"Only the Best" Pop-up and annoying home page problems

For some time now i have been getting the home page
res://gzxdc.dll/index.html#628051557
I also get the "only the best" pop up every now and then. I ran Spybot, CWShredder, NoAdware virus scanner, Spyware Blaster and AdAware. When i ran one of the virus scanners it said that i had the downloader.gk trojan. I really hope i can get rid of this...thanx

Logfile of HijackThis v1.97.7
Scan saved at 9:34:10 AM, on 6/17/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\WINDOWS.000\Explorer.EXE
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\system32\netrs32.exe
C:\WINDOWS.000\nettb32.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\laz\LOCALS~1\Temp\Rar$EX00.625\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS.000\gzxdc.dll/sp.html#628051557
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://gzxdc.dll/index.html#628051557
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://gzxdc.dll/index.html#628051557
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS.000\gzxdc.dll/sp.html#628051557
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://gzxdc.dll/index.html#628051557
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS.000\gzxdc.dll/sp.html#628051557
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\SYSTEM\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll (file missing)
O2 - BHO: (no name) - {D55199FB-EAE7-1C67-5C49-589A92AE9C87} - C:\WINDOWS.000\addgw.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS.000\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nettb32.exe] C:\WINDOWS.000\nettb32.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [PopUpStopperProfessional] C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

OK I had this same problem and it took me about 2 hrs to fix it once I followed what chaslang told svengali to do. Read this thread and follow it to the letter (all three pages).

http://www.majorgeeks.com/vb/showthread.php?t=35165

Also check my last entry on

http://www.majorgeeks.com/vb/showthread.php?p=375305

for a very quick summary of how I fixed the problem.

Note that with the svengali thread you need to work out which files to delete as the names will be different on your computer. You need to download "Hijackthis" from this site. I recommend you print out svengali's thread and any links mentioned. Print your logfiles and highlight the files that need to go, use the search function to find them and delete them (there will be more than one copy of some of them and they will be in more than one place).

DO NOT USE MY THREAD AS YOUR GUIDE IT DOESN'T HAVE ENOUGH INFO!

The only thing I didn't do that chaslang said was to open the ?????.dll file, delete the content and then save as an empty file. I just deleted everything. I wouldn't recommend leaving out anything else.

MAKE SURE you have hidden files turned off so you can see everything.