HJT log - Cursed by SpyGods
ok, dont laugh, but here's my hijackthis log:
(i have spybot, teatimer, adaware, bazooka, spysubstract and hjt installed...they keep growing...fighting a losing battle...help will be sincerely appreciated...thanks)
Logfile of HijackThis v1.98.2
Scan saved at 4:30:41 PM, on 8/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\System32\suvhost.exe
C:\WINDOWS\System32\vshield32.exe
C:\WINDOWS\System32\Dwintlit.exe
C:\WINDOWS\System32\voeunmm.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Internet Optimizer\optimize.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\xgftzwcu.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Reagan\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ktsyvijvgiudusijnvn.com/bGGHvsJJt4B2Vp/a/3YXVk_b7U2THN9V0huTO/vj7vE.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.zkdayoinifu.info/bGGHvsJJt4CA8LvLVL_O3DE0Zay1fbMirA7jHRqGGIpArJQcrzU9wkpdrk3VDHqs.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\CONFLICT.2\bridge.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Nvidia Driver] nvidiad.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] xvshost.exe
O4 - HKLM\..\Run: [Microsoft Windows Updater] suvhost.exe
O4 - HKLM\..\Run: [OS Driver] c:\windows\servicepackfiles\nopdb.exe
O4 - HKLM\..\Run: [Lcsrv Drivers] lsrv32.exe
O4 - HKLM\..\Run: [Vshield32 Drivers] vshield32.exe
O4 - HKLM\..\Run: [Wintlit Drivers] Dwintlit.exe
O4 - HKLM\..\Run: [LogBurn] C:\PROGRA~1\DARTLI~1\GPLSTART.exe
O4 - HKLM\..\Run: [olhuvh] C:\WINDOWS\System32\voeunmm.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\bridge.dll",Load
O4 - HKLM\..\Run: [msbb] c:\docume~1\reagan\locals~1\temp\msbb.exe
O4 - HKLM\..\Run: [pqt] C:\WINDOWS\pqt.exe
O4 - HKLM\..\RunServices: [Nvidia Driver] nvidiad.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] xvshost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] suvhost.exe
O4 - HKLM\..\RunServices: [Lcsrv Drivers] lsrv32.exe
O4 - HKLM\..\RunServices: [Vshield32 Drivers] vshield32.exe
O4 - HKLM\..\RunServices: [Wintlit Drivers] Dwintlit.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Update Machine] xvshost.exe
O4 - HKCU\..\Run: [Microsoft Windows Updater] suvhost.exe
O4 - HKCU\..\Run: [Iufvnorg] C:\WINDOWS\System32\xgftzwcu.exe
O4 - HKCU\..\Run: [Lcsrv Drivers] lsrv32.exe
O4 - HKCU\..\Run: [Vshield32 Drivers] vshield32.exe
O4 - HKCU\..\Run: [Wintlit Drivers] Dwintlit.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 - DPF: {A0EB6CA1-B26C-475D-A342-9257C5420A0D} (SFUtility Class) - http://searchfst.com/update/searchfast.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.mypicgallery.com/mpg/XUpload.ocx
(i have spybot, teatimer, adaware, bazooka, spysubstract and hjt installed...they keep growing...fighting a losing battle...help will be sincerely appreciated...thanks)
Logfile of HijackThis v1.98.2
Scan saved at 4:30:41 PM, on 8/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\System32\suvhost.exe
C:\WINDOWS\System32\vshield32.exe
C:\WINDOWS\System32\Dwintlit.exe
C:\WINDOWS\System32\voeunmm.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Internet Optimizer\optimize.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\xgftzwcu.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Reagan\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ktsyvijvgiudusijnvn.com/bGGHvsJJt4B2Vp/a/3YXVk_b7U2THN9V0huTO/vj7vE.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.zkdayoinifu.info/bGGHvsJJt4CA8LvLVL_O3DE0Zay1fbMirA7jHRqGGIpArJQcrzU9wkpdrk3VDHqs.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\CONFLICT.2\bridge.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Nvidia Driver] nvidiad.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] xvshost.exe
O4 - HKLM\..\Run: [Microsoft Windows Updater] suvhost.exe
O4 - HKLM\..\Run: [OS Driver] c:\windows\servicepackfiles\nopdb.exe
O4 - HKLM\..\Run: [Lcsrv Drivers] lsrv32.exe
O4 - HKLM\..\Run: [Vshield32 Drivers] vshield32.exe
O4 - HKLM\..\Run: [Wintlit Drivers] Dwintlit.exe
O4 - HKLM\..\Run: [LogBurn] C:\PROGRA~1\DARTLI~1\GPLSTART.exe
O4 - HKLM\..\Run: [olhuvh] C:\WINDOWS\System32\voeunmm.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\bridge.dll",Load
O4 - HKLM\..\Run: [msbb] c:\docume~1\reagan\locals~1\temp\msbb.exe
O4 - HKLM\..\Run: [pqt] C:\WINDOWS\pqt.exe
O4 - HKLM\..\RunServices: [Nvidia Driver] nvidiad.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] xvshost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] suvhost.exe
O4 - HKLM\..\RunServices: [Lcsrv Drivers] lsrv32.exe
O4 - HKLM\..\RunServices: [Vshield32 Drivers] vshield32.exe
O4 - HKLM\..\RunServices: [Wintlit Drivers] Dwintlit.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Update Machine] xvshost.exe
O4 - HKCU\..\Run: [Microsoft Windows Updater] suvhost.exe
O4 - HKCU\..\Run: [Iufvnorg] C:\WINDOWS\System32\xgftzwcu.exe
O4 - HKCU\..\Run: [Lcsrv Drivers] lsrv32.exe
O4 - HKCU\..\Run: [Vshield32 Drivers] vshield32.exe
O4 - HKCU\..\Run: [Wintlit Drivers] Dwintlit.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 - DPF: {A0EB6CA1-B26C-475D-A342-9257C5420A0D} (SFUtility Class) - http://searchfst.com/update/searchfast.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.mypicgallery.com/mpg/XUpload.ocx
0
This discussion has been closed.
Comments
First of all, you have an Omegasearch Hijack. So please start by downloading our very own OmegakillerSM program. Instructions and link to the download are here: http://www.short-media.com/review.php?r=252&p=3
Run OmegakillerSM to get rid of some of those things first.
When you are on our Security Downloads page, also download the program LSP Fix.
I want you to put that program, as well as your Hijack This program, into a new folder on your C drive: C:\HJT.
Then, after you have run OmegakillerSM, come back and post a fresh log, and we will clean up the rest.
Dexter...
Logfile of HijackThis v1.98.2
Scan saved at 9:40:27 PM, on 8/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
C:\WINDOWS\System32\suvhost.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\System32\vshield32.exe
C:\WINDOWS\System32\Dwintlit.exe
C:\WINDOWS\System32\voeunmm.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\xgftzwcu.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Documents and Settings\Reagan\Application Data\dsur.exe
c:\docume~1\reagan\locals~1\temp\msbb.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ktsyvijvgiudusijnvn.com/bGGHvsJJt4B2Vp/a/3YXVk_b7U2THN9V0huTO/vj7vE.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Nvidia Driver] nvidiad.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OS Driver] c:\windows\servicepackfiles\nopdb.exe
O4 - HKLM\..\Run: [Lcsrv Drivers] lsrv32.exe
O4 - HKLM\..\Run: [Vshield32 Drivers] vshield32.exe
O4 - HKLM\..\Run: [olhuvh] C:\WINDOWS\System32\voeunmm.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\bridge.dll",Load
O4 - HKLM\..\Run: [msbb] c:\docume~1\reagan\locals~1\temp\msbb.exe
O4 - HKLM\..\Run: [pqt] C:\WINDOWS\pqt.exe
O4 - HKLM\..\Run: [Wintlit Drivers] Dwintlit.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] xvshost.exe
O4 - HKLM\..\Run: [Microsoft Windows Updater] suvhost.exe
O4 - HKLM\..\RunServices: [Nvidia Driver] nvidiad.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] xvshost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] suvhost.exe
O4 - HKLM\..\RunServices: [Lcsrv Drivers] lsrv32.exe
O4 - HKLM\..\RunServices: [Vshield32 Drivers] vshield32.exe
O4 - HKLM\..\RunServices: [Wintlit Drivers] Dwintlit.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Update Machine] xvshost.exe
O4 - HKCU\..\Run: [Microsoft Windows Updater] suvhost.exe
O4 - HKCU\..\Run: [Iufvnorg] C:\WINDOWS\System32\xgftzwcu.exe
O4 - HKCU\..\Run: [Lcsrv Drivers] lsrv32.exe
O4 - HKCU\..\Run: [Vshield32 Drivers] vshield32.exe
O4 - HKCU\..\Run: [Wintlit Drivers] Dwintlit.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {A0EB6CA1-B26C-475D-A342-9257C5420A0D} (SFUtility Class) - http://searchfst.com/update/searchfast.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.mypicgallery.com/mpg/XUpload.ocx
Ok, just to confirm, make sure you also downloaded LSP Fix and put it in your HJT folder. We will need that program later. Print this page out so you can work through it.
Reboot in SAFE MODE. Run HJT. FIX:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ktsyvijvgiudusijnvn.com/bGGHvsJJt4B2Vp/a/3YXVk_b7U2THN9V0huTO/vj7vE.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll (file missing)
O4 - HKLM\..\Run: [Nvidia Driver] nvidiad.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [OS Driver] c:\windows\servicepackfiles\nopdb.exe
O4 - HKLM\..\Run: [Lcsrv Drivers] lsrv32.exe
O4 - HKLM\..\Run: [Vshield32 Drivers] vshield32.exe
O4 - HKLM\..\Run: [olhuvh] C:\WINDOWS\System32\voeunmm.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [msbb] c:\docume~1\reagan\locals~1\temp\msbb.exe
O4 - HKLM\..\Run: [pqt] C:\WINDOWS\pqt.exe
O4 - HKLM\..\Run: [Wintlit Drivers] Dwintlit.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] xvshost.exe
O4 - HKLM\..\Run: [Microsoft Windows Updater] suvhost.exe
O4 - HKLM\..\RunServices: [Nvidia Driver] nvidiad.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] xvshost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] suvhost.exe
O4 - HKLM\..\RunServices: [Lcsrv Drivers] lsrv32.exe
O4 - HKLM\..\RunServices: [Vshield32 Drivers] vshield32.exe
O4 - HKLM\..\RunServices: [Wintlit Drivers] Dwintlit.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] xvshost.exe
O4 - HKCU\..\Run: [Microsoft Windows Updater] suvhost.exe
O4 - HKCU\..\Run: [Iufvnorg] C:\WINDOWS\System32\xgftzwcu.exe
O4 - HKCU\..\Run: [Lcsrv Drivers] lsrv32.exe
O4 - HKCU\..\Run: [Vshield32 Drivers] vshield32.exe
O4 - HKCU\..\Run: [Wintlit Drivers] Dwintlit.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
(Those 2 items may be a result of one of your anti-spwyare apps, I understand that SpySubtract will change some security settings, so you may not want to fix these, but they are not 'normal' entries.)
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {A0EB6CA1-B26C-475D-A342-9257C5420A0D} (SFUtility Class) - http://searchfst.com/update/searchfast.cab
Notice that many of those files appear to be legitimate applications, like the one that claims to be an Nvidia driver. It's not.
Okay, next, stay in SAFE MODE, and locate all of the .exe files and .dll files mentioned above. Make sure you are set to show hidden files and folders on your system, instructions to do that are in the link above "Steps to take before posting a Hijack This log."
Move these files to a new folder called :C:\Quarantine. Rename the the .exe's to .xxx. and the dll's to .ddd. That way you can always replace them if it somehow turns out that one or more of these are necessary files....which is not likely, but quarantining is safer than deleting them.
Next, run the program LSP Fix. It should find some problems, and the filenames indicated should match up to the 010 Winsock LSP entries above. Fix those items in LSP Fix.
Now, reboot normally, and check things out. Come let us know how it worked. Run a new HJT scan, and post the log here for further review.
Dexter...
1) Where the path wasnt explicitly stated, I did NOT quarantine those .exe's (eg. nvidiad)...I could not locate them in a search either
2) The HJT log looks significantly cleaner...however, my browser home page was still some ridiculous page that spawned approximately 2352234522 popups. Also has some searchbar on it that i cant disable.
3) My Program Files directory has about 50 directories that look like 'eddbfdvxylltgpr' or 'hrzxpplqeafddgj'...can i delete these?
the HJT log, howzit look?:
Logfile of HijackThis v1.98.2
Scan saved at 8:51:35 AM, on 8/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\windows\sxmdkf.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Reagan\Application Data\dsur.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\HJT\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.vulavuubjfvmblyj.com/bGGHvsJJt4CA8LvLVL_O3DE0Zay1fbMirA7jHRqGGIphUJBFb5FfLkpdrk3VDHqs.html
O2 - BHO: (no name) - {8ED30DEC-01AC-359F-BF75-B68FBA257637} - C:\PROGRA~1\LOUDSK~1\Poke camp.exe
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\CONFLICT.3\bridge.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\bridge.dll",Load
O4 - HKLM\..\Run: [LogBurn] C:\PROGRA~1\DARTLI~1\GPLSTART.exe
O4 - HKLM\..\Run: [SupportBeepBallCash] C:\Documents and Settings\All Users\Application Data\mags shim support beep\Grim Bind.exe
O4 - HKLM\..\Run: [sxmdkf] c:\windows\sxmdkf.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Liwp] C:\Documents and Settings\Reagan\Application Data\dsur.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.mypicgallery.com/mpg/XUpload.ocx
Hmm, they seem to be getting desperate
Yes, delete them.
Then, SAFE MODE, HJT, FIX:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.vulavuubjfvmblyj.com/bGGHvsJJt4CA8LvLVL_O3DE0Zay1fbMirA7jHRqGGIphUJBFb5FfLkpdrk3VDHqs.html
02 - BHO: (no name) - {8ED30DEC-01AC-359F-BF75-B68FBA257637} - C:\PROGRA~1\LOUDSK~1\Poke camp.exe
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\CONFLICT.3\bridge.dll
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\bridge.dll",Load
O4 - HKLM\..\Run: [LogBurn] C:\PROGRA~1\DARTLI~1\GPLSTART.exe
O4 - HKLM\..\Run: [SupportBeepBallCash] C:\Documents and Settings\All Users\Application Data\mags shim support beep\Grim Bind.exe
O4 - HKLM\..\Run: [sxmdkf] c:\windows\sxmdkf.exe
O4 - HKCU\..\Run: [Liwp] C:\Documents and Settings\Reagan\Application Data\dsur.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
Also, if you do not recognize this file, toast it:
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.mypicgallery.com/mpg/XUpload.ocx[/QUOTE]
Try to quarantine any of those you can find. Also, under the same control panel you used to show hidden files and folders, try also unchecking the "Hide Protected Operating System Files", hit Apply, then Apply to All Folders.
Dexter...
(ok, how do i keep the spyware off? any recommendations?)
thanks again...you should be up for some kind of award
Logfile of HijackThis v1.98.2
Scan saved at 2:46:36 PM, on 8/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
To keep spyware off, you need to understand how it gets on. Read these pages:
http://www.short-media.com/review.php?r=252&p=4
http://www.short-media.com/review.php?r=132
Use Spybot's Teatimer, Spyware Blaster, consider changing to a an alternative browser, if you stay on IE, tighten your security options and change your browsing habits, all of which is discussed in those links.
Dexter...