tarts log : Detected spyware

i have similar problem, start page is hijacked, log file:
Logfile of HijackThis v1.97.7
Scan saved at 11:59:01, on 19.03.04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SOINTGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\REG32.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\WINDOWS\SVCHOST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allsearcher.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://allsearcher.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://allsearcher.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://allsearcher.info/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://allsearcher.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://allsearcher.info/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Reg32] C:\WINDOWS\reg32.exe
O4 - HKLM\..\Run: [Dial32] C:\WINDOWS\dl.exe
O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [Windows Stortup] C:\WINDOWS\svchost.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38005.0046180556
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = neti.ee
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.126.115.18,194.126.101.34

 

Hi tarts,

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allsearcher.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://allsearcher.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://allsearcher.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://allsearcher.info/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://allsearcher.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://allsearcher.info/

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Reg32] C:\WINDOWS\reg32.exe
O4 - HKLM\..\Run: [Dial32] C:\WINDOWS\dl.exe
O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [Windows Stortup] C:\WINDOWS\svchost.exe

Then download, unzip and run:
CWShredder
Use the Fix button and follow the instructions you will receive.

Then reboot into safe mode
and delete:
C:\WINDOWS\svchost.exe
C:\WINDOWS\reg32.exe
C:\WINDOWS\dl.exe

Regards,

Pieter