i hate pop ups

[savedtheday89]

for my sisters computer which is crazy ... i have everything downloaded.. here's hjt log .. thanks

Logfile of HijackThis v1.98.2
Scan saved at 9:44:11 AM, on 10/18/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32PackethSvc.exe
C:PROGRA~1COMMON~1AOLACSacsd.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSwanmpsvc.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOW***plorer.EXE
C:windowssystemhpsysdrv.exe
C:WINDOWSsystem32ps2.exe
C:Program FilesDownloadWaredw.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:Program FilesQuickTimeqttask.exe
C:windowsredirect9a.exe
C:WINDOWSSystem32P2P NetworkingP2P Networking.exe
C:WINDOWSSystem32SahAgent.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe
C:WINDOWSSystem32RUNDLL32.exe
C:Program FilesWeb_RebatesWebRebates0.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesAmerica Online 9.0aoltray.exe
C:Program FilesWeb_RebatesWebRebates1.exe
C:Program FilesAOL Companioncompanion.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:PROGRA~1RECOMM~1v15rh.exe
Cocuments and SettingsOwnerDesktopHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://searchbar.findthewebsiteyouneed.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.media-search.net/nph-search....ok=stmpl1&find=
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://us3.hpwis.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.media-search.net/nph-search....ok=stmpl1&find=
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKLMSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = hhttp://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O1 - Hosts: 80.69.74.15 auto.search.msn.com
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:WINDOWSmxTarget.dll
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:WINDOWSsystb.dll
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:Program FilesRecommended Hotfix - 421701Dv15RH.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:Program FilesMyWebSearchbar1.binMWSBAR.DLL
O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - COCUME~1ALLUSE~1APPLIC~1SetupSetup.dll
O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - COCUME~1JennaLOCALS~1Temprbarc.dat
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - crogram filesgooglegoogletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: &My Way Speedbar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:Program FilesMyWaymyBar1.binMYBAR.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:Program FilesMyWebSearchbar1.binMWSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - crogram filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [hpsysdrv] c:windowssystemhpsysdrv.exe
O4 - HKLM..Run: [Recguard] C:WINDOWSSMINSTRECGUARD.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM..Run: [IgfxTray] C:WINDOWSSystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSSystem32hkcmd.exe
O4 - HKLM..Run: [PS2] C:WINDOWSsystem32ps2.exe
O4 - HKLM..Run: [HPGamesActiveMenu] C:Program FilesWildTangentActiveMenuHPGamesActiveMenu.exe
O4 - HKLM..Run: [PromulGate] "C:Program FilesDelFinPromulGatePgMonitr.exe"
O4 - HKLM..Run: [MediaLoads Installer] "C:Program FilesDownloadWaredw.exe" /H
O4 - HKLM..Run: [RealTray] C:Program FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [WT GameChannel] C:Program FilesWildTangentAppsGameChannel.exe
O4 - HKLM..Run: [redirect] C:windowsredirect9a.exe
O4 - HKLM..Run: [easywww] C:windowseasywww2.exe
O4 - HKLM..Run: [P2P Networking] C:WINDOWSSystem32P2P NetworkingP2P Networking.exe /AUTOSTART
O4 - HKLM..Run: [updater] C:Program FilesCommon filesupdaterwupdater.exe
O4 - HKLM..Run: [SAHAgent] C:WINDOWSSystem32SahAgent.exe
O4 - HKLM..Run: [msbb] C:WINDOWSSystem32msbb.exe
O4 - HKLM..Run: [Belt] C:WINDOWSBelt.exe
O4 - HKLM..Run: [FLSVCCWEL] C:WINDOWSFLSVCCWEL.exe
O4 - HKLM..Run: [Media-Search] "C:Program Filesmsnetv9msnet.EXE" /H
O4 - HKLM..Run: [ViewMgr] C:Program FilesViewpointViewpoint ManagerViewMgr.exe
O4 - HKLM..Run: [Search-Exe] "C:Program Filessev11se.EXE" /H
O4 - HKLM..Run: [Win Server Updt] C:WINDOWSwupdt.exe
O4 - HKLM..Run: [New.net Startup] rundll32 ,NewDotNetStartup -s
O4 - HKLM..Run: [prpzjtxyepga] C:WINDOWSSystem32jrokvj.exe
O4 - HKLM..Run: [crabr] C:WINDOWSFontscrabr.exe
O4 - HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe
O4 - HKLM..Run: [WildTangent CDA] RUNDLL32.exe "C:Program FilesWildTangentAppsCDAcdaEngine0400.dll",cdaEngin eMain
O4 - HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe
O4 - HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"
O4 - HKLM..RunOnce: [RealPlayer_update] C:Program FilesAmerica Online 9.0JitiReal9_codec_upd.exe restart
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Microsoft Works Update Detection] C:Program FilesMicrosoft WorksWkDetect.exe
O4 - HKCU..Run: [eZmmod] C:PROGRA~1ezulammod.exe
O4 - HKCU..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:Program FilesMyWebSearchbar1.binMWSOEMON.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:Program FilesAmerica Online 9.0aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:Program FilesAOL Companioncompanion.exe
O4 - Global Startup: hp center UI.lnk = C:Program Fileshp center137903ShadowShadowBar.exe
O4 - Global Startup: hp center.lnk = C:Program Fileshp center137903ProgramBackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:Program FilesMyWebSearchbar1.binMWSOEMON.EXE
O8 - Extra context menu item: &Google Search - res://crogram filesgoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSxdm314
O8 - Extra context menu item: Backward Links - res://crogram filesgoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://crogram filesgoogleGoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://crogram filesgoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://crogram filesgoogleGoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:Program FilesCommon FilesMicrosoft SharedEncarta ResearcherEROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIM95aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O10 - Hijacked Internet access by New.Net
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/D...MO1/r3un10n.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://imgfarm.com/images/nocache/myspeedb...etup1.0.0.3.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {DCF0768D-BA7A-101A-B57A-0000C0C3ED5F} - file://C:x.cab

you all are awesome

[Mobo]

Im not much for popups as well to be honest with you..

Rescan and check these then close all browser windows and click "fix checked"



R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://searchbar.findthewebsiteyouneed.com/

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchbar.findthewebsiteyouneed.com

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.findthewebsiteyouneed.com

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.media-search.net/nph-search....ok=stmpl1&find=

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchbar.findthewebsiteyouneed.com

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.media-search.net/nph-search....ok=stmpl1&find=

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R1 - HKLMSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = hhttp://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=

R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)

R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

O1 - Hosts: 80.69.74.15 auto.search.msn.com

O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:WINDOWSmxTarget.dll

O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - (no file)

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:WINDOWSsystb.dll

O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:Program FilesRecommended Hotfix - 421701Dv15RH.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:Program FilesMyWebSearchbar1.binMWSBAR.DLL

O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - COCUME~1ALLUSE~1APPLIC~1SetupSetup.dll

O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - COCUME~1JennaLOCALS~1Temprbarc.dat

O3 - Toolbar: &My Way Speedbar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:Program FilesMyWaymyBar1.binMYBAR.DLL

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:Program FilesMyWebSearchbar1.binMWSBAR.DLL

O4 - HKLM..Run: [HPGamesActiveMenu] C:Program FilesWildTangentActiveMenuHPGamesActiveMenu.exe

O4 - HKLM..Run: [PromulGate] "C:Program FilesDelFinPromulGatePgMonitr.exe"

O4 - HKLM..Run: [MediaLoads Installer] "C:Program FilesDownloadWaredw.exe" /H

O4 - HKLM..Run: [WT GameChannel] C:Program FilesWildTangentAppsGameChannel.exe

O4 - HKLM..Run: [redirect] C:windowsredirect9a.exe

O4 - HKLM..Run: [easywww] C:windowseasywww2.exe

O4 - HKLM..Run: [P2P Networking] C:WINDOWSSystem32P2P NetworkingP2P Networking.exe /AUTOSTART

O4 - HKLM..Run: [updater] C:Program FilesCommon filesupdaterwupdater.exe

O4 - HKLM..Run: [SAHAgent] C:WINDOWSSystem32SahAgent.exe

O4 - HKLM..Run: [msbb] C:WINDOWSSystem32msbb.exe

O4 - HKLM..Run: [Belt] C:WINDOWSBelt.exe

O4 - HKLM..Run: [FLSVCCWEL] C:WINDOWSFLSVCCWEL.exe

O4 - HKLM..Run: [Media-Search] "C:Program Filesmsnetv9msnet.EXE" /H

O4 - HKLM..Run: [ViewMgr] C:Program FilesViewpointViewpoint ManagerViewMgr.exe

O4 - HKLM..Run: [Search-Exe] "C:Program Filessev11se.EXE" /H

O4 - HKLM..Run: [Win Server Updt] C:WINDOWSwupdt.exe

O4 - HKLM..Run: [New.net Startup] rundll32 ,NewDotNetStartup -s

O4 - HKLM..Run: [prpzjtxyepga] C:WINDOWSSystem32jrokvj.exe

O4 - HKLM..Run: [crabr] C:WINDOWSFontscrabr.exe

O4 - HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe

O4 - HKLM..Run: [WildTangent CDA] RUNDLL32.exe "C:Program FilesWildTangentAppsCDAcdaEngine0400.dll",cdaEngin eMain

O4 - HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"

O4 - HKCU..Run: [eZmmod] C:PROGRA~1ezulammod.exe

O4 - HKCU..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe

O4 - Startup: MyWebSearch Email Plugin.lnk = C:Program FilesMyWebSearchbar1.binMWSOEMON.EXE

O4 - Global Startup: hp center UI.lnk = C:Program Fileshp center137903ShadowShadowBar.exe

O4 - Global Startup: hp center.lnk = C:Program Fileshp center137903ProgramBackWeb-137903.exe

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:Program FilesMyWebSearchbar1.binMWSOEMON.EXE

O8 - Extra context menu item: Web Rebates - file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll

O10 - Hijacked Internet access by New.Net

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/D...MO1/r3un10n.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://imgfarm.com/images/nocache/myspeedb...etup1.0.0.3.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {DCF0768D-BA7A-101A-B57A-0000C0C3ED5F} - file://C:x.cab



Then reboot into safe mode, open windows explorer, find then delete:
C:Program FilesWeb_Rebates
C:Program FilesMyWebSearch
COCUME~1ALLUSE~1
C:Program FilesMyWay
C:Program FilesWildTangent
C:windowsredirect9a.exe
C:windowseasywww2.exe
C:WINDOWSSystem32P2P Networking
C:WINDOWSSystem32SahAgent.exe
C:WINDOWSSystem32msbb.exe
C:WINDOWSBelt.exe
C:WINDOWSFLSVCCWEL.exe
C:Program Filesmsnetv9msnet.EXE" /H
C:Program FilesViewpoint
C:Program Filesse
C:WINDOWSwupdt.exe
C:WINDOWSSystem32jrokvj.exe
C:WINDOWSFontscrabr.exe
C:PROGRA~1ezula


Reboot ownload Adaware Se from http://www.lavasoftusa.com/support/download/
In Ad-aware click the Gear to go to the Settings area.
The following items should be on a green check, not on a red X.
Under the Scanning button:Scan within archives
Under Memory & Registry, Check EVERYTHING
In Check Drives & Folders, make sure all of your hard drives are selected
Under the Advanced button, Check
Move deleted files to recycle bin
Include additional object information
Include negligible object information
Include environment information
Under the defaults button Set the homepage you wish to have set as default.
Under the tweak button
Some of these may not be an available option, depending on your version of Ad-aware and your version of Windows. Do not be concerned if you cannot select a certain item.

In Scanning Engine:Unload recognized processes during scanning
Include info about ignored objects in logfile, if detected in scan
Include basic Ad-aware settings in logfile
Include additional Ad-aware settings in logfile
Include used command line parameters in logfile
In Cleaning Engine: XP/2000: Allow unloading explorer to unload shell extensions prior to deletion
Let Windows remove files in use at next reboot
UNCHECK: Automatically try to unregister objects prior to deletion
Click Proceed to save these settings. When you would like to perform a "Full Scan," switch the scan mode from SmartScan to Custom
__________________________________________________ _____________
Rescan with hijack and post a fresh log please.

[savedtheday89]

too many pop ups i swear...

http://master.mx-targeting.com/mx/servlet/...%26capcntdy%3D2

[savedtheday89]

too many pop ups i swear...

Logfile of HijackThis v1.98.2
Scan saved at 6:07:36 PM, on 10/18/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32PackethSvc.exe
C:PROGRA~1COMMON~1AOLACSacsd.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSwanmpsvc.exe
C:WINDOW***plorer.EXE
C:windowssystemhpsysdrv.exe
C:WINDOWSsystem32ps2.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesAIM95aim.exe
C:Program FilesAmerica Online 9.0aoltray.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesAOL Companioncompanion.exe
C:WINDOWSsystem32winlogon.exe
C:Program FilesInternet Exploreriexplore.exe
Cocuments and SettingsJennaDesktopHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.myway.com/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://us3.hpwis.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.search-exe.com/nph-search.cg...look=stmpl1&fw=
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://search.search-exe.com/nph-search.cg...look=stmpl1&fw=
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:WINDOWSmxTarget.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - crogram filesgooglegoogletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - crogram filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [hpsysdrv] c:windowssystemhpsysdrv.exe
O4 - HKLM..Run: [Recguard] C:WINDOWSSMINSTRECGUARD.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM..Run: [IgfxTray] C:WINDOWSSystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSSystem32hkcmd.exe
O4 - HKLM..Run: [PS2] C:WINDOWSsystem32ps2.exe
O4 - HKLM..Run: [RealTray] C:Program FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe
O4 - HKLM..Run: [lsgrwf] C:WINDOWSSystem32jrokvj.exe
O4 - HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"
O4 - HKLM..Run: [P2P Networking] C:WINDOWSSystem32P2P NetworkingP2P Networking.exe /AUTOSTART
O4 - HKLM..RunOnce: [RealPlayer_update] C:Program FilesAmerica Online 9.0JitiReal9_codec_upd.exe restart
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [MoneyStartUp] C:Program FilesMicrosoft MoneySystemMoney Startup.exe
O4 - HKCU..Run: [AIM] C:Program FilesAIM95aim.exe -cnetwait.odl
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:Program FilesAmerica Online 9.0aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:Program FilesAOL Companioncompanion.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 - Extra context menu item: &RSDN Search - res://c:data.dll/GoRSDN.dll.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSxdm314
O8 - Extra context menu item: Web Rebates - file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:Program FilesCommon FilesMicrosoft SharedEncarta ResearcherEROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIM95aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O10 - Hijacked Internet access by New.Net

[Mobo]

Now run this uninstaller: http://www.dotcomsecurity.org/downloads/ne...20uninstall.exe
Then rescan and check these then have hijack fix each

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchbar.findthewebsiteyouneed.com

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.myway.com/

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.search-exe.com/nph-search.cg...look=stmpl1&fw=

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://search.search-exe.com/nph-search.cg...look=stmpl1&fw=

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost

R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)

O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:WINDOWSmxTarget.dll

O
O4 - HKLM..Run: [lsgrwf] C:WINDOWSSystem32jrokvj.exe

O4 - HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"

O4 - HKLM..Run: [P2P Networking] C:WINDOWSSystem32P2P NetworkingP2P Networking.exe /AUTOSTART

O8 - Extra context menu item: &RSDN Search - res://c:data.dll/GoRSDN.dll.htm

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSxdm314

O8 - Extra context menu item: Web Rebates - file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O10 - Hijacked Internet access by New.Net[/quote]