help me before I go nuts, please thank you:)

I've followed ur steps.
os - win 2000

ad-aware log.

Lavasoft Ad-aware Personal Build 160
Logfile created on :12. januar 2011 17:24:27
Created with Ad-aware Personal, free for private use.
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 12.01.2011 16:23:28
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ThreadCreationTime : 12.01.2011 16:23:37
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 12.01.2011 16:23:38
BasePriority : Normal
FileSize : 86 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 07.12.1999 11:00:00
Last accessed : 11.01.2011 23:00:00
Last modified : 07.12.1999 11:00:00

#:4 [lsass.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 12.01.2011 16:23:38
BasePriority : Normal
FileSize : 32 KB
FileVersion : 5.00.2184.1
ProductVersion : 5.00.2184.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
OriginalFilename : lsasrv.dll and lsass.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 07.12.1999 11:00:00
Last accessed : 11.01.2011 23:00:00
Last modified : 07.12.1999 11:00:00

#:5 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 12.01.2011 16:23:40
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 07.12.1999 11:00:00
Last accessed : 11.01.2011 23:00:00
Last modified : 07.12.1999 11:00:00

#:6 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ThreadCreationTime : 12.01.2011 16:23:40
BasePriority : Normal
FileSize : 188 KB
FileVersion : 1.50.1085.0001
ProductVersion : 1.50.1085.0001
Copyright : Copyright (C) Microsoft Corp. 1995-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
ProductName : Windows Management Instrumentation
Created on : 07.12.1999 11:00:00
Last accessed : 11.01.2011 23:00:00
Last modified : 07.12.1999 11:00:00

#:7 [explorer.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 12.01.2011 16:24:00
BasePriority : Normal
FileSize : 232 KB
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 07.12.1999 11:00:00
Last accessed : 11.01.2011 23:00:00
Last modified : 07.12.1999 11:00:00

#:8 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 12.01.2011 16:24:20
BasePriority : Normal
FileSize : 635 KB
FileVersion : 6.0.1.161
ProductVersion : 6.0.0.0
Copyright : Copyright Lavasoft Sweden
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 11.01.2011 22:54:32
Last accessed : 11.01.2011 23:00:00
Last modified : 04.02.2003 21:36:12

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Alexa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}


Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 1


Deep scanning and examining files (C
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Disk scan result for C:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 1

17:24:57 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:00:29:890
Objects scanned :24938
Objects identified :1
Objects ignored :0
New objects :1



hijack this log:

Logfile of HijackThis v1.97.7
Scan saved at 19:15:38, on 12.01.2011
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\NVATray.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\loadqm.exe
C:\Program Files\directx\directx.exe
C:\WINNT\System32\internat.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Documents and Settings\illes\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://smartsearch.ws/?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://smartsearch.ws/?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://smartsearch.ws/?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smartsearch.ws
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smartsearch.ws
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://smartsearch.ws/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://smartsearch.ws/?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smartsearch.ws
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://smartsearch.ws/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://smartsearch.ws/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smartsearch.ws
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://smartsearch.ws/?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://smartsearch.ws/?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://smartsearch.ws/?q=
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://smartsearch.ws/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://smartsearch.ws/?q=
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [UserSystem] C:\Program Files\directx\directx.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [UserSystem] C:\Program Files\directx\directx.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O13 - DefaultPrefix: http://smartsearch.ws/?q=
O13 - WWW Prefix: http://smartsearch.ws/?q=




is it possible to help me,.
ad-aware would only run in safety mode.
but i was quick enough to save a log in hijack this before it got shut down..

 

is it possible to mail the soulution?

can u mail me whatever I'm supposed to do next?
it's hard to visit this url.
it get closed down all the time..

done, and addy removed - Pieter

 

my problems are: www.smartsearch.com
cant get out of the url.
only if i write the hole thing http:// so on...
cant get it out of the userdefault url..
it closes down websites that seems to be a thret..
msn messanger seems not to be bothered.

cant do nothin on the web without endin up at www.smartsearch.com..
i'm so f frustrated..
pleasse help me..

 

Hi illes,

I'm going to mail you a copy of my answer and then I will remove your email-address. You've got enough problems without the spammers finding it.

First bring up taskmanager and kill this process:

O4 - HKLM\..\Run: [UserSystem] C:\Program Files\directx\directx.exe

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://smartsearch.ws/?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://smartsearch.ws/?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://smartsearch.ws/?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smartsearch.ws
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smartsearch.ws
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://smartsearch.ws/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://smartsearch.ws/?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smartsearch.ws
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://smartsearch.ws/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://smartsearch.ws/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smartsearch.ws
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://smartsearch.ws/?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://smartsearch.ws/?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://smartsearch.ws/?q=
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://smartsearch.ws/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://smartsearch.ws/?q=

O4 - HKLM\..\Run: [UserSystem] C:\Program Files\directx\directx.exe

O4 - HKCU\..\Run: [UserSystem] C:\Program Files\directx\directx.exe

O13 - DefaultPrefix: http://smartsearch.ws/?q=
O13 - WWW Prefix: http://smartsearch.ws/?q=

Then reboot, preferably into safe mode and delete:
C:\Program Files\directx\directx.exe

Also, do me a favor and do a Find/Files for *network.sys

Let me know if and where it is found.

Regards,

Pieter