Need help w/ Hijack this

[violineb]

First off I have to admit that my computer was (and probably still is) full of spyware. Somehow the dell in Baltimore never gets spyware even though it's always online with DSL whereas my own PC in PA is full of spyware even though it's on dialup. (just discovered it probably does have something to do with the People PC ISP)

Anyway, my problems at the moment are:

-Task manager won't come up for more than 1 second before disappearing.
-Regedit doesn't work
and of course this log file.

Thanks

Logfile of HijackThis v1.99.0
Scan saved at 2:30:46 PM, on 12/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\SysDebug.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\PROGRA~1\ISP50\dialer\DIALER.EXE
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Emmanuel\Desktop\spyware software\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mysearch.cc
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearch.cc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mysearch.cc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mysearch.cc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mysearch.cc
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearch.cc
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mysearch.cc
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mysearch.cc
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.mysearch.cc
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.mysearch.cc
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: SDWin32 Class - {530EF647-AB8B-4732-88D1-6CBD46F281DD} - C:\WINDOWS\System32\uwvpk.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Microsofot x386 System Monitor] system32.exe
O4 - HKLM\..\Run: [Auto updat] SysDebug.exe
O4 - HKLM\..\RunServices: [Microsoft Restore] scrgrd.exe
O4 - HKLM\..\RunServices: [Microsofot x386 System Monitor] system32.exe
O4 - HKLM\..\RunServices: [Auto updat] SysDebug.exe
O4 - HKLM\..\RunServices: [Windows Security Policy] secpol.exe
O4 - HKLM\..\RunServices: [Micr Update] soundblaster.exe
O4 - HKLM\..\RunOnce: [Microsofot x386 System Monitor] system32.exe
O4 - HKLM\..\RunOnce: [Auto updat] SysDebug.exe
O4 - HKCU\..\Run: [Microsofot x386 System Monitor] system32.exe
O4 - HKCU\..\Run: [Auto updat] SysDebug.exe
O4 - HKCU\..\RunOnce: [Microsofot x386 System Monitor] system32.exe
O4 - HKCU\..\RunOnce: [Auto updat] SysDebug.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O13 - DefaultPrefix: http://www.mysearch.cc/index.php?
O13 - WWW Prefix: http://www.mysearch.cc/index.php?
O13 - Home Prefix: http://www.mysearch.cc/index.php?
O17 - HKLM\System\CCS\Services\Tcpip\..\{083236D1-C89E-48D5-A145-7E89F26C5C7B}: NameServer = 204.157.3.13 205.199.193.2
O20 - AppInit_DLLs: mad.dll
O21 - SSODL: MSThreadMode - {12545303-1234-4321-C321-000000000123} - C:\WINDOWS\system32\MSoGT0.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

[Know Nuttin]

remove these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mysearch.cc
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearch.cc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mysearch.cc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mysearch.cc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mysearch.cc
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearch.cc
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mysearch.cc
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mysearch.cc
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.mysearch.cc
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.mysearch.cc
O2 - BHO: SDWin32 Class - {530EF647-AB8B-4732-88D1-6CBD46F281DD} - C:\WINDOWS\System32\uwvpk.dll
O4 - HKLM\..\Run: [Microsofot x386 System Monitor] system32.exe
O4 - HKLM\..\Run: [Auto updat] SysDebug.exe
O4 - HKLM\..\RunServices: [Microsoft Restore] scrgrd.exe
O4 - HKLM\..\RunServices: [Microsofot x386 System Monitor] system32.exe
O4 - HKLM\..\RunServices: [Auto updat] SysDebug.exe
O4 - HKLM\..\RunServices: [Windows Security Policy] secpol.exe
O4 - HKLM\..\RunServices: [Micr Update] soundblaster.exe
O4 - HKLM\..\RunOnce: [Microsofot x386 System Monitor] system32.exe
O4 - HKLM\..\RunOnce: [Auto updat] SysDebug.exe
O4 - HKCU\..\Run: [Microsofot x386 System Monitor] system32.exe
O4 - HKCU\..\Run: [Auto updat] SysDebug.exe
O4 - HKCU\..\RunOnce: [Microsofot x386 System Monitor] system32.exe
O4 - HKCU\..\RunOnce: [Auto updat] SysDebug.exe
O13 - DefaultPrefix: http://www.mysearch.cc/index.php?
O13 - WWW Prefix: http://www.mysearch.cc/index.php?
O13 - Home Prefix: http://www.mysearch.cc/index.php?
O17 - HKLM\System\CCS\Services\Tcpip\..\{083236D1-C89E-48D5-A145-7E89F26C5C7B}: NameServer = 204.157.3.13 205.199.193.2
O20 - AppInit_DLLs: mad.dll
O21 - SSODL: MSThreadMode - {12545303-1234-4321-C321-000000000123} - C:\WINDOWS\system32\MSoGT0.dll

 

[klingens]

http://startup.iamnotageek.com/srch-Microsofot x386 System Monitor.html
http://computercops.biz/startuplist-5597.html
http://computercops.biz/startuplist-4827.html
et.

Basically do the following: Enter the stuff Hijackthis showed you in google. If it is spyware, you will usually see it in the first hit.
E.g. I put "Microsofot x386 System Monitor" and it showed me it's a worm. Another good source are filenames of the exe files: sysdebug.exe in google and it shows me it's a W32/Forbot-BA infection, etc.

As soon as you have the real name of the offenders, you can stard removing them. I'd suggest to install AVG, spybot S&D, adaware SE and autoruns from sysinternals. Run all of them at least once. If there are things they can't remove, investigate them further via google and remove them manually by liberally applying the "del" command. Personally, a PEBuilder CD helps me a ton for deleting otherwise undeleteable things.

For the future: friends don't let friends use Internet Explorer. Use firefox instead. and don't use Outlook either, use thunderbird.

Lastly: if an ISP gives out public IPs, you're always as vulnerable as with any other ISP. No ISP is better than any other in that respect.