iamevl
I don't claim to have a monopoly on HJT-logs, but you would be better advised, to send any new people with a Hijackthis log to my post here:
How to remove Begin2Search / Coolwebsearch
And giving only SOME advise is just as dangerous as giving WRONG advise.
docks
Go to my above mentioned post first and follow the instructions EXACTLY.
Then reboot in Safe Mode
Uninstall anything to do with:
C:\Program Files\DeskAd Service\DeskAdServ.exe
Delete C:\Program Files\DeskAd Service\ with everything that might still be in it
Run HJT on its own and let it "fix" (if still there):
C:\Program Files\
DeskAd Service\DeskAdServ.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.ntlworld.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://www.ntlworld.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.254.128.5:8080
O1 - Hosts: 203.161.127.141
www.dcsresearch.com
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\
SEARCH~1\SEARCH~1.DLL
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - Global Startup: Startup.exe
O4 - Global Startup: Startup.lnk = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Startup.exe
O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)
O15 - Trusted Zone: .windowsupdate.microsoft.com[/url]
O15 - Trusted Zone:
http://download.windowsupdate.com
--->>> You do NOT trust ANYbody EVER <<<---
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 -
http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} -
http://www.eingang69.de/EroticAccess/Cabs/1843023.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c336.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1100900742051
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) -
http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O20 - AppInit_DLLs:
apihookdll.dll <<-- wherever it sits on your HD
Delete the
bold files. When a
directory is also
bold, delete everything in it, including that directory itself.