get a load of my Hijackthis log---Please help (please...)

OK...I know you guys wanna get a load of this....pretty bad eh?
I have no idea where to start. Will you help me?

 

just wanted to let you all know that I didn't see the note not to post HJT logs until asked for them. sorry about that. I did read your "Read this/How to" doc though and I couldn't really follow it since I can't click on any drive and see it so i can't enable viewing of hidden files etc....i really don't know what to do next. and it's obviously a big mess. so if anyone can look at my HJK file it would be very much appreciated!
Thanks again.

 

Don't forget to move HijackThis to its own safe folder - C:\Program Files\HijackThis
You are running it from the Desktop.

Also, look in Add or Remove Programs for some of those baddies and uninstall them. (180 Solutions, Bulls Eye Network, etc. . .)

Kodo/CP - didn't mean to step on your toes

PP

 

thanks for the responses.
the reason i am running hijackthis from the desktop is that i don't have access to any of my folders, control panel etc (except in safe mode i just discovered...)

 

i havent had a chance to run through the whole file but ---optimize.exe is a virus which is installed by consent from websites, and attempts to dial expensive pornography servers. This program is a registered security risk and should be removed immediately. Please see additional details regarding this process ... -(processlibrary.com)

I'll continue with the log but heres a start. I hope it helps some.

 

Then.....
Turn off your System Restore. http://support.microsoft.com/default.aspx?scid=kb;[LN];310405] See Here.

Reinstate it when your log is cleaned.Close your browser window and run hjt in safe mode... http://service1.symantec.com/SUPPOR...001052409420406?OpenDocument&src=sec_doc_nam] How To Run Safemode and have "Hijack This" fix the following by placing a check in the appropriate boxes and selecting "fix checked".


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.speed-search.biz/index.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.speed-search.biz/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.speed-search.biz/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.speed-search.biz/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.speed-search.biz/index.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.speed-search.biz/index.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.speed-search.biz/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.speed-search.biz/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.speed-search.biz/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.speed-search.biz/index.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.speed-search.biz/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.speed-search.biz/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.speed-search.biz/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.speed-search.biz/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.speed-search.biz/index.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.speed-search.biz/index.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.speed-search.biz/index.html

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)

O2 - BHO: BHO - {06CAD548-14DD-4fa3-9EA9-05F83C18CBD7} - C:\WINDOWS\System32\mspxs32.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)

O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem302.dll

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll (file missing)


O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server

O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe


O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"


O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe

O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [qagquonzv] C:\WINDOWS\System32\yeoqhton.exe

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [cdvumv] C:\WINDOWS\System32\yeoqhton.exe

O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Koau] C:\WINDOWS\System32\d?dplay.exe


O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm



O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)







O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) ** delete


O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll


O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com ***** delete
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com




O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) -

http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v6.cab




run your virus scan while in safe mode.


do hijack again

email me at wankster@myeweb.com

reboot.

goto http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym

use their online virus scan and it will only give you a log of what files are infected

a. you can manually delete selected files
b. do a online virus scan at

http://www.pandasoftware.com/activescan/com/activescan_principal.htm


do hijack again

email me


that should fix you up

 

I just wanted to say thank you to everyone that helped me get started on resolving my problem. I did install Hijackthis, CWShredder, and Adaware but at the time couldn't seem to download Spybot (broken link?). I found that the nature of my problem was a file called mspxs32.dll. I was able to go into SafeMode and throw this into the Recycle Bin. After restarting normally, I was able to access windows explorer again and go into my computer to delete the spyware and other problems. I hope that this note will be able to help someone else with the same problem. I also have finally installed Windows Service Pack 2 and want to stress to everyone how important it is to do that now. I am including my latest HJT log in case anyone sees anything else that I should look into. Otherwise, my computer seems to be working as normal again. Thanks again!