Can you tell me which here needs to be deleted? Logfile of HijackThis v1.97.3 Scan saved at 20:23:59, on 20/11/03 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\MPREXE.exe E:\AVGSERV9.exe C:\WINDOWS\SYSTEM\MSTASK.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.exe C:\WINDOWS\TASKMON.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe D:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.exe E:\AVGCC32.exe C:\PROGRAM FILES\GENIUS NETSCROLL + SERIES MOUSE\MOUSEELF.exe C:\WINDOWS\SYSTEM\HPZTSB06.exe C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.exe C:\WINDOWS\SYSTEM\SPOOL32.exe C:\WINDOWS\SYSTEM\WMIEXE.exe E:\PERSFW.exe C:\WINDOWS\SYSTEM\RNAAPP.exe C:\WINDOWS\SYSTEM\TAPISRV.exe C:\WINDOWS\SYSTEM\DDHELP.exe E:\MAILWASHER\MAILWASHER.exe C:\WINDOWS\SYSTEM\PSTORES.exe E:\HIJACKTHIS.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xtra.co.nz/ O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - E:\PROGRA~1\STARDO~1\SDIEINT.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Pop-Up Stopper] "D:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.exe" O4 - HKLM\..\Run: [AVG_CC] E:\avgcc32.exe /startup O4 - HKLM\..\Run: [mouseElf] C:\Program Files\Genius NetScroll + Series Mouse\mouseElf.exe O4 - HKLM\..\Run: [Deskup] e:\DriveIcons\deskup.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb06.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [Avgserv9.exe] E:\Avgserv9.exe O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [PersFw] E:\\persfw.exe O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe O8 - Extra context menu item: Download with Star Downloader - E:\PROGRAM FILES\STAR DOWNLOADER\sdie.htm O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedContent/sc/bin/cabsa.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security1.norton.com/SSC/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.26/Hiwire.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37863.7174189815 O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312 O16 - DPF: {774EB36D-C105-40CE-B6F7-8EBC0438B37B} (rcimport.rcemailctl) - http://jobs.realcontacts.com/rcemailctl.cab

Can you tell me what here needs to be deleted. Thank you Logfile of HijackThis v1.97.7 Scan saved at 09:25:10, on 20/11/2003 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\spoolsv.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Windows\System32\svchost.exe C:\Windows\Explorer.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\Windows\System32\PROMon.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\QuickTime\qttask.exe C:\Windows\System32\P2P Networking\P2P Networking.exe C:\Windows\System32\NMSSvc.exe C:\program files\altnet\points manager\points manager.exe C:\Program Files\MSN Messenger\msnmsgr.exe \Operations03\c$\Program Files\Sony Handheld\HOTSYNC.exe \Operations03\c$\Program Files\Sony Handheld\USBSwt.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.exe C:\Compaq\EAKDRV\EAUSBKBD.exe C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.exe C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe C:\Program Files\Messenger\msmsgs.exe C:\Windows\System32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.exe C:\Program Files\Internet Explorer\IEXPLORE.exe C:\Documents and Settings\lucasb\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://tooncomics.com/main/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://tooncomics.com/main/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://tooncomics.com/main/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://tooncomics.com/main/sp.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.50.0.2:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System32\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.fastwebfinder.com/hp.php O1 - Hosts: 66.40.16.131 livesexlist.com O1 - Hosts: 66.40.16.131 lanasbigboobs.com O1 - Hosts: 66.40.16.131 thumbnailpost.com O1 - Hosts: 66.40.16.131 adult-series.com O1 - Hosts: 66.40.16.131 www.livesexlist.com O1 - Hosts: 66.40.16.131 www.lanasbigboobs.com O1 - Hosts: 66.40.16.131 www.thumbnailpost.com O1 - Hosts: 66.40.16.131 www.adult-series.com O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: DNSErr object - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - C:\Windows\DNSErr.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\msdxm.ocx O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [P2P Networking] C:\Windows\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [iedll] c:\WINDOWS\iedll.exe O4 - HKCU\..\Run: [loader] c:\WINDOWS\loader.exe O4 - Startup: HotSync Manager.lnk = Program Files\Sony Handheld\HOTSYNC.exe O4 - Startup: SonyPDA USB Switcher.lnk = Program Files\Sony Handheld\USBSwt.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cleanevent.co.uk O17 - HKLM\Software\..\Telephony: DomainName = cleanevent.co.uk O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cleanevent.co.uk O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cleanevent.co.uk

The CoolWebSearch Chronicles The story of a thousand hijacks So how did I get infected in the first place? Dealing with Unwanted Spyware and Parasites