My Pc's been hijacked!!

[joey_turbo]

Got this damn thing called "Quickbrowser" installed itself. can't remove it. now i've got an internet explorer toolbar, that autoloads with all links to credit card stuff, adult dating. then it installs all this to desktop, i get popups all the time.

what do i do?
I got a norton personal firewall.

[cpunto]

Have a serach fro free programs that search out spyware prgrams/cookies
Sorry i cant give u any links right, im not all there in the head at the minute.

[cpunto]

'meaya' and 'ad aware spring to mind now I think bou t it

[Puntoboy]

i use SpyBot: Search & Destroy on my pc.

also, if ur using xp, then service pack 2 is great for stopping all the crap on the internet. if u can get it to install without wiping ur machine.

[joey_turbo]

Thanks guys.
I tried your suggestions, its still fcuked!
The program thats causeing problems is 180Search Assistant its in my Add/Remove Prpgrams, but when i try to remove it, it jams everything.
Also I've got Quickbrowser in my C:windows folder, thats saying its write protected, so i cant remove it. When i'm using the internet, its turning the 'sex' in 'Essex', into a link.
I'm running windows 98, I've got PC-Cilling 2002 virus software that came with the motherboard, Noron Antivirus 2002 and norton Personal Firewall,
last night i put, Spyware search & destroy, Spywareblaster on my machine, but the popups keep coming, as well as the annoying web taskbar that has all adult dating links on it.
I built this PC only about a month ago, so i've not got loads of major files on it, do you thinks its best if i re-format my hdd and start again. oh yeah, since all this, the hdd makes loads of clicking noise.

any suggestions?

[Puntoboy]

since this the HDD makes a clicking noise?

weird, shouldnt do that not with a software problem.

i would back up wot u can, and format the pc, wot spec is it? i would recommend Win XP if the processor is higher than 1ghz and u have at least 256mb of RAM.

[joey_turbo]

yeah, when i go to unistall that program, everything jams up, i can still use my mouse, and keyboard, but all they do is make a morse code like sounds.

i haven't got much to back up, cos i haven't been using it that much.
I've got a AMD Athlon XP 2600+ 512Kb SoA, DiamondMax Plus9 80GB hdd, 256MB 184DIMM PC3200.

I haven't got XP, i didn't fancy buying another OS, cos i already got Win98.

How do these fcukers do this to your Pc? Though i was safe with all the antivrus software I got.

[PuntoSporting]

Donwload HiJackThis and run it. Post the log on here and I'll tell you what to remove.

the 180Searchassistant is a pig to remove.

Spybot should get rid of most of the **** on your PC though, so long as its detection stuff is up to date.

Another program to try is CWShredder...it removes alot of variants of the CoolWebSearch ad program.

But post that log and I'll have a look.

[adiboy]

try the program called Ad Aware
helped me a lot.

[joey_turbo]

thanks puntosporting.

heres the log from highjack this:

Logfile of HijackThis v1.97.7
Scan saved at 11:54:07 AM, on 10/2/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCPFW.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISSERV.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\SYMPROXYSVC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\RSCMPT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCGUIDE.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCCLIENT.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\POP3TRAP.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\IAMAPP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\BTSETBOOTKEY.EXE
C:\WINDOWS\QUICKBROWSER.EXE
C:\WINDOWS\SYSTEM\SAIE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
C:\PROGRAM FILES\INTERVIDEO\COMMON\BIN\WINCINEMAMGR.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\WEBTRAP.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\ATRACK.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\PROGRAM FILES\EXTENDED SYSTEMS\XTNDCONNECT BLUE MANAGER\XTNDCONNECT BLUE MANAGER\XCBLUMGR.EXE
C:\PROGRAM FILES\EXTENDED SYSTEMS\XTNDCONNECT BLUE MANAGER\XTNDCONNECT BLUE MANAGER\SUSHIMONAPI.EXE
C:\PROGRAM FILES\EXTENDED SYSTEMS\XTNDCONNECT BLUE MANAGER\BTPROT.EXE
C:\PROGRAM FILES\EXTENDED SYSTEMS\XTNDCONNECT BLUE MANAGER\XTNDCONNECT BLUE MANAGER\BTUI_MIDDLEMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/broadband
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.begin2search.com/sidesearch.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {08227B4B-54FE-4C4D-809F-BCA46292FC5B} - C:\WINDOWS\SYSTEM\AANTX.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM\WINB2S32.DLL
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\SYSTEM\WINB2S32.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Rscmpt] C:\WINDOWS\SYSTEM\Rscmpt.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NAVAPW32.EXE
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [QBRSR] C:\WINDOWS\QuickBrowser.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [SAHBundle] C:\WINDOWS\TEMP\bundle.exe
O4 - HKLM\..\Run: [saie] c:\windows\system\saie.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PCCPFW] C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O4 - HKLM\..\RunServices: [nisserv] C:\Program Files\Norton Personal Firewall\NISSERV.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Startup: Startup.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB

The CWShredder reported my system was clean.

appreciate your help.