My parents just started to learn how to use the internet. Couple days ago, I hopped onto my computer and saw the homepage had been hijacked and a bunch of pop ups came up. Therefore, I cleared the cache, cookies, and history from IE. I went into the control panel and saw some advertising stuff was installed on there. I proceeded to run spybot and ad-aware and that got rid of tons of spyware. I ran my updated norton anti-virus and it found some trojans which it deleted. I rebooted and proceeded to run spybot, ad-aware, and norton again to play it safe. Looked like all the spyware is gone. Anyway, for the last couple of days, I still get random pop ups, but they are more subtle, so I thought it was part of MSN or Yahoo. I go to my friend's private forum and certain words like 'card' and 'household' have a hyperlink to it. For the word 'card', only 'car' is hyperlinked and when I click on the link, it takes me to a page with advertisement. So, I have installed Hijackthis and would like your help to see what I can remove. Please help. Thank you in advance.
Logfile of HijackThis v1.97.7
Scan saved at 4:16:51 PM, on 6/15/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
g:\programming\coldfusion\bin\cfserver.exe
g:\programming\coldfusion\bin\cfexec.exe
g:\programming\coldfusion\bin\CFRDSService.exe
E:\Program Files\NavNT\defwatch.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\NavNT\rtvscan.exe
E:\WINNT\System32\nvsvc32.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\system32\stisvc.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\System32\mspmspsv.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\ZipToA.exe
E:\WINNT\System32\inetsrv\inetinfo.exe
E:\WINNT\system32\MsgSys.EXE
E:\WINNT\Explorer.EXE
G:\utilities\iomegaZipDrive\DriveIcons\ImgIcon.exe
E:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
E:\Program Files\Hardware\Sound\skin\QveCplSk.EXE
G:\Media\Camera\Digital Imaging\Unload\hpqcmon.exe
G:\Media\Camera\HP Share-to-Web\hpgs2wnd.exe
G:\Media\Camera\HP Share-to-Web\hpgs2wnf.exe
E:\Program Files\NavNT\vptray.exe
E:\winnt\temp\h33.exe
E:\WINNT\system32\IEHost.exe
E:\WINNT\system32\lzsbck.exe
E:\WINNT\system32\wjvadm.exe
E:\WINNT\system32\RUNDLL32.EXE
E:\WINNT\system32\nwcannel.exe
C:\Program Files\SysAI\SysAI.exe
G:\downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://E:\WINNT\system32\SearchBar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///F:/Daniel/DanielLaptop/Data/siteDaniel/Misc/bkmkParent.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.msn.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar_en_2.0.111-big.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - E:\Program Files\SEP\sep.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - E:\Program Files\SEP\sep.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar_en_2.0.111-big.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Iomega Startup Options] g:\utilities\iomegaZipDrive\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] g:\utilities\iomegaZipDrive\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [TkBellExe] E:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QveCtl2Tray] E:\Program Files\Hardware\Sound\skin\QveCplSk.EXE E:\Program Files\Hardware\Sound\skin
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CamMonitor] G:\Media\Camera\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] G:\Media\Camera\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] E:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\browers\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [h33.exe] E:\winnt\temp\h33.exe
O4 - HKLM\..\Run: [Dsi] E:\WINNT\system32\dp-him.exe
O4 - HKLM\..\Run: [fcjael] E:\WINNT\system32\lzsbck.exe
O4 - HKLM\..\Run: [AutoLoaderq2p21IPTXKNN] "E:\WINNT\system32\wjvadm.exe" /PC="AM.WILD" /HideUninstall
O4 - HKLM\..\Run: [q96k36S] wjvadm.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [bypqRWe7g] nwcannel.exe
O4 - Startup: Internet Explorer.lnk = E:\Program Files\Internet Explorer\IEXPLORE.EXE
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://e:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://e:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://e:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://e:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .swf: G:\Browers\Netscape\Program\PLUGINS\npswf32.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/216868990265fe09d115/netzip/RdxIE2.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38008.722037037
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Logfile of HijackThis v1.97.7
Scan saved at 4:16:51 PM, on 6/15/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
g:\programming\coldfusion\bin\cfserver.exe
g:\programming\coldfusion\bin\cfexec.exe
g:\programming\coldfusion\bin\CFRDSService.exe
E:\Program Files\NavNT\defwatch.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\NavNT\rtvscan.exe
E:\WINNT\System32\nvsvc32.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\system32\stisvc.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\System32\mspmspsv.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\ZipToA.exe
E:\WINNT\System32\inetsrv\inetinfo.exe
E:\WINNT\system32\MsgSys.EXE
E:\WINNT\Explorer.EXE
G:\utilities\iomegaZipDrive\DriveIcons\ImgIcon.exe
E:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
E:\Program Files\Hardware\Sound\skin\QveCplSk.EXE
G:\Media\Camera\Digital Imaging\Unload\hpqcmon.exe
G:\Media\Camera\HP Share-to-Web\hpgs2wnd.exe
G:\Media\Camera\HP Share-to-Web\hpgs2wnf.exe
E:\Program Files\NavNT\vptray.exe
E:\winnt\temp\h33.exe
E:\WINNT\system32\IEHost.exe
E:\WINNT\system32\lzsbck.exe
E:\WINNT\system32\wjvadm.exe
E:\WINNT\system32\RUNDLL32.EXE
E:\WINNT\system32\nwcannel.exe
C:\Program Files\SysAI\SysAI.exe
G:\downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://E:\WINNT\system32\SearchBar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///F:/Daniel/DanielLaptop/Data/siteDaniel/Misc/bkmkParent.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.msn.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar_en_2.0.111-big.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - E:\Program Files\SEP\sep.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - E:\Program Files\SEP\sep.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar_en_2.0.111-big.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Iomega Startup Options] g:\utilities\iomegaZipDrive\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] g:\utilities\iomegaZipDrive\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [TkBellExe] E:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QveCtl2Tray] E:\Program Files\Hardware\Sound\skin\QveCplSk.EXE E:\Program Files\Hardware\Sound\skin
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CamMonitor] G:\Media\Camera\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] G:\Media\Camera\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] E:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\browers\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [h33.exe] E:\winnt\temp\h33.exe
O4 - HKLM\..\Run: [Dsi] E:\WINNT\system32\dp-him.exe
O4 - HKLM\..\Run: [fcjael] E:\WINNT\system32\lzsbck.exe
O4 - HKLM\..\Run: [AutoLoaderq2p21IPTXKNN] "E:\WINNT\system32\wjvadm.exe" /PC="AM.WILD" /HideUninstall
O4 - HKLM\..\Run: [q96k36S] wjvadm.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [bypqRWe7g] nwcannel.exe
O4 - Startup: Internet Explorer.lnk = E:\Program Files\Internet Explorer\IEXPLORE.EXE
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://e:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://e:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://e:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://e:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .swf: G:\Browers\Netscape\Program\PLUGINS\npswf32.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/216868990265fe09d115/netzip/RdxIE2.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38008.722037037
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab