pop up cartomanzia

on my win98 pc i've this problem: when i go on-line appear a fastidious pop up with write "cartomanzia e astrologia ".. what i have to do to delete it??

(pop up url: http://www.cartomanzia-tarocchi.biz/?1727)

 

Hijackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 11.33.23, on 16/04/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAMMI\RVS\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAMMI\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\PROGRAMMI\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\PSIMSVC.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAMMI\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAMMI\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\PROGRAMMI\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS\SYSTEM\LINKSTS.EXE
C:\PROGRAMMI\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\APVXDWIN.EXE
C:\WINDOWS\APPLICATION DATA\SGRUNT\IE4321.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WPSPSW.EXE
C:\PROGRAMMI\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\WEBPROXY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F1 - win.ini: load=WPSLOAD.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SponsorAdulto Class - {511F9316-771B-4953-A268-1C36DA667FE9} - C:\WINDOWS\DOWNLO~1\SPONSO~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Programmi\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programmi\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Programmi\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Linksts] Linksts.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Olympic] C:\WINDOWS\Application Data\sgrunt\IE4321.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [RVS Installer] C:\PROGRA~1\RVS\WCOM\SYSTEM\RVSINST.EXE
O4 - HKLM\..\RunServices: [ADService] C:\Programmi\Iomega\AutoDisk\ADService.exe
O4 - HKLM\..\RunServices: [PavProc] C:\Programmi\File comuni\Panda Software\PavShld\PavPrS9x.exe
O4 - HKLM\..\RunServices: [PSIMSVC] "C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe "
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: www.yeak.net
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.linkautomatici.com
O15 - Trusted Zone: www.master69.biz
O16 - DPF: {99BDE9B5-0D50-43E8-9981-773C48CF25EF} (Pro_Web899.ProWeb899) - http://67.15.5.151/ProWeb899.CAB
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/307193.exe
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD 2002 Ita\AcPreview.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file://C:\Programmi\AutoCAD 2002 Ita\AcDcToday.ocx
O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002 Ita\InstBanr.ocx
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programmi\AutoCAD 2002 Ita\InstFred.ocx
O16 - DPF: {31F11DFA-3A23-4BC0-89B4-2FB3FB43525B} (Pro_Web016.ProWeb016) - http://67.15.5.151/ProWeb016.CAB
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} (SponsorAdulto Class) - http://ip.spacash.com/cab/2/en/SysWebTelecomInt.cab
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://www.accessoveloce.com/univ/scd/x/scdsex1x.exe
O16 - DPF: {869518C3-FBA5-4D75-8A14-7047437E9498} (Jacques Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/it/Bernadette.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.99.125.2,151.99.125.3,151.99.125.1

 

Sorry for the delay.

Right click the desktop and choose new>folder. Name it HJT. Move HijackThis.exe to that folder.

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

O2 - BHO: SponsorAdulto Class - {511F9316-771B-4953-A268-1C36DA667FE9} - C:\WINDOWS\DOWNLO~1\SPONSO~1.DLL
O4 - HKLM\..\Run: [Olympic] C:\WINDOWS\Application Data\sgrunt\IE4321.exe
O15 - Trusted Zone: www.yeak.net
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.linkautomatici.com
O15 - Trusted Zone: www.master69.biz
O16 - DPF: {99BDE9B5-0D50-43E8-9981-773C48CF25EF} (Pro_Web899.ProWeb899) - http://67.15.5.151/ProWeb899.CAB
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/307193.exe
O16 - DPF: {31F11DFA-3A23-4BC0-89B4-2FB3FB43525B} (Pro_Web016.ProWeb016) - http://67.15.5.151/ProWeb016.CAB
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} (SponsorAdulto Class) - http://ip.spacash.com/cab/2/en/SysWebTelecomInt.cab
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://www.accessoveloce.com/univ/scd/x/scdsex1x.exe
O16 - DPF: {869518C3-FBA5-4D75-8A14-7047437E9498} (Jacques Class) - http://htmldialer.parisvoyeur.com/C.../Bernadette.cab


Either reboot and repeatedly tap F8 to enable the start menu and select safe mode, or go to start>run and type msconfig, hit enter. On the General tab click the advanced button. Check the box to 'enable start menu' and OK out. Restart and choose safe mode. Logon to your user account.


You will need to show hidden files and folders.

Search the drive for the files scdsex1x.exe and 307193.exe and delete if present.
Open C:\Temp (if present), select all and delete.
Open C:\Windows\Temp, select all and delete.
Open C:\Windows\Applog, select all and delete.
Open C:\WINDOWS\Application Data and delete the folder sgrunt.
Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content.
Open My Computer and right click Local Disk C:, then choose disk cleanup. Check all boxes and click OK.

If you used msconfig, uncheck the box to 'enable start menu' and click ok to reboot. Upon reboot you will be greeted with a message window from the System Configuration Utility. Check the box not to use and don't show, then click OK. If you used F8, just reboot back into Windows.

Scan your PC with RAV. If any files are infected, click the report button then copy and paste it here.

Run another HijackThis scan and post the log.