Hi lostprophet, you've got a bit of things to clean, first download the latest version of HJT,
http://www.majorgeeks.com/download3155.html and download CWShredder,
http://www.majorgeeks.com/download4086.html
Go into Add/Remove Programs and uninstall WinTools.
First download this tool to fix the peper infection you have,
http://downloads.subratam.org/PeperFix.exe Run it and reboot if it asks you to.
Run CWShredder, let it fix everything it finds. Then have HJT fix:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://line-plus.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ls0.net/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ls0.net/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
http://www.do-jaja.com/search/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\secure.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://ls0.net/home.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://1-se.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://1-se.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =
http://ls0.net/srchasst.html (obfuscated)
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\Program Files\IntBar\rundlg32.dll
F0 - system.ini: Shell=Explorer.exe monitor.exe
F1 - win.ini: run=C:\WINNT\inetdata\winlogon.exe
F2 - REG:system.ini: Shell=Explorer.exe monitor.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem219.dll
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINNT\mxTarget.dll
O2 - BHO: (no name) - {275636E4-A535-4668-9FF1-86DC0C62D446} - C:\WINNT\msopt.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {690EC3C0-E676-45B2-9403-B18CFAAF0074} - C:\WINNT\System32\bck.dll
O2 - BHO: (no name) - {6AAF6229-B01D-2D90-8752-60550FA92F15} - C:\WINNT\System32\mldxr.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: (no name) - {9E992732-295F-4987-8BE3-16FAC1639198} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.dll
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll (file missing)
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Administrator\Local
Settings\Temp\WYMJ4WpaW.dll (file missing)
O2 - BHO: sr - {FC2593E3-3E5A-410F-AF3D-82613CCE58E5} - c:\winnt\sr.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll (file missing)
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\IntBar\rundlg32.dll
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [38Z3MSR3DDD##A] C:\WINNT\System32\NipM9X44.exe
O4 - HKLM\..\Run: [xp_system] C:\WINNT\inetdata\winlogon.exe
O4 - HKLM\..\Run: [xpsystem] C:\WINNT\system32\services\msxmidi.exe
O4 - HKCU\..\Run: [monitor] monitor.exe
O4 - HKCU\..\Run: [xp_system] C:\WINNT\inetdata\winlogon.exe
O4 - HKCU\..\Run: [xpsystem] C:\WINNT\system32\services\msxmidi.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Web Search - C:\WINNT\ex.htm
O9 - Extra button: SideFind (HKLM)
O15 - Trusted Zone: *.iwantsearch.com
O15 - Trusted Zone:
www.mt-download.com
O15 - Trusted Zone: install.xxxtoolbar.com
O16 - DPF: v2cab -
http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {11010101-1001-1111-1000-110112345678} -
ms-its:mhtml:file://c:\nosuch.mht!
http://69.50.179.54/winsearchie32.chm::/winsearchie32.exe
O16 - DPF: {11010101-1001-1111-1000-115676576811} -
ms-its:mhtml:file://c:\nosuch.mht!
http://www.ustimerz.com/cm11111/var.chm::/var.exe
O16 - DPF: {11010101-1001-1111-1000-115676576822} -
ms-its:mhtml:file://c:\nosuch.mht!
http://www.ustimerz.com/cm11112/var1.chm::/var1.exe
O16 - DPF: {11111111-1111-1111-1111-111111111171} -
ms-its:mhtml:file://c:\\nosuch.mht!
http://line-plus.com/newhelp.chm::/newhelp.exe
O16 - DPF: {11311111-1111-1111-1111-11111121115F} - file://C:\Recycled\Q383302.exe
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) -
http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://public.windupdates.com/get_f...2244d317f6ab2c86bff7585b7e883263ddf35912dd813
dee463c744961d2b31add589650eef4d876c0fc2a2f745d64562:c31e3730b38c174130e1e2729109a237
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} -
http://access.babetv.co.uk/000001/us/enter/enter.exe
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) -
http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/106abb0db27c23459105/netzip/RdxIE601.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} -
http://download.websearch.com/Dnl/T_50019/QDow_AS2.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) -
http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) -
http://download.overpro.com/WildApp.cab
O19 - User stylesheet: C:\WINNT\color.css (file missing)
Now reboot into safemode, tap F8 at boot, and delete:
C:\Documents and Settings\All Users\Application Data\IEserver\ <--folder
C:\Documents and Settings\Administrator\Local Settings\Temp\ <--everything in this folder
C:\Program Files\Common Files\WinTools <--folder
C:\Program Files\IntBar\ <--folder
C:\Program Files\SEP\ <--folder
C:\Program Files\SideFind\ <--folder
C:\WINNT\inetdata\winlogon.exe <--file
C:\WINNT\system32\services\msxmidi.exe <--file
C:\WINNT\system32\monitor.exe <--file
c:\winnt\tour.reg <--file
Reboot normally, and post a new log. Please just post it, do not attach it.
Go to Windows Update, you NEED TO GET SP4 for Win2000, along with ALL CRITICAL UPDATES. I also do not see an Antivirus program running, but it could have been corrupted by your infection. If you do not have one, install AVG 6.0 Free, as the name says it is free, and very good. You must keep yourself updated.