[Kitiara]

Hey there,

Sorry to bug you again with yet another log. Popnav is driving me nuts and from what I am reading this doesnt seem like a simple fix. Any help would be greatly appreciated.

I've downloaded and installed HijackThis and here is the result.

Thanks in advance!

--------------------------------------------------------------------

Logfile of HijackThis v1.97.7
Scan saved at 1:19:20 PM, on 3/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\ImageStation\USB Direct Connect\SonyC2W.exe
C:\Program Files\Discover Deskshop\Deskshop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\iefeatures.exe
C:\WINDOWS\System32\msbb\msbb.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AIM\aim.exe
C:\PROGRA~1\COMMON~1\FOTONA~1\EvLstnr.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Documents and Settings\michele\Local Settings\Temporary Internet
Files\Content.IE5\C56BK9MR\HijackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program
Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {4209B4C1-1295-4908-9312-A53C036EB3CD} - C:\Documents
and Settings\kayla\Desktop\BHO.dll (file missing)
O2 - BHO: Discover deskshop Browser Helper Object -
{8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\System32\BhoDshop.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SearchNav - {85C76FBD-6218-4379-95C1-B4F37BF6180A} -
C:\Documents and Settings\kayla\Desktop\SearchBar.dll (file missing)
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [SonyC2W] C:\Program Files\Sony\ImageStation\USB Direct
Connect\SonyC2W.exe
O4 - HKLM\..\Run: [DiscoverDeskshop] C:\Program Files\Discover
Deskshop\Deskshop.exe /dontopenmycards
O4 - HKLM\..\Run: [WT GameChannel] C:\Program
Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoUpdater] C:\PROGRA~1\AUTOUP~1\AUTOUP~1.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MSVersion] C:\WINDOWS\System32\iefeaturesversion.exe
O4 - HKLM\..\Run: [iefeatures] C:\WINDOWS\System32\iefeatures.exe
O4 - HKLM\..\Run: [SearchNavVersion] C:\Documents and
Settings\kayla\Desktop\searchnavversion.exe
O4 - HKLM\..\Run: [searchnav] C:\Documents and
Settings\kayla\Desktop\searchnav.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\System32\msbb\msbb.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft
Money\System\mnyexpr.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Deskshop (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2CAB81F6-1CBB-49FD-809E-B2D37D0CFFED} (IEFeature Class) -
http://www.popmonster.com/control/src/iefeatures.ocx
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor
Control) -
http://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,30
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) -
http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802
O16 - DPF: {763C10EE-E4C6-49AA-9325-F15ABF1C52B0} (X1 DownloadControl Class)
- http://www.x1.com/download/X1WebInstall.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://www.nick.com/common/groove/gx/GrooveAX25.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37905.7934143519
O16 - DPF: {B3B8E157-3752-4070-AF84-89880D365362} (SearchNavCtrl Class) -
http://searchnav.com/searchnav/src/SearchNav.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF304508-B304-11D3-B860-00201857EBF5} (Pixami Print Layout
Control) -
http://www.imagestation.com/common/classes/BPPrintClient.cab?ver=2,0,0,49
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) -
http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) -
http://www.sponsoradulto.com/en/SysWebTelecom.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -
http://www.gamespot.com/KDX/zd/kdx.cab

 

[mjack547]

Download and unzip or install these programs/applications if you haven't already got them. If you have them, then make sure they are updated and configured as described

Spybot - Search & Destroy from http://security.kolla.de

AdAware 6 from http://www.lavasoft.de/software/adaware/

then

Run Sybot S&D

After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server

Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

then reboot &

Run ADAWARE

Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

then......

click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

then.........

Now to scan it´s just to click the "Scan" button.

When scan is finished, mark everything for removal and get rid of it. .(Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

reboot again

then post a new hijackthis log to check what is left