SPAM SPAM EVERYWHERE!

[Aryana]

I have a lot of spam and <a href="http://daosearch.com/search.php?qq=spyware&said=qq">spyware</a> that I can't seem to get rid of. Started a few weeks ago. Anyway I took the advice I found in other threads and ran hijackthis. Here is my log, any help is appreciated! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

Logfile of HijackThis v1.99.1
Scan saved at 6:11:03 PM, on 3/7/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\<a href="http://daosearch.com/search.php?qq=<a href="http://daosearch.com/search.php?qq=services&said=qq">services</a>&said=qq"><a href="http://daosearch.com/search.php?qq=services&said=qq">services</a></a>.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\Uokeeh.exe
C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
C:\WINDOWS\System32\vmss\vmss.exe
C:\windows\system32\msnavc32.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\StopItBlockItSystemTray.exe
C:\WINDOWS\System32\<a href="http://daosearch.com/search.php?qq=<a href="http://daosearch.com/search.php?qq=Services&said=qq">Services</a>&said=qq"><a href="http://daosearch.com/search.php?qq=Services&said=qq">Services</a></a>\{14B0E8AD-C318-433C-8121-E23444DF1EFD}\SVCHOST.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system\tuawpai.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM95\aim.exe
C:\PROGRA~1\AMERIC~2.0\wEmail Removedexe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\psidecod.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\sfita.exe
C:\WINDOWS\csrss.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\WScript.exe
C:\PROGRA~1\AMERIC~2.0\shellmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Aryana\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.42.87.219/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ibtgamojdgotwjzod.com/qwlf8eoay...Z9CRB6vHkz.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daosearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Aryana\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.c...80552934&id=5.0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - B{00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: (no name) - B{00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - B{0007522A-2297-43C1-8EB1-C90B0FF20DA5} - (no file)
O2 - BHO: (no name) - B{017C20C1-F86F-11D8-9B25-000ACD002AE3} - (no file)
O2 - BHO: (no name) - B{01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file)
O2 - BHO: (no name) - B{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - B{12EE7A5E-0674-42f9-A76A-000000004D00} - (no file)
O2 - BHO: (no name) - B{59F12660-2B92-4554-98F9-87295AD8A0CE} - (no file)
O2 - BHO: Replace Search Ctl - B{832BEBED-C3DA-4534-A2C2-B2FFF220C820} - (no file)
O2 - BHO: (no name) - B{8DA5457F-A8AA-4CCF-A842-70E6FD274094} - (no file)
O2 - BHO: ohb - B{988CAFC4-DC0D-4D8C-A35E-5028ABE9E641} - (no file)
O2 - BHO: (no name) - B{F6F7F7E0-1C71-43B7-B55A-20FA9C54BFC8} - (no file)
O2 - BHO: (no name) - B{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll (file missing)
O2 - BHO: (no name) - {97AD0BD7-3EBD-40CD-A66C-6461E9FA98BD} - C:\WINDOWS\System32\plla.dll
O3 - Toolbar: (no name) - {4CC0FAF8-6048-421C-9FE2-261A9ECE5F80} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Begin2Search.com Bar - {207AEF46-0596-4966-A7BF-098F247E85BB} - C:\WINDOWS\System32\ic2_win.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [xutslon] C:\WINDOWS\xutslon.exe
O4 - HKLM\..\Run: [zbjbiqhs] C:\WINDOWS\System32\wlfjhye.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [4zckbtfe] C:\Program Files\4zckbtfe\4zckbtfe.exe
O4 - HKLM\..\Run: [szcpoc] C:\WINDOWS\System32\szcpoc.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Gxgkcs.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Uokeeh.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
O4 - HKLM\..\Run: [C:\WINDOWS\cnmkz.exe] C:\WINDOWS\cnmkz.exe
O4 - HKLM\..\Run: [antiware] C:\windows\system32\eliteajd32.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [Enh Win Updt] C:\WINDOWS\enhupdt.exe
O4 - HKLM\..\Run: [SystemTraySD] C:\WINDOWS\System32\StopItBlockItSystemTray.exe
O4 - HKLM\..\Run: [MonitorSD] C:\WINDOWS\System32\SDMonitor.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\<a href="http://daosearch.com/search.php?qq=<a href="http://daosearch.com/search.php?qq=Services&said=qq">Services</a>&said=qq"><a href="http://daosearch.com/search.php?qq=Services&said=qq">Services</a></a>\{14B0E8AD-C318-433C-8121-E23444DF1EFD}\SVCHOST.EXE
O4 - HKLM\..\Run: [desktop] C:\WINDOWS\System32\desktop.exe
O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\System32\tibs5.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Anayat\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AutoLoader5w3t1KMeNbLd] "C:\WINDOWS\System32\robclu.exe" /HideUninstIcon /PC="WB.POP" /UninstallName="Software Apropos"
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\RunServices: [desktop] C:\WINDOWS\System32\desktop.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WIPE PROXY] C:\DOCUME~1\Aryana\APPLIC~1\THIRDB~1\bold copy bib.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [K035RUdsW] psidecod.exe
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe
O4 - HKCU\..\Run: [wuwu] C:\PROGRA~1\COMMON~1\wuwu\wuwum.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\csrss.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Search.vbs
O8 - Extra context menu item: &FastSeeker Search - res://C:\Program Files\FastSeeker\FastSeekerToolbar011203.dll/cmsearch.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O17 - HKLM\System\CCS\<a href="http://daosearch.com/search.php?qq=<a href="http://daosearch.com/search.php?qq=Services&said=qq">Services</a>&said=qq"><a href="http://daosearch.com/search.php?qq=Services&said=qq">Services</a></a>\Tcpip\..\{FE755E5C-EA74-4685-90C1-0781B980ACC3}: NameServer = 205.188.146.145
O18 - Filter: text/html - {B8F3EC32-619E-4222-99E7-8BAF62D99146} - C:\WINDOWS\System32\plla.dll
O18 - Filter: text/plain - {B8F3EC32-619E-4222-99E7-8BAF62D99146} - C:\WINDOWS\System32\plla.dll
O21 - SSODL: System - {8DAECE58-06C4-4169-99A9-971F0894C95F} - syszw.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: iPod Service (iPodService) - Apple <a href="http://daosearch.com/search.php?qq=<a href="http://daosearch.com/search.php?qq=Computer&said=qq">Computer</a>&said=qq"><a href="http://daosearch.com/search.php?qq=Computer&said=qq">Computer</a></a>, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[guestolo]

You have quite a few problems on your computer
Let's start with some cleanup

Go to this link and install the Trial version of KAV Personal 5.0 Trial (good for 30 days)
I need you to install this Anti-Virus software, we can uninstall it later and get you a free one for everyday use
http://computercops.biz/postt106277.html
And follow all the instructions closely, including downloading and running their trial AV in safe mode and ensure it's updated
Also ensure you get a copy of Hoster

Any step missed may require you to start the WHOLE procedure over again
So look it over carefully
The AV must be updated, don't assume because you have it installed it is updated

Once you have completed the scan remember to Save the report to post it back here
Along with a fresh Hijackthis log

[Aryana]

Hey, sorry I haven't replied. I didn't forget about this, I've just been busy and I have dial-up so just downloading those programs with my slow connection and all the junk on my computer has been a challenge :X But I'll hopefully be able to do that soon and will post what you've asked for then.

Will this get rid of everything? My main concern is the stupid "daosearch" thing which is driving me crazy.

Thanks.