Please Help, my computer is a mess

  1. 20-01-2005  #1
    nkcarter2005
    nkcarter2005 is offline Newbie

    Please Help, my computer is a mess

    Hi,

    My computer seems ridden with spyware and I need help.

    Here is the Hijack This log-

    Logfile of HijackThis v1.99.0
    Scan saved at 19:07:34, on 20/12/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\EICON\DIVA 2400 SERIES\SERVER.EXE
    C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDUL2.EXE
    C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
    C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
    C:\PROGRAM FILES\EICON\DIVA 2400 SERIES\ASSISTANT.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
    C:\WINDOWS\SYSTEM\MSTMON_J.EXE
    C:\PROGRAM FILES\COMMON FILES\UPDMGR\UPDMGR.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\WOVAX.EXE
    C:\PROGRAM FILES\COMMON FILES\SLMSS\SLMSS.EXE
    C:\WINDOWS\JAWA32.EXE
    C:\N20050308.EXE
    C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\WCPSVTR.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\NETGEAR\MA301 WIRELESS PC CARD\CONFIG.EXE
    C:\WINDOWS\SYSTEM\PEG1X32J.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50184
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50184
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50184
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
    O3 - Toolbar: ez Search Bar - {CCE83E45-30B2-4BAE-B1F5-25D128D27A43} - C:\WINDOWS\SYSTEM\EZSEARCH.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Topicks Categories - {80E81A0E-9741-4FBC-8EE3-3B78C04ADA1D} - C:\PROGRA~1\TOPICKS\BIN\TPBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [RealTray] C:\Windows\desktop\neil\realplay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [RealJukeboxSystray] "C:\WINDOWS\DESKTOP\NEIL\REALJUKEBOX\tsystray. exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Eicon Diva 2400 Tray] C:\PROGRAM FILES\EICON\DIVA 2400 SERIES\assistant.exe TRAY
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [STOPzilla] C:\PROGRAM FILES\STOPZILLA!\STOPZILLA.EXE /autorun
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\Run: [magicolor 2300WStatusDisplay] C:\WINDOWS\SYSTEM\MSTMON_J.EXE
    O4 - HKLM\..\Run: [KAZAA] C:\WINDOWS\Desktop\Neil\kazaa.exe /SYSTRAY
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    O4 - HKLM\..\Run: [Acronis Popup Blocker] RunDll32.exe C:\PROGRA~1\ACRONIS\PRIVAC~1\POP-UP~5.DLL,Run
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [hah] C:\WINDOWS\hah.exe
    O4 - HKLM\..\Run: [zgdlxvc] C:\WINDOWS\SYSTEM\bntfiv.exe
    O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
    O4 - HKLM\..\Run: [wovax] C:\WINDOWS\wovax.exe
    O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
    O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
    O4 - HKLM\..\Run: [ToPicks Starter] C:\Program Files\ToPicks\Bin\Idhost.exe
    O4 - HKLM\..\Run: [MSN Manager] C:\WINDOWS\cvss.exe
    O4 - HKLM\..\Run: [exfxkc] C:\WINDOWS\SYSTEM\exfxkc.exe
    O4 - HKLM\..\Run: [onityh] C:\WINDOWS\onityh.exe
    O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
    O4 - HKLM\..\Run: [ntechin] C:\N20050308.EXE
    O4 - HKLM\..\Run: [surfforbitsabout] C:\WINDOWS\Application Data\Defaultfivesurffor\Browse itch.exe
    O4 - HKLM\..\Run: [PEG1X32J] C:\WINDOWS\SYSTEM\PEG1X32J.exe
    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [DIVA Server] C:\PROGRAM FILES\EICON\DIVA 2400 SERIES\server.exe
    O4 - HKLM\..\RunServices: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
    O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE /boot
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE"
    O4 - HKCU\..\Run: [WINT] C:\WINDOWS\SYSTEM\wcpsvtr.exe
    O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
    O4 - HKCU\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
    O4 - HKCU\..\Run: [proc body] C:\WINDOWS\APPLIC~1\THUNKA~1\Play third.exe
    O4 - HKCU\..\RunServices: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\RunServices: [PopUpStopperProfessional] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE"
    O4 - HKCU\..\RunServices: [WINT] C:\WINDOWS\SYSTEM\wcpsvtr.exe
    O4 - HKCU\..\RunServices: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
    O4 - HKCU\..\RunServices: [Jawa32] C:\WINDOWS\jawa32.exe
    O4 - HKCU\..\RunServices: [proc body] C:\WINDOWS\APPLIC~1\THUNKA~1\Play third.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Configuration Utility.lnk = C:\Program Files\NETGEAR\MA301 Wireless PC Card\Config.exe
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIE.DLL
    O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIE.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    O9 - Extra button: Acronis*Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\ACRONIS\PRIVAC~1\POP-UP~5.DLL
    O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\ACRONIS\PRIVAC~1\POP-UP~5.DLL
    O9 - Extra button: Dell Home - {408F3260-D3FD-11D4-BB48-A0DF70C1D3EF} - http://www.euro.dell.com/countries/u...en/default.htm (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = pc
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.201.1
    O18 - Protocol: ayb - (no CLSID) - (no file)


    Any help would be much appreciated.

    Thanks

  3. 21-01-2005  #2
    owen
    owen is offline D-A-L Team Member (UK)
    Thats quite a bad log, there are a lot of problems in there. So first will perform a removal of one item to start with that needs a special removal then we'll clear the rest.

    Please download LSPFix from here. Unzip it and run LSPFix.exe.

    1) When LSPFix has started, put a checkmark in "I know what I am doing"
    2) In the Keep column, select all lspak.dll entries and click the arrow to move them into the remove column.
    3) Click the Finish button to remove them.

    Then Boot into Safe Mode

    Delete the following files:
    c:\windows\system\lspak.dll

    Reboot and post a fresh Hijack This log
  4. 27-01-2005  #3
    nkcarter2005
    nkcarter2005 is offline Newbie
    I could not find lspak.dll in the system folder so I could not delete it.

    Here is the fresh log-

    Logfile of HijackThis v1.99.0
    Scan saved at 19:08:06, on 27/12/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\EICON\DIVA 2400 SERIES\SERVER.EXE
    C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDUL2.EXE
    C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
    C:\PROGRAM FILES\EICON\DIVA 2400 SERIES\ASSISTANT.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
    C:\WINDOWS\SYSTEM\MSTMON_J.EXE
    C:\PROGRAM FILES\COMMON FILES\UPDMGR\UPDMGR.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
    C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
    C:\WINDOWS\WOVAX.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\COMMON FILES\SLMSS\SLMSS.EXE
    C:\WINDOWS\JAWA32.EXE
    C:\N20050308.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\ILLFIK.EXE
    C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\WCPSVTR.EXE
    C:\WINDOWS\SYSTEM\UAFKIHT.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\NETGEAR\MA301 WIRELESS PC CARD\CONFIG.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50184
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50184
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\sp.dll/sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50184
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
    O2 - BHO: (no name) - {B4A913E0-5839-11D9-BB52-C4E467C6FB66} - C:\WINDOWS\SYSTEM\IAKIEA.DLL
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
    O3 - Toolbar: ez Search Bar - {CCE83E45-30B2-4BAE-B1F5-25D128D27A43} - C:\WINDOWS\SYSTEM\EZSEARCH.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Topicks Categories - {80E81A0E-9741-4FBC-8EE3-3B78C04ADA1D} - C:\PROGRA~1\TOPICKS\BIN\TPBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [RealTray] C:\Windows\desktop\neil\realplay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [RealJukeboxSystray] "C:\WINDOWS\DESKTOP\NEIL\REALJUKEBOX\tsystray. exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Eicon Diva 2400 Tray] C:\PROGRAM FILES\EICON\DIVA 2400 SERIES\assistant.exe TRAY
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [STOPzilla] C:\PROGRAM FILES\STOPZILLA!\STOPZILLA.EXE /autorun
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\Run: [magicolor 2300WStatusDisplay] C:\WINDOWS\SYSTEM\MSTMON_J.EXE
    O4 - HKLM\..\Run: [KAZAA] C:\WINDOWS\Desktop\Neil\kazaa.exe /SYSTRAY
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    O4 - HKLM\..\Run: [Acronis Popup Blocker] RunDll32.exe C:\PROGRA~1\ACRONIS\PRIVAC~1\POP-UP~5.DLL,Run
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [hah] C:\WINDOWS\hah.exe
    O4 - HKLM\..\Run: [zgdlxvc] C:\WINDOWS\SYSTEM\bntfiv.exe
    O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
    O4 - HKLM\..\Run: [wovax] C:\WINDOWS\wovax.exe
    O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
    O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
    O4 - HKLM\..\Run: [ToPicks Starter] C:\Program Files\ToPicks\Bin\Idhost.exe
    O4 - HKLM\..\Run: [MSN Manager] C:\WINDOWS\cvss.exe
    O4 - HKLM\..\Run: [exfxkc] C:\WINDOWS\SYSTEM\exfxkc.exe
    O4 - HKLM\..\Run: [onityh] C:\WINDOWS\onityh.exe
    O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
    O4 - HKLM\..\Run: [ntechin] C:\N20050308.EXE
    O4 - HKLM\..\Run: [surfforbitsabout] C:\WINDOWS\Application Data\Defaultfivesurffor\Browse itch.exe
    O4 - HKLM\..\Run: [wEfsaBQXk] C:\ILLFIK.EXE
    O4 - HKLM\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
    O4 - HKLM\..\Run: [uafkiht] C:\WINDOWS\SYSTEM\uafkiht.exe
    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [DIVA Server] C:\PROGRAM FILES\EICON\DIVA 2400 SERIES\server.exe
    O4 - HKLM\..\RunServices: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
    O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE /boot
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE"
    O4 - HKCU\..\Run: [WINT] C:\WINDOWS\SYSTEM\wcpsvtr.exe
    O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
    O4 - HKCU\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
    O4 - HKCU\..\Run: [proc body] C:\WINDOWS\APPLIC~1\THUNKA~1\Play third.exe
    O4 - HKCU\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
    O4 - HKCU\..\RunServices: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\RunServices: [PopUpStopperProfessional] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE"
    O4 - HKCU\..\RunServices: [WINT] C:\WINDOWS\SYSTEM\wcpsvtr.exe
    O4 - HKCU\..\RunServices: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
    O4 - HKCU\..\RunServices: [Jawa32] C:\WINDOWS\jawa32.exe
    O4 - HKCU\..\RunServices: [proc body] C:\WINDOWS\APPLIC~1\THUNKA~1\Play third.exe
    O4 - HKCU\..\RunServices: [Jawa322] C:\WINDOWS\jawa32.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Configuration Utility.lnk = C:\Program Files\NETGEAR\MA301 Wireless PC Card\Config.exe
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIE.DLL
    O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIE.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    O9 - Extra button: Acronis*Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\ACRONIS\PRIVAC~1\POP-UP~5.DLL
    O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\ACRONIS\PRIVAC~1\POP-UP~5.DLL
    O9 - Extra button: Dell Home - {408F3260-D3FD-11D4-BB48-A0DF70C1D3EF} - http://www.euro.dell.com/countries/u...en/default.htm (file missing) (HKCU)
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = pc
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.201.1
    O18 - Protocol: ayb - (no CLSID) - (no file)
    O18 - Filter: text/html - {DE27C6C0-5835-11D9-BB52-0030267AC448} - C:\WINDOWS\SYSTEM\IAKIEA.DLL
    O18 - Filter: text/plain - {DE27C6C0-5835-11D9-BB52-0030267AC448} - C:\WINDOWS\SYSTEM\IAKIEA.DLL


    Thanks for your help
  5. 28-01-2005  #4
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    Hello,
    Please download and install APM from here. Also download and install Ad-aware from here.

    Once you have installed Ad-aware, run the program and in the bottom right hand corner click Check For Updates. Update Ad-aware following the prompts and then close the program, we will use it later.

    Now disconnect from the internet, restart Hijack This and put a checkmark next to the following entries:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50184
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50184
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\sp.dll/sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50184
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
    O2 - BHO: (no name) - {B4A913E0-5839-11D9-BB52-C4E467C6FB66} - C:\WINDOWS\SYSTEM\IAKIEA.DLL
    O18 - Protocol: ayb - (no CLSID) - (no file)
    O18 - Filter: text/html - {DE27C6C0-5835-11D9-BB52-0030267AC448} - C:\WINDOWS\SYSTEM\IAKIEA.DLL
    O18 - Filter: text/plain - {DE27C6C0-5835-11D9-BB52-0030267AC448} - C:\WINDOWS\SYSTEM\IAKIEA.DLL

    Now click Fix Checked

    After you have done that, start APM.

    In the top Window select explorer.exe
    After this, in the bottom Windows find IAKIEA.DLL
    Right click IAKIEA.DLL and choose Unload.
    Click OK

    Delete:
    C:\WINDOWS\SYSTEM\IAKIEA.DLL
    (If you can't delete this, Boot into Safe Mode and try.)

    Now Start Ad-aware

    We need to configure Ad-aware for a full scan.

    Click on the Gear icon (second from the left) to access the preferences/settings window

    1. In the General window make sure the following are selected:
    • Automatically save log-file
    • Automatically quarantine objects prior to removal
    • Safe Mode (always request confirmation)
    2. Click on the Scanning button on the left and select :
    • Scan Within Archives
    • Scan Active Processes
    • Scan Registry
    • Deep Scan Registry
    • Scan my IE favorites for banned URL’s
    • Scan my Hosts file
    • Under Click here to select drives + folders, choose:
    • All of your hard drives
    Click on the Advanced button on the left and select:
    • Include additional process information
    • Include additional file information
    • Include environment information
    Click the Tweak button and select:
    • Under the Scanning Engine:
      • Unload recognized processes & modules during scan
      • Include additional Ad-aware settings in logfile
    • Under the Cleaning Engine:
      • Let Windows remove files in use at next reboot
    Click on Proceed to save the settings.

    Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:
    • Use Custom Scanning Options
    Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

    Save the log file when it asks and then click Finish

    When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

    Reboot your computer and post a fresh Hijack This log
+ Reply to Thread
« Hijack This and smsss.exe | about.blank and other issues: hijack log included »