My boss gave me his notebook computer to look at because it has all sorts of malware, spyware, and viruses on it. Apparently he was surfing the net with outdated anti-virus software. I looked at some of the existing questions regarding this subject here on EE and downloaded "Hi Jack This". The log file is posted below so that hopefully someone can look at it and guide me before I screw things up. Before running Hi Jack This, I downloaded and ran SmithFraudFix but it appears to have done little or nothing. I also installed and ran up-to-date Symantec anti-virus software. It identified something like 40 viruses. I'm still getting all these crazy pop-ups on the computer though. Don't know what to do, so here's the Hi Jack This log file and I'll wait for a hopeful response. Thanks.
Logfile of HijackThis v1.99.1
Scan saved at 11:31:50 AM, on 10/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
xe
C:\WINDOWS\system32\winlog
on.exe
C:\WINDOWS\system32\servic
es.exe
C:\WINDOWS\system32\lsass.
exe
C:\WINDOWS\System32\Novell
\XTAgent.e
xe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\System32\svchos
t.exe
C:\WINDOWS\system32\spools
v.exe
C:\PROGRA~1\COMMON~1\AOL\A
CS\acsd.ex
e
C:\WINDOWS\System32\basfip
m.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\SYMANT~2\SYMAN
T~1\DefWat
ch.exe
C:\WINDOWS\system32\smjjby
aj.exe
C:\WINDOWS\SYSTEM32\DWRCS.
EXE
C:\Program Files\FSI\F-Prot\fpavupdm.
exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Novell\ZENworks\naln
tsrv.exe
C:\PROGRA~1\SYMANT~2\SYMAN
T~1\Rtvsca
n.exe
C:\WINDOWS\System32\nvsvc3
2.exe
C:\Program Files\Novell\ZENworks\Remo
teManageme
nt\RMAgent
\ZenRem32.
exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Novell\ZENworks\wm.e
xe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Novell\ZENworks\WMRU
NDLL.EXE
C:\WINDOWS\system32\ctfmon
.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quicks
et.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\NWTRAY
.EXE
C:\WINDOWS\System32\dpmw32
.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\
drivers\w3
2x86\3\hpz
tsb10.exe
C:\Program Files\FSI\F-Prot\F-StopW.E
XE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\System32\iprntc
tl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec_Client_Secu
rity\Syman
tec AntiVirus\vptray.exe
C:\Program Files\Real\RealPlayer\Real
Play.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.
exe
C:\Program Files\Web Buying\v1.8.5\webbuying.ex
e
C:\Program Files\ISM2\ISMPack8.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.ex
e
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchos
t.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\TPZARN2\Desktop\a
lternativ.
exe
R1 - HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\Internet Settings,AutoConfigURL =
http://proxymvc.dot.state.nj.us/proxy.pacR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
090271D4F8
8} - C:\Program Files\Yahoo!\Companion\Ins
talls\cpn\
yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7
695ECA0567
0} - C:\Program Files\Yahoo!\Companion\Ins
talls\cpn\
yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3} - C:\Program Files\Common Files\Adobe\Acrobat\Active
X\AcroIEHe
lper.dll
O2 - BHO: (no name) - {1F7D1F55-7098-4151-B439-1
6BB27E2F5B
0} - C:\Program Files\Windows NT\mepovygu4444.dll (file missing)
O2 - BHO: (no name) - {32f4be71-9941-4b71-a517-0
4aa22fbe07
a} - C:\WINDOWS\system32\mkjiql
e.dll
O2 - BHO: 0 - {3C54762A-6EE6-41F3-AC98-5
8661723C19
6} - C:\Program Files\Common Files\quba.dll (file missing)
O2 - BHO: (no name) - {40662D65-635B-4635-9A24-8
6AAAC76F9E
D} - C:\Program Files\Windows NT\mepovygu83122.dll (file missing)
O2 - BHO: (no name) - {820A2C8D-DFC0-4A9F-B3CA-4
410CA4F7C0
4} - C:\WINDOWS\system32\ljjgfd
a.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-4
43F233F603
3} - C:\WINDOWS\system32\gjfsbn
uy.dll
O2 - BHO: BndDrive2 BHO Class - {8FB5B012-E8CB-46cd-B6D2-E
D428FAE904
3} - C:\Program Files\ISM\BndDrive5.dll
O2 - BHO: (no name) - {A884BCDE-6CF3-43D4-9466-F
DAC868A784
4} - C:\WINDOWS\system32\jkkkl.
dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-6
8C0DE02353
A} - C:\WINDOWS\system32\dhkuvw
lm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
F10577473F
7} - c:\program files\google\googletoolbar
2.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7
DD20B8684B
B} - C:\Program Files\E404 Helper\e404.v1.dll
O2 - BHO: (no name) - {fcb88127-498a-4031-a62a-3
5383bcce6e
c} - C:\WINDOWS\system32\mkjiql
e.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
09027A5CD4
F} - c:\program files\google\googletoolbar
2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
090271D4F8
8} - C:\Program Files\Yahoo!\Companion\Ins
talls\cpn\
yt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-4
5AF8282558
3} - C:\WINDOWS\system32\dhkuvw
lm.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
dll,NvStar
tup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quicks
et.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32
.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\
drivers\w3
2x86\3\hpz
tsb10.exe
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explor
er.exe
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.e
xe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.E
XE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\System32\iprntc
tl.exe TRAY_ICON
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Secu
rity\Syman
tec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentra
y.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\Real
Play.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.
exe"
O4 - HKLM\..\Run: [plite731] C:\WINDOWS\plite731.exe
O4 - HKLM\..\Run: [44607791] rundll32.exe "C:\WINDOWS\system32\gwstt
wth.dll",b
O4 - HKLM\..\Run: [ShareSearcher] c:\wsusupd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\Adobe
Updater.ex
e
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.5\webbuying.ex
e
O4 - HKCU\..\Run: [ISMPack8] "C:\Program Files\ISM2\ISMPack8.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync
.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Application Explorer.lnk = C:\Program Files\Novell\ZENworks\NalV
iew.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Mic
rosoft\Int
ernet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
\OFFICE11\
EXCEL.EXE/
3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\WINDOWS\System32\msjava
.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\WINDOWS\System32\msjava
.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
C9C571A826
3} - C:\PROGRA~1\MICROS~2\OFFIC
E11\REFIEB
AR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-1
2A255F085E
1} - C:\Program Files\PartyGaming\PartyPok
er\RunApp.
exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-1
2A255F085E
1} - C:\Program Files\PartyGaming\PartyPok
er\RunApp.
exe (file missing)
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6
323E210A12
5} - C:\Program Files\Novell\ZENworks\AxNa
lServer.dl
l
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
0C0F0318AF
E} - C:\WINDOWS\system32\Shdocv
w.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0
040963251E
5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.c
ab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-2
2031317559
2} (ZoneIntro Class) -
http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-7
3DB16A1543
A} (PopCapLoader Object) -
http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v7.cabO17 - HKLM\System\CCS\Services\T
cpip\Param
eters: Domain = njdot.lan
O17 - HKLM\Software\..\Telephony
: DomainName = njdot.lan
O17 - HKLM\System\CS1\Services\T
cpip\Param
eters: Domain = njdot.lan
O17 - HKLM\System\CS1\Services\T
cpip\Param
eters: SearchList = njdot.lan,cpm.dot.state.nj
.us,dot.st
ate.nj.us
O17 - HKLM\System\CS2\Services\T
cpip\Param
eters: Domain = njdot.lan
O17 - HKLM\System\CS2\Services\T
cpip\Param
eters: SearchList = njdot.lan,cpm.dot.state.nj
.us,dot.st
ate.nj.us
O17 - HKLM\System\CCS\Services\T
cpip\Param
eters: SearchList = njdot.lan,cpm.dot.state.nj
.us,dot.st
ate.nj.us
O20 - Winlogon Notify: dhkuvwlm - C:\WINDOWS\SYSTEM32\dhkuvw
lm.dll
O20 - Winlogon Notify: ljjgfda - C:\WINDOWS\SYSTEM32\ljjgfd
a.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLog
on.dll
O20 - Winlogon Notify: NetIdentity Notification - C:\WINDOWS\system32\Novell
\XtNotify.
dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLog
on.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\A
CS\acsd.ex
e
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfip
m.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc
.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMAN
T~1\DefWat
ch.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\smjjby
aj.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINDOWS\SYSTEM32\DWRCS.
EXE
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.
exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterServi
ce.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\naln
tsrv.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMAN
T~1\Rtvsca
n.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3
2.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\Remo
teManageme
nt\RMAgent
\ZenRem32.
exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYS
VC.EXE (file missing)
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell
\XTAgent.e
xe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.e
xe
