PROGRAM FILES\VVSN\VVSN.EXE
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System\}
O4 - HKCU\..\Run: [// Browser Detec] c:\WINDOWS\System\// Browser Detection
O4 - HKCU\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINDOWS\System\IE4plus = (document.all) ? true : false;
O4 - HKCU\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINDOWS\System\ver4 = (NS4 || IE4plus) ? true : false;
O4 - HKCU\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINDOWS\System\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKCU\..\Run: [IE5plus = IE5 || ] c:\WINDOWS\System\IE5plus = IE5 || IE6;
O4 - HKCU\..\Run: [IEMajor ] c:\WINDOWS\System\IEMajor = 0;
O4 - HKCU\..\Run: [if (IE4p] c:\WINDOWS\System\if (IE4plus)
O4 - HKCU\..\Run: [      IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINDOWS\System\      IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKCU\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINDOWS\System\// Body onload utility (supports multiple onload functions)
O4 - HKCU\..\Run: [var gSafeOnload = new Arra] c:\WINDOWS\System\var gSafeOnload = new Array();
O4 - HKCU\..\Run: [function SafeAddOnloa] c:\WINDOWS\System\function SafeAddOnload(f)
O4 - HKCU\..\Run: [      if (IEmac && IE4)  // IE 4.5 blows out on testing window.on] c:\WINDOWS\System\      if (IEmac && IE4)  // IE 4.5 blows out on testing window.onload
O4 - HKCU\..\Run: [            window.onload = SafeOnl] c:\WINDOWS\System\            window.onload = SafeOnload;
O4 - HKCU\..\Run: [            gSafeOnload[gSafeOnload.length] ] c:\WINDOWS\System\            gSafeOnload[gSafeOnload.length] = f;
O4 - HKCU\..\Run: [      else if  (window.onl] c:\WINDOWS\System\      else if  (window.onload)
O4 - HKCU\..\Run: [            if (window.onload != SafeOnl] c:\WINDOWS\System\            if (window.onload != SafeOnload)
O4 - HKCU\..\Run: [                  gSafeOnload[0] = window.onl] c:\WINDOWS\System\                  gSafeOnload[0] = window.onload;
O4 - HKCU\..\Run: [                  window.onload = SafeOnl] c:\WINDOWS\System\                  window.onload = SafeOnload;
O4 - HKCU\..\Run: [      ] c:\WINDOWS\System\      else
O4 - HKCU\..\Run: [            window.onload ] c:\WINDOWS\System\            window.onload = f;
O4 - HKCU\..\Run: [function SafeOnlo] c:\WINDOWS\System\function SafeOnload()
O4 - HKCU\..\Run: [            gSafeOnload[i] c:\WINDOWS\System\            gSafeOnload[i]();
O4 - HKCU\..\Run: [function isInt(nu] c:\WINDOWS\System\function isInt(numIn)
O4 - HKCU\..\Run: [      var checknum = parseInt(num] c:\WINDOWS\System\      var checknum = parseInt(numIn);
O4 - HKCU\..\Run: [      return !isNaN(checkn] c:\WINDOWS\System\      return !isNaN(checknum);
O4 - HKCU\..\Run: [function PUW_In] c:\WINDOWS\System\function PUW_Init()
O4 - HKCU\..\Run: [      if (gPopupWindow.CheckFrequenc] c:\WINDOWS\System\      if (gPopupWindow.CheckFrequency())
O4 - HKCU\..\Run: [function PUW_Sh] c:\WINDOWS\System\function PUW_Show()
O4 - HKCU\..\Run: [      var newWin = window.open(this.url,this.name,settin] c:\WINDOWS\System\      var newWin = window.open(this.url,this.name,settings);
O4 - HKCU\..\Run: [      if (! this.on] c:\WINDOWS\System\      if (! this.ontop)
O4 - HKCU\..\Run: [            window.focu] c:\WINDOWS\System\            window.focus();
O4 - HKCU\..\Run: [function PUW_CheckFrequen] c:\WINDOWS\System\function PUW_CheckFrequency()
O4 - HKCU\..\Run: [      var shouldShow = this.frequency !] c:\WINDOWS\System\      var shouldShow = this.frequency != 0;
O4 - HKCU\..\Run: [            var allCookies = document.coo] c:\WINDOWS\System\            var allCookies = document.cookie;
O4 - HKCU\..\Run: [                        end = allCookies.len] c:\WINDOWS\System\                        end = allCookies.length;
O4 - HKCU\..\Run: [                  var freqStr = allCookies.substring(start+9,e] c:\WINDOWS\System\                  var freqStr = allCookies.substring(start+9,end);
O4 - HKCU\..\Run: [                  if (isInt(freqS] c:\WINDOWS\System\                  if (isInt(freqStr))
O4 - HKCU\..\Run: [                        this.frequency = parseInt(freqS] c:\WINDOWS\System\                        this.frequency = parseInt(freqStr);
O4 - HKCU\..\Run: [                  this.frequenc] c:\WINDOWS\System\                  this.frequency--;
O4 - HKCU\..\Run: [            ] c:\WINDOWS\System\            else
O4 - HKCU\..\Run: [                  shouldShow = fa] c:\WINDOWS\System\                  shouldShow = false;
O4 - HKCU\..\Run: [            var exp = new Dat] c:\WINDOWS\System\            var exp = new Date();
O4 - HKCU\..\Run: [            exp.setTime(exp.getTime()+this.renew*60*60] c:\WINDOWS\System\            exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKCU\..\Run: [      return shouldS] c:\WINDOWS\System\      return shouldShow;
O4 - HKCU\..\Run: [function PopupWindow(url,width,hei] c:\WINDOWS\System\function PopupWindow(url,width,height)
O4 - HKCU\..\Run: [      this.width = wi] c:\WINDOWS\System\      this.width = width;
O4 - HKCU\..\Run: [      this.height = hei] c:\WINDOWS\System\      this.height = height;
O4 - HKCU\..\Run: [      this.top = screen.availHeight/2 - height/2; // ce] c:\WINDOWS\System\      this.top = screen.availHeight/2 - height/2; // center
O4 - HKCU\..\Run: [      this.left = screen.availWidth/2 - width/2; // ce] c:\WINDOWS\System\      this.left = screen.availWidth/2 - width/2; // center
O4 - HKCU\..\Run: [      this.url = ] c:\WINDOWS\System\      this.url = url;
O4 - HKCU\..\Run: [      this.showDelay = 2] c:\WINDOWS\System\      this.showDelay = 2000;
O4 - HKCU\..\Run: [      this.frequency = 1; // how many times show per renewal time pe] c:\WINDOWS\System\      this.frequency = 1; // how many times show per renewal time period
O4 - HKCU\..\Run: [      this.renew = 1; // renew showing every x h] c:\WINDOWS\System\      this.renew = 1; // renew showing every x hours
O4 - HKCU\..\Run: [      this.scrollbars= fa] c:\WINDOWS\System\      this.scrollbars= false;
O4 - HKCU\..\Run: [      this.toolbar= fa] c:\WINDOWS\System\      this.toolbar= false;
O4 - HKCU\..\Run: [      this.statusbar= fa] c:\WINDOWS\System\      this.statusbar= false;
O4 - HKCU\..\Run: [      this.resizable = fa] c:\WINDOWS\System\      this.resizable = false;
O4 - HKCU\..\Run: [      this.locationbar = fa] c:\WINDOWS\System\      this.locationbar = false;
O4 - HKCU\..\Run: [      this.menubar = fa] c:\WINDOWS\System\      this.menubar = false;
O4 - HKCU\..\Run: [      this.ontop = fa] c:\WINDOWS\System\      this.ontop = false;
O4 - HKCU\..\Run: [      this.Init = PUW_I] c:\WINDOWS\System\      this.Init = PUW_Init;
O4 - HKCU\..\Run: [      this.Show = PUW_S] c:\WINDOWS\System\      this.Show = PUW_Show;
O4 - HKCU\..\Run: [      this.CheckFrequency = PUW_CheckFreque] c:\WINDOWS\System\      this.CheckFrequency = PUW_CheckFrequency;
O4 - HKCU\..\Run: [function PUWSta] c:\WINDOWS\System\function PUWStart()
O4 - HKCU\..\Run: [      gPopupWindow.Ini] c:\WINDOWS\System\      gPopupWindow.Init();
O4 - HKCU\..\Run: [SafeAddOnload(PUWSta] c:\WINDOWS\System\SafeAddOnload(PUWStart);
O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\WINDOWS\System\gPopupWindow.toolbar = false;
O4 - HKCU\..\Run: [gPopupWindow.statusbar = fa] c:\WINDOWS\System\gPopupWindow.statusbar = false;
O4 - HKCU\..\Run: [gPopupWindow.resizable = fa] c:\WINDOWS\System\gPopupWindow.resizable = false;
O4 - HKCU\..\Run: [gPopupWindow.ontop = fa] c:\WINDOWS\System\gPopupWindow.ontop = false;
O4 - HKCU\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINDOWS\System\A:hover {background: #FFCC00; color: black;}
O4 - HKCU\..\Run: [<H] c:\WINDOWS\System\<Head>
O4 - HKCU\..\Run: [<title>advertisement</ti] c:\WINDOWS\System\<title>advertisement</title>
O4 - HKCU\..\Run: [</h] c:\WINDOWS\System\</head>
O4 - HKCU\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINDOWS\System\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
O4 - HKCU\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINDOWS\System\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKCU\..\Run: [<script language="javascript" type="text/javascri] c:\WINDOWS\System\<script language="javascript" type="text/javascript">
O4 - HKCU\..\Run: [var d=docum] c:\WINDOWS\System\var d=document;
O4 - HKCU\..\Run: [var NN4=d.layers?] c:\WINDOWS\System\var NN4=d.layers?1:0;
O4 - HKCU\..\Run: [if(!NN] c:\WINDOWS\System\if(!NN4)      {
O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINDOWS\System\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKCU\..\Run: [} el] c:\WINDOWS\System\} else {
O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINDOWS\System\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
O4 - HKCU\..\RunServices: [] c:\WINDOWS\System\}
O4 - HKCU\..\RunServices: [// Browser Detec] c:\WINDOWS\System\// Browser Detection
O4 - HKCU\..\RunServices: [IE4plus = (document.all) ? true : fa] c:\WINDOWS\System\IE4plus = (document.all) ? true : false;
O4 - HKCU\..\RunServices: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINDOWS\System\ver4 = (NS4 || IE4plus) ? true : false;
O4 - HKCU\..\RunServices: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINDOWS\System\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKCU\..\RunServices: [IE5plus = IE5 || ] c:\WINDOWS\System\IE5plus = IE5 || IE6;
O4 - HKCU\..\RunServices: [IEMajor ] c:\WINDOWS\System\IEMajor = 0;
O4 - HKCU\..\RunServices: [if (IE4p] c:\WINDOWS\System\if (IE4plus)
O4 - HKCU\..\RunServices: [      IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINDOWS\System\      IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKCU\..\RunServices: [// Body onload utility (supports multiple onload functi] c:\WINDOWS\System\// Body onload utility (supports multiple onload functions)
O4 - HKCU\..\RunServices: [var gSafeOnload = new Arra] c:\WINDOWS\System\var gSafeOnload = new Array();
O4 - HKCU\..\RunServices: [function SafeAddOnloa] c:\WINDOWS\System\function SafeAddOnload(f)
O4 - HKCU\..\RunServices: [      if (IEmac && IE4)  // IE 4.5 blows out on testing window.on] c:\WINDOWS\System\      if (IEmac && IE4)  // IE 4.5 blows out on testing window.onload
O4 - HKCU\..\RunServices: [            window.onload = SafeOnl] c:\WINDOWS\System\            window.onload = SafeOnload;
O4 - HKCU\..\RunServices: [            gSafeOnload[gSafeOnload.length] ] c:\WINDOWS\System\            gSafeOnload[gSafeOnload.length] = f;
O4 - HKCU\..\RunServices: [      else if  (window.onl] c:\WINDOWS\System\      else if  (window.onload)
O4 - HKCU\..\RunServices: [            if (window.onload != SafeOnl] c:\WINDOWS\System\            if (window.onload != SafeOnload)
O4 - HKCU\..\RunServices: [                  gSafeOnload[0] = window.onl] c:\WINDOWS\System\                  gSafeOnload[0] = window.onload;
O4 - HKCU\..\RunServices: [                  window.onload = SafeOnl] c:\WINDOWS\System\                  window.onload = SafeOnload;
O4 - HKCU\..\RunServices: [      ] c:\WINDOWS\System\      else
O4 - HKCU\..\RunServices: [            window.onload ] c:\WINDOWS\System\            window.onload = f;
O4 - HKCU\..\RunServices: [function SafeOnlo] c:\WINDOWS\System\function SafeOnload()
O4 - HKCU\..\RunServices: [            gSafeOnload[i] c:\WINDOWS\System\            gSafeOnload[i]();
O4 - HKCU\..\RunServices: [function isInt(nu] c:\WINDOWS\System\function isInt(numIn)
O4 - HKCU\..\RunServices: [      var checknum = parseInt(num] c:\WINDOWS\System\      var checknum = parseInt(numIn);
O4 - HKCU\..\RunServices: [      return !isNaN(checkn] c:\WINDOWS\System\      return !isNaN(checknum);
O4 - HKCU\..\RunServices: [function PUW_In] c:\WINDOWS\System\function PUW_Init()
O4 - HKCU\..\RunServices: [      if (gPopupWindow.CheckFrequenc] c:\WINDOWS\System\      if (gPopupWindow.CheckFrequency())
O4 - HKCU\..\RunServices: [function PUW_Sh] c:\WINDOWS\System\function PUW_Show()
O4 - HKCU\..\RunServices: [      var newWin = window.open(this.url,this.name,settin] c:\WINDOWS\System\      var newWin = window.open(this.url,this.name,settings);
O4 - HKCU\..\RunServices: [      if (! this.on] c:\WINDOWS\System\      if (! this.ontop)
O4 - HKCU\..\RunServices: [            window.focu] c:\WINDOWS\System\            window.focus();
O4 - HKCU\..\RunServices: [function PUW_CheckFrequen] c:\WINDOWS\System\function PUW_CheckFrequency()
O4 - HKCU\..\RunServices: [      var shouldShow = this.frequency !] c:\WINDOWS\System\      var shouldShow = this.frequency != 0;
O4 - HKCU\..\RunServices: [            var allCookies = document.coo] c:\WINDOWS\System\            var allCookies = document.cookie;
O4 - HKCU\..\RunServices: [                        end = allCookies.len] c:\WINDOWS\System\                        end = allCookies.length;
O4 - HKCU\..\RunServices: [                  var freqStr = allCookies.substring(start+9,e] c:\WINDOWS\System\                  var freqStr = allCookies.substring(start+9,end);
O4 - HKCU\..\RunServices: [                  if (isInt(freqS] c:\WINDOWS\System\                  if (isInt(freqStr))
O4 - HKCU\..\RunServices: [                        this.frequency = parseInt(freqS] c:\WINDOWS\System\                        this.frequency = parseInt(freqStr);
O4 - HKCU\..\RunServices: [                  this.frequenc] c:\WINDOWS\System\                  this.frequency--;
O4 - HKCU\..\RunServices: [            ] c:\WINDOWS\System\            else
O4 - HKCU\..\RunServices: [                  shouldShow = fa] c:\WINDOWS\System\                  shouldShow = false;
O4 - HKCU\..\RunServices: [            var exp = new Dat] c:\WINDOWS\System\            var exp = new Date();
O4 - HKCU\..\RunServices: [            exp.setTime(exp.getTime()+this.renew*60*60] c:\WINDOWS\System\            exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKCU\..\RunServices: [      return shouldS] c:\WINDOWS\System\      return shouldShow;
O4 - HKCU\..\RunServices: [function PopupWindow(url,width,hei] c:\WINDOWS\System\function PopupWindow(url,width,height)
O4 - HKCU\..\RunServices: [      this.width = wi] c:\WINDOWS\System\      this.width = width;
O4 - HKCU\..\RunServices: [      this.height = hei] c:\WINDOWS\System\      this.height = height;
O4 - HKCU\..\RunServices: [      this.top = screen.availHeight/2 - height/2; // ce] c:\WINDOWS\System\      this.top = screen.availHeight/2 - height/2; // center
O4 - HKCU\..\RunServices: [      this.left = screen.availWidth/2 - width/2; // ce] c:\WINDOWS\System\      this.left = screen.availWidth/2 - width/2; // center
O4 - HKCU\..\RunServices: [      this.url = ] c:\WINDOWS\System\      this.url = url;
O4 - HKCU\..\RunServices: [      this.showDelay = 2] c:\WINDOWS\System\      this.showDelay = 2000;
O4 - HKCU\..\RunServices: [      this.frequency = 1; // how many times show per renewal time pe] c:\WINDOWS\System\      this.frequency = 1; // how many times show per renewal time period
O4 - HKCU\..\RunServices: [      this.renew = 1; // renew showing every x h] c:\WINDOWS\System\      this.renew = 1; // renew showing every x hours
O4 - HKCU\..\RunServices: [      this.scrollbars= fa] c:\WINDOWS\System\      this.scrollbars= false;
O4 - HKCU\..\RunServices: [      this.toolbar= fa] c:\WINDOWS\System\      this.toolbar= false;
O4 - HKCU\..\RunServices: [      this.statusbar= fa] c:\WINDOWS\System\      this.statusbar= false;
O4 - HKCU\..\RunServices: [      this.resizable = fa] c:\WINDOWS\System\      this.resizable = false;
O4 - HKCU\..\RunServices: [      this.locationbar = fa] c:\WINDOWS\System\      this.locationbar = false;
O4 - HKCU\..\RunServices: [      this.menubar = fa] c:\WINDOWS\System\      this.menubar = false;
O4 - HKCU\..\RunServices: [      this.ontop = fa] c:\WINDOWS\System\      this.ontop = false;
O4 - HKCU\..\RunServices: [      this.Init = PUW_I] c:\WINDOWS\System\      this.Init = PUW_Init;
O4 - HKCU\..\RunServices: [      this.Show = PUW_S] c:\WINDOWS\System\      this.Show = PUW_Show;
O4 - HKCU\..\RunServices: [      this.CheckFrequency = PUW_CheckFreque] c:\WINDOWS\System\      this.CheckFrequency = PUW_CheckFrequency;
O4 - HKCU\..\RunServices: [function PUWSta] c:\WINDOWS\System\function PUWStart()
O4 - HKCU\..\RunServices: [      gPopupWindow.Ini] c:\WINDOWS\System\      gPopupWindow.Init();
O4 - HKCU\..\RunServices: [SafeAddOnload(PUWSta] c:\WINDOWS\System\SafeAddOnload(PUWStart);
O4 - HKCU\..\RunServices: [gPopupWindow.toolbar = fa] c:\WINDOWS\System\gPopupWindow.toolbar = false;
O4 - HKCU\..\RunServices: [gPopupWindow.statusbar = fa] c:\WINDOWS\System\gPopupWindow.statusbar = false;
O4 - HKCU\..\RunServices: [gPopupWindow.resizable = fa] c:\WINDOWS\System\gPopupWindow.resizable = false;
O4 - HKCU\..\RunServices: [gPopupWindow.ontop = fa] c:\WINDOWS\System\gPopupWindow.ontop = false;
O4 - HKCU\..\RunServices: [A:hover {background: #FFCC00; color: bla] c:\WINDOWS\System\A:hover {background: #FFCC00; color: black;}
O4 - HKCU\..\RunServices: [<H] c:\WINDOWS\System\<Head>
O4 - HKCU\..\RunServices: [<title>advertisement</ti] c:\WINDOWS\System\<title>advertisement</title>
O4 - HKCU\..\RunServices: [</h] c:\WINDOWS\System\</head>
O4 - HKCU\..\RunServices: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINDOWS\System\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
O4 - HKCU\..\RunServices: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINDOWS\System\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKCU\..\RunServices: [<script language="javascript" type="text/javascri] c:\WINDOWS\System\<script language="javascript" type="text/javascript">
O4 - HKCU\..\RunServices: [var d=docum] c:\WINDOWS\System\var d=document;
O4 - HKCU\..\RunServices: [var NN4=d.layers?] c:\WINDOWS\System\var NN4=d.layers?1:0;
O4 - HKCU\..\RunServices: [if(!NN] c:\WINDOWS\System\if(!NN4)      {
O4 - HKCU\..\RunServices: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINDOWS\System\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKCU\..\RunServices: [} el] c:\WINDOWS\System\} else {
O4 - HKCU\..\RunServices: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINDOWS\System\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKCU\..\RunServices: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\RunServices: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\RunServices: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
O4 - Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Dell Home (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38271.6420601852
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 206.74.254.2,204.116.57.2

0
Comment
Question by:tonyadam
13 Comments
 
LVL 10

Accepted Solution

by:
dis1931 earned 84 total points
ID: 12304430
http://www.hijackthis.de/

You can use this link to sel diagnose the hijack this log and read more about the running processes
0
 
LVL 65

Assisted Solution

by:SheharyaarSaahil
SheharyaarSaahil earned 83 total points
ID: 12304432
Hello tonyadam =)

Can u think that anyone can look at that crap =\
Do this first, Download these tools and run them in safmeode to clean ur system before using hijakchtis !!
========================================================
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot  ==> http://www.spychecker.com/program/spybot.html
CoolWebShredder ==> http://www.spychecker.com/program/coolwebshredder.html
Stinger >> http://vil.nai.com/vil/stinger
========================================================

Run Disk Cleanup to delete all the temp and temp internet files from ur hard drive !!
Then boot back in normal mode to check for the problems, if still u are having them then Download HijackThis v1.98.2 from here, run it and Save the LOG file:
http://tools.radiosplace.com/HijackThis.exe

Then Post that log at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, Fix the entries which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)

!! GOOD LUCK !!
0
 
LVL 10

Expert Comment

by:dis1931
ID: 12304437
Though just from the looks of it you have lots to clean up
0
 
LVL 8

Expert Comment

by:qfren
ID: 12304500
Hi:

agree with dis1931,do some "clean up" on bground process....

Click on start->run->then type in "msconfig" without ""
Click on the startup tab,
there you'll have a listing of all programs that startup when your computer starts up.
Simply uncheck the one you dont want to startup when you computer start up


mc
0
 
LVL 10

Expert Comment

by:dis1931
ID: 12304560
It is also a good idea to run spybot and ad-aware to clean some of this out...but i am a manual person myself...so i like to find and destroy myself....:-)
0
The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

 
LVL 38

Assisted Solution

by:BillDL
BillDL earned 83 total points
ID: 12304832
Here's my appraisal of your Log, Tony.

Your RUNNING PROGRAMS:

C:\PROGRAM FILES\VVSN\VVSN.EXE
I see this running process as Spyware.
It offers clocksync and weathercast and is installed along with the WhenuSearch toolbar, and other programs.

See:
http://www.liutilities.com/products/wintaskspro/processlibrary/VVSN/
and
http://sarc.com/avcenter/venc/data/pf/adware.purityscan.c.html

Advise Uninstalling WHENU (and PuritySCAN if it exists) from Control panel > Add/Remove Programs, and then running HiJack This again to remove related entries.

C:\PROGRAM FILES\NAVISEARCH\BIN\NLS.EXE

NLS.EXE is an advertising program by Webrebates. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups.

http://www.liutilities.com/products/wintaskspro/processlibrary/nls/
and
http://www.pestpatrol.com/PestInfo/t/toprebates.asp

C:\PROGRAM FILES\BULLSEYE NETWORK\BIN\BARGAINS.EXE

Spyware which generates pop-up advertisements and analyses your computer usage for analysis by Exact Advertising.

http://www.pestpatrol.com/PestInfo/e/exactsearchbar.asp
and
http://www.liutilities.com/products/wintaskspro/processlibrary/bargains
and
http://www.windowsstartup.com/wso/detail.php?id=284
and
http://sarc.com/avcenter/venc/data/pf/adware.bargainbuddy.html

C:\PROGRAM FILES\CASHBACK\BIN\CASHBACK.EXE

http://www.pestpatrol.com/PestInfo/e/exactsearchbar.asp
and
http://www.iamnotageek.com/a/349-p1.php
and
http://www.iamnotageek.com/a/338-p1.php

C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE

Why is it running? Weere you using it?  If Not, stop it from starting up using MSCONFIG's "startup" tab, or change the user preferences if this is an option.  (see notes later).

BEFORE uninstalling any of these, or selecting them for "fixing" by HiJack This, see if you can first use the Ctrl + Alt + Del Task List to "end task".

I reckon that practically all of the above programs have been installed by one or even just 2 downloaded programs.  Select ALL except REALPLAY.EXE in the Hijack This results.

If you now look at all the R1 entries, you will notice that they all relate to settings in your registry that have been overwritten by the Spyware.

Select ALL the R1's EXCEPT for the one that says "Window Title = Microsoft Internet Explorer provided by Dell" in the HiJack This results.

Select the entry listed as R3 (TV MEDIA\TVMBHO.DLL)

Select ALL the 02 BHO entries.

Select ALL 03 Toolbar entries except for "Toolbar: &Radio"

Of the 04 HKLM\..\Run entries, select ONLY the following:

[NaviSearch]
[BullsEye Network]
all the way down to, and including
[Search-Exe]

The stuff in between is all JavaScript code.

Now select:

[VVSN]

Skip to the entry just below GRISOFT (missing out GRISOFT)

Now select everything from:

[] c:\WINDOWS\System\}
all the way down to (and including) the
[TV Media]
which is right above the entry:
O4 - Startup: Wireless-G Notebook Adapter Utility.lnk
(Don't select the Wireless-G Notebook Adapter entry)
All that stuff in between is JavaScript Code.

NOW that you have selected all of these, just click the HiJack This "FIX" button.

Now, WITHOUT shutting down, use
Start Menu > Run > and type MSCONFIG > click "OK"
Open the "Startup" tab, and deselect "RealPlay.exe"
Click "APPLY" and then immediately restart your computer when told to.

Now you should have a very serious look in your Control Panel > Add/Remove Programs and see if there are any programs that you DO NOT remember installing, or that were mentioned above as being spyware.

Uninstall them one at a time, with a reboot in between.

Run HiJack This again and see what it reports.  Don't post the log here, but look for any of those that you selected for "Fixing" to ensure they haven't returned.

Now look in C:\Program Files folder and see if any of the folders have been left empty of partially occupied from those programs you just removed.  Delete the folder and contents.

Let us know how you have got on.

Bill
0
 
LVL 38

Expert Comment

by:BillDL
ID: 12304886
I see that my evaluation ran very much in parallel with the self analysis page  :-)

Take the advice of SheharyaarSaahil and download the most recent version of HiJack This.

http://tools.radiosplace.com/HijackThis.exe

To kill persistent processes, or have a file deleted when the computer next boots, you can click the "Config" button, and then the "Misc Tool" tab to see some useful things.  I don't think this was in older versions.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 12514403
The question was:

"Can someone please help me diagnose this hijack file?"

Although I tend to agree with SheharyaarSaahil's subtle observation "Can u think that anyone can look at that crap", I believe that his question has been answered in full.

I did just what tonyadam requested, and "diagnosed it" for him, but not before other comments that told him how to get an automated diagnosis provided from a web page, rather than a personal appraisal like mine.

dis1931 was the first to provide the relevant link, and  SheharyaarSaahil then qualified that link so it would load the English page. SheharyaarSaahil then explained which items in the results page rendered by that site should be removed, and also provided links to other suggested anti-spyware tools.

I suggest that you split the points 3 ways between dis1931, SheharyaarSaahil, and BillDL.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 12515350
Thank you, Lee.
0
 

Author Comment

by:tonyadam
ID: 12515651
To those that tried to help with this problem.....I have to apologize for not getting back to you.  Please forgive me.  This system was so messed up that the decision was to rebuild it.  There are very few files worth retaining so the easier step was to  start new and then add appropriate spyware and virus programs to keep the system clean in the future.  Thanks for all of your efforts to help.
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now