HijackThis Log – searchmeup.com / virus help

PROBLEM

I seem to have been infected with the seachmeup.com hijack/virus

The virus seems to be
#1. Forcing "Internet Explorer" to always open the website "seachmeup.com"

#2. Not allowing me to type in a different url. (The site will let me type it in and hit enter, but it will load the page that I was trying to leave. So I can't go to a new webpage using the address bar)

#3. Often times won't open links. - Often times I get the messages like: "Forbidden", "You are not authorized to view this page", "Document Not Found", ect... (I know this is not supposed to happen cause I have an apple ibook and which has not been infected and it loads the pages fine using safari (apples web browser) )



STEPS TAKEN TO TRY TO FIX:

1. I ran "spybot" it found 9 files which included the "seachmeup.com" thing and I had spy bot delete the files. I reset my homepage to "yahoo.com" opened my browser and it fixed problem #1. But I was still having problems #2 and #3.

When I restarted my computer problem # 1 came back. So I ran "spybot" again and the files were found again. I repeated "spybot" a few more times but no luck.

2. I downloaded the web browser "Mozilla" to see if it was a problem with every web browser. It was not the case "Mozilla" worked perfectly. The hack seems to only effect "Internet Explorer" ( to bad I like using "Internet Explorer" )

3. I got Ad-Aware and ran the program. It found the same 9 files and fixed them. Again problem #1 was only solved, BUT again it came back when I rebooted my computer.

4. I got AVG 7.0 ( virus scanner ) it found some "byte…" virus forgot the full name but it fixed it and it didn't seem to come back when I rebooted. Still had all problems though.

5. Reset all the default "Internet Explorer" options to default. Did nothing =(.

6. looked on forum post http://www.able2know.com/forums/about21407.html and tryied to follow steps but I couldn't find any of the files: sytem32.exe, sytem32exe.pf, systeminit.exe, sstyle, systeminit.exe, sstyle.css. NONE of these files were on my computer.

7. Downloaded and ran "HijackThis" looked threw the log and deleted everything with "seachmeup.com" (what do you know there was 9 of them ) fixed same outcome as before the files came back when I rebooted

8. Got "CWSHredder" ran it, it found the 9 files too. Fixed them, which fixed problem #1 again, rebooted computer and YAHOO!!! Problem #1 was still fixed, but I still had a problem with #2 and #3.



PROBLEMS THAT STILL NEED TO BE FIXED:

Problem #2
Problem #3

PLEASE HELP!!!, this thing is driving me crazy and I don't want to reformat my computer, I want to kick the $#!@ out of the person who invented this stupid virus.

THANKS FOR THE HELP AND TIME!!!!!!





HIJACKTHIS LOG

*Notice that the 9 files are no longer in my log

Logfile of HijackThis v1.97.7
Scan saved at 10:55:14 PM, on 5/9/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\runwin32.exe
C:\WINDOWS\wininet32.exe
C:\WINDOWS\System32\iexplore.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Gateway User\Desktop\New Folder (2)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://66.40.21.68/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.battle.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://66.40.21.68/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [runwin32] C:\WINDOWS\runwin32.exe
O4 - HKCU\..\Run: [wininet32] C:\WINDOWS\wininet32.exe
O4 - HKCU\..\Run: [iexplore] C:\WINDOWS\System32\iexplore.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CHECKIT\86\AddToTrustList.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: CheckIt &86 (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_6.cab