Could someone look at this log, Please?

Welcome to MGs.

Please read the instructions in the link given in step 7 of the READ ME again. We need you to not use msconfig to control startups. You have it controlling them:

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

We must see all potential startups to properly resolve all problems. Please select Normal Startup and then reboot and attach a new HJT log.

 

Also look in Add/Remove programs for MyTotalSearchBar and uninstall if found. Tell me if you find it or anything labeled MyWay.


Do the below IP address look familar? Are they part of your Home network?
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A73AB8B-057A-4194-AD5C-26309DBF8D84}: NameServer = 10.0.0.254,10.0.0.4

You should also empty your Norton Quarantine folder.

 

Look in Add/Remove programs for Network Monitor and uninstall if found.

If the above works, the below Network Monitor service will already be gone and this steps to stop, disable and delete it will not be needed.

Just in case the above does not work:
Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to Network Monitor ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

Network Monitor

Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - {8A3C7CB3-C77C-9835-BAAA-87BB5992FDF7} - lpt.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [defect08] newbreed.exe
O4 - HKLM\..\Run: [keybdll] defect08.exe
O4 - HKLM\..\Run: [dmmak.exe] C:\WINDOWS\system32\dmmak.exe
O4 - HKCU\..\Run: [new32] bnui.exe
O4 - HKCU\..\Run: [WinInitDll] Shaitan1678.exe
O4 - HKCU\..\Run: [xxtoolbar] Dest068.exe
O4 - Global Startup: MyTotalSearch Email Plugin.lnk = C:\Program Files\MyTotalSearch\bar\1.bin\MTSOEMON.EXE
O9 - Extra button: Enjoy It - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\system32\windialup\3078[1]\windialup.exe (file missing)
O9 - Extra 'Tools' menuitem: Enjoy It - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\system32\windialup\3078[1]\windialup.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\Network Monitor <--- the whole folder
C:\Program Files\MyTotalSearch <--- the whole folder
C:\WINDOWS\STWSI <--- the whole folder
C:\WINDOWS\SYSTEM32\FLEOK <--- the whole folder
C:\WINDOWS\system32\windialup <--- the whole folder
C:\WINDOWS\pcconfig.dat
C:\WINDOWS\preInstTPS108.exe
C:\WINDOWS\SYSTEM32\lpt.dll
C:\WINDOWS\SYSTEM32\cards.ico
C:\WINDOWS\SYSTEM32\f3PSSavr.scr
C:\WINDOWS\SYSTEM32\SHAgentNew.dll
C:\WINDOWS\system32\n3tpa1i.dll
C:\WINDOWS\system32\td01.dll
C:\WINDOWS\system32\Xcite2.exe
C:\WINDOWS\system32\newbreed.exe
C:\WINDOWS\system32\defect08.exe
C:\WINDOWS\system32\dmmak.exe
C:\WINDOWS\system32\bnui.exe
C:\WINDOWS\system32\Shaitan1678.exe
C:\WINDOWS\system32\Dest068.exe

Additional step to delete f3initialsetup1.0.0.6.inf:
- Click Start, Run, and enter cmd in the box and click OK. This opens a commend prompt windows.
- Enter the following command lines each followed by the enter key
cd C:\WINDOWS\Downloaded Program Files\
attrib -r -h -s f3initialsetup1.0.0.6.inf
del f3initialsetup1.0.0.6.inf
exit

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Not sure what you mean.
Exactly what shows up where?
What is in Add/Remove programs?

None of the items are showing anymore in your HJT log. It's clean now.

Are you saying the below folders do no exist:
C:\Program Files\Network Monitor
C:\Program Files\MyTotalSearch

If so, that's good.

 

First let's see if we can fix the items in Add/Remove programs. Run Ccleaner and select Tools in the left column. In the window locate the item(s) trying to be uninstalled and select them and then click either Run Uninstaller or Delete Entry and let me know if that removed them.

 

First you could try re-installing it. Then afterwards uninstall and see if that works.

Other wise we will need to use steps like we use for removing malware to get rid of it.

 

Have you tried using CCleaner like is message # 10 to uninstall or delete it? Kill the C:\Program Files\Kill Popup\KillPopup.exe process first.

Let me know if that works.

 

What new tweaks and changes do you mean? I'm not sure what your reference point is.

If you did not have things like MS Antispyware on your PC before, yes you would notice it have an effect on your PC (especially if not running modern very fast PC with loads of RAM). No protection comes for free. They will out of necessity have an impact on overall PC speed. Antivirus, antispyware, and firewall programs all need to use system resources and need to keep an eye on what you are doing. That service does not come without a price. But this is a necessary price to pay unless you would like to always have malware problems.

 

Well that is a question that is not easy to answer because only you are the judge of what you really need to use. I personally don't use any toolbars and would tell you they are not needed but you may like them. See my point!

The below does not need to load at startup though:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

Your welcome! Make sure you friend reads the How to protect thread. Especially steps 9 & 10.