PLEASE help!!

  • Thread starter Thread starter Streiff
  • Start date Start date
S

Streiff

Hello,
I am sick and tired of getting this slotch and xxxtoolbar things pop
up every now and then. Is there a way to remove them??? I have tried
both Adaware Spybot and cwschredder. They seem to remove the spywares,
but some time later they appear again.
Have run Hijackthis and got the following message (which ones are to
be removed? (except for the slotch.com line i guess...)Thanks.):

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.couldnotfind.com/search_page.html?&account_id=137837

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.couldnotfind.com/search_page.html?&account_id=137837

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.slotch.com/?&account_id=137837

HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.couldnotfind.com/search_page.html?&account_id=137837

HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\SYSTEM\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Länkar

URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} -
(no file)
F1 - win.ini: run=C:\WINDOWS\SYSTEM32\services\wmplayer.exe

BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} -
C:\WINDOWS\nem214.dll (file missing)

Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx

Toolbar: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - (no
file)

HKLM\..\Run: [SystemTray] SysTray.Exe

HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKLM\..\Run: [nwiz] nwiz.exe /install

HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon

HKLM\..\Run: [Mirabilis ICQ] C:\Program\ICQ\ICQNet.exe

HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P
Networking.exe /AUTOSTART

HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe"
-atboottime

HKLM\..\Run: [TkBellExe] "C:\Program\Vanliga
filer\Real\Update_OB\realsched.exe" -osboot

HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

HKLM\..\Run: [EPoXUSDM] "C:\Program\EPoX\USDM\USDM.EXE" "5000"

HKLM\..\Run: [OrbitUpdate] C:\Program\Orbit\update.exe

HKLM\..\Run: [OrbitView] C:\Program\Orbit\view.exe

HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe"
-lang 1033

HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

HKLM\..\Run: [xpsystem] C:\WINDOWS\SYSTEM32\services\wmplayer.exe

HKLM\..\Run: [IST Service] C:\Program\ISTsvc\istsvc.exe

HKCU\..\Run: [internat.exe] internat.exe

HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe"
/background

HKCU\..\Run: [PowerProf] PowerProf.exe

HKCU\..\Run: [Ouwe] C:\Documents and Settings\Anders\Application
Data\otts.exe

HKCU\..\Run: [WNST] C:\WINDOWS\system32\wnsapisu.exe

HKCU\..\Run: [xpsystem] C:\WINDOWS\SYSTEM32\services\wmplayer.exe

HKCU\..\RunOnce: [ICQ] C:\Program\ICQ\ICQ.exe -trayboot

Startup: PowerReg Scheduler.exe

Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE

Global Startup: Microsoft Office.lnk = C:\Program\Microsoft
Office\Office\OSA9.EXE

Extra context menu item: &iSearch The Web -
res://C:\WINDOWS\system32\toolbar.dll/SEARCH.HTML

Extra button: ICQ Pro (HKLM)

Extra 'Tools' menuitem: ICQ (HKLM)

Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} (VacPro.emsat_ver3) -
http://www.advnt01.com/dialer/emsat_ver3.CAB

DPF: {91BE8DAC-957E-416C-B735-E2B63CDB915B} (MyEMessengerSetup
Control) - http://www.myemessenger.com/activex/MyEMessengerSetupProject.cab

DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) -
http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1004a_pack.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} (Installer Class) -
http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab

DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} -
http://66.230.146.53/EPlugin.cab

HKLM\System\CCS\Services\Tcpip\..\{0EB5681A-478C-426A-A746-1C7D31B7ED09}:
NameServer = 10.10.10.60,10.10.10.59

HKLM\System\CS1\Services\Tcpip\..\{0EB5681A-478C-426A-A746-1C7D31B7ED09}:
NameServer = 10.10.10.60,10.10.10.59

HKLM\System\CS2\Services\Tcpip\..\{0EB5681A-478C-426A-A746-1C7D31B7ED09}:
NameServer = 10.10.10.60,10.10.10.59
 
http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=toolbar+malware+removal+progr
am
Hello,
I am sick and tired of getting this slotch and xxxtoolbar things pop
up every now and then. Is there a way to remove them??? I have tried
both Adaware Spybot and cwschredder. They seem to remove the spywares,
but some time later they appear again.
Have run Hijackthis and got the following message (which ones are to
be removed? (except for the slotch.com line i guess...)Thanks.):

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.couldnotfind.com/search_page.html?&account_id=137837

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.couldnotfind.com/search_page.html?&account_id=137837

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.slotch.com/?&account_id=137837

HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.couldnotfind.com/search_page.html?&account_id=137837

HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\SYSTEM\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Länkar

URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} -
(no file)
F1 - win.ini: run=C:\WINDOWS\SYSTEM32\services\wmplayer.exe

BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} -
C:\WINDOWS\nem214.dll (file missing)

Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx

Toolbar: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - (no
file)

HKLM\..\Run: [SystemTray] SysTray.Exe

HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKLM\..\Run: [nwiz] nwiz.exe /install

HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon

HKLM\..\Run: [Mirabilis ICQ] C:\Program\ICQ\ICQNet.exe

HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P
Networking.exe /AUTOSTART

HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe"
-atboottime

HKLM\..\Run: [TkBellExe] "C:\Program\Vanliga
filer\Real\Update_OB\realsched.exe" -osboot

HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

HKLM\..\Run: [EPoXUSDM] "C:\Program\EPoX\USDM\USDM.EXE" "5000"

HKLM\..\Run: [OrbitUpdate] C:\Program\Orbit\update.exe

HKLM\..\Run: [OrbitView] C:\Program\Orbit\view.exe

HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe"
-lang 1033

HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

HKLM\..\Run: [xpsystem] C:\WINDOWS\SYSTEM32\services\wmplayer.exe

HKLM\..\Run: [IST Service] C:\Program\ISTsvc\istsvc.exe

HKCU\..\Run: [internat.exe] internat.exe

HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe"
/background

HKCU\..\Run: [PowerProf] PowerProf.exe

HKCU\..\Run: [Ouwe] C:\Documents and Settings\Anders\Application
Data\otts.exe

HKCU\..\Run: [WNST] C:\WINDOWS\system32\wnsapisu.exe

HKCU\..\Run: [xpsystem] C:\WINDOWS\SYSTEM32\services\wmplayer.exe

HKCU\..\RunOnce: [ICQ] C:\Program\ICQ\ICQ.exe -trayboot

Startup: PowerReg Scheduler.exe

Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE

Global Startup: Microsoft Office.lnk = C:\Program\Microsoft
Office\Office\OSA9.EXE

Extra context menu item: &iSearch The Web -
res://C:\WINDOWS\system32\toolbar.dll/SEARCH.HTML

Extra button: ICQ Pro (HKLM)

Extra 'Tools' menuitem: ICQ (HKLM)

Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} (VacPro.emsat_ver3) -
http://www.advnt01.com/dialer/emsat_ver3.CAB

DPF: {91BE8DAC-957E-416C-B735-E2B63CDB915B} (MyEMessengerSetup
Control) - http://www.myemessenger.com/activex/MyEMessengerSetupProject.cab

DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) -
http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1004a_pack.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} (Installer Class) -
http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab

DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} -
http://66.230.146.53/EPlugin.cab

HKLM\System\CCS\Services\Tcpip\..\{0EB5681A-478C-426A-A746-1C7D31B7ED09}:
NameServer = 10.10.10.60,10.10.10.59

HKLM\System\CS1\Services\Tcpip\..\{0EB5681A-478C-426A-A746-1C7D31B7ED09}:
NameServer = 10.10.10.60,10.10.10.59

HKLM\System\CS2\Services\Tcpip\..\{0EB5681A-478C-426A-A746-1C7D31B7ED09}:
NameServer = 10.10.10.60,10.10.10.59
 
Back
Top