mj4y

Do one or both of these scanners:
http://uk.trendmicro-europe.com/cons...all_launch.php
http://www.pandasoftware.com/actives..._principal.htm

Then follow these instructions EXACTLY
How to remove Begin2Search/Coolwebsearch and Other Nasties

Get rid of eMule, Flashget and all other P2P software.
Then post a new log.

SquarePegs

Follow these instructions EXACTLY
How to remove Begin2Search/Coolwebsearch and Other Nasties

Stop the Process (ctrl-alt-del) and the Service (services.msc) for
O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINDOWS\taskcntr.exe

Delete that taskcntr.exe

Install XP/SP2.

Then post a new log.

nicolekwt

Boot in Safe Mode, see how here.
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Next, open Windows Task Manager by pressing CTRL+ALT+DELETE.
Click the Processes tab, select the process (if there) and click End Process for:
ALL the xxx.exe entries under Running Processes
ALL the xxx.exe entries in the O4 - HKLM group (that were not already under Running Processes)

Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\ISTbar\istbarcm.dll
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\SideFind\sidefind.dll
C:\Program Files\Folder Guard Pro XP\FGuard32.dll

Next, click on Start/Run and type in (followed by press Enter):
regsvr32 /u C:\WINDOWS\nem220.dll
regsvr32 /u C:\Program Files\SideFind\sidefind.dll
regsvr32 /u C:\Program Files\SideFind\sfbho.dll
regsvr32 /u C:\WINDOWS\System32\msbe.dll
regsvr32 /u C:\Program Files\Folder Guard Pro XP\FGuard32.dll

Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
........................................................................... ........................
Running processes:
C:\WINDOWS\System32\xpjava.exe
C:\WINDOWS\TEMP\fGCdZb6.exe
C:\WINDOWS\TEMP\sais.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hq1.permanis.com.my:8383/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sisoftware.net/?location=...se&dir=licence
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll (file missing)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [N1damP4iD] C:\WINDOWS\vkuobbq.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B6A084E0-BF8F-101C-AED5-00608CF525A5} (TX - ButtonBar Control) - http://hq1.permanis.com.my:8383/tx.cab
Unless your ISP is NETBLK-JARING in Kuala Lumpur, fix these O17s:
O17 - HKLM\System\CCS\Services\Tcpip\..\{5763A405-D23E-49D5-9A17-A45506547171}: NameServer = 192.228.128.20 192.228.128.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{5763A405-D23E-49D5-9A17-A45506547171}: NameServer = 192.228.128.20 192.228.128.18
O20 - Winlogon Notify: FolderGuard - C:\Program Files\Folder Guard Pro XP\FGuard32.dll
........................................................................... ........................
Now click on the Fix Checked button in HJT. Exit HJT.

When done, from between the above dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Delete ALL files from C:\WINDOWS\Prefetch.
Boot normal. When all OK, switch System Restore back on.

Stop using that crappy Internet Explorer except for Windows updates. Go to www.getfirefox.com

And now go and install XP/SP2.

And be more selective where you surf!

This thread is over a year old and will be closed shortly

and

We already have a guide for that which can be found
http://www.techspot.com/vb/topic34006.html