Got malware I can't get rid of. When clicking on Google results, I am redirected to anti-spyware websites. Below is my Hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:12 AM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.e
xe
C:\WINDOWS\system32\winlog
on.exe
C:\WINDOWS\system32\servic
es.exe
C:\WINDOWS\system32\lsass.
exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThi
s.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3} - C:\Program Files\Common Files\Adobe\Acrobat\Active
X\AcroIEHe
lper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E
2544C21A09
F} - C:\Program Files\SpyCatcher\SCActiveB
lock.dll (file missing)
O2 - BHO: (no name) - {246DC415-C280-42A1-AE5F-B
1FD0139EEF
5} - C:\WINDOWS\system32\dpmode
mxq.dll
O2 - BHO: (no name) - {5297A80C-DBA6-41A4-A291-0
E881815630
8} - c:\windows\system32\dhcpmo
nt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
4DAF1D92D4
3} - C:\Program Files\Java\jre1.6.0_03\bin
\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-F
ADC6B08487
2} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
09B6AD74AC
C} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0
050BA6940E
3} - (no file)
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
e
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin
\jusched.e
xe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc
.exe -startgui
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTA
T.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.
exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgSta
rt.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Im
gIcon.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag
nostics\di
agent.exe"
startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EX
E
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
" /background
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.e
xe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
obe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
LDMConf.ex
e
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH
.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3
\OFFICE11\
EXCEL.EXE/
3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\Program Files\Java\jre1.6.0_03\bin
\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\Program Files\Java\jre1.6.0_03\bin
\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-7
8752E50CD0
C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
C9C571A826
3} - C:\PROGRA~1\MICROS~3\OFFIC
E11\REFIEB
AR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
0C0F0318AF
E} - C:\WINDOWS\System32\Shdocv
w.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
9046DEA8A2
1} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprov
au.dll
O16 - DPF: {00E1C63A-1060-4EED-928B-2
EF2E265D35
2} (MJPEGRender Control) -
http://standrewslinkstrust.remotemanager.co.uk/common/activex/MJPEGRender.ocxO16 - DPF: {01113300-3E00-11D2-8470-0
060089874E
D} (Support.com Configuration Class) -
http://activation.rr.com/install/download/tgctlcm.cabO16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0
E3A5CAA8CD
8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {11260943-421B-11D0-8EAC-0
000C07D88C
F} (iPIX ActiveX Control) -
http://www.ipix.com/download/ipixx.cabO16 - DPF: {140F03AE-0588-11D4-BD45-0
050048A82B
F} (eShare Web Collaboration Class) -
http://ec112.ecicorp.com/netagent/objects/emagic.cabO16 - DPF: {17492023-C23A-453E-A040-C
7C580BBF70
0} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {39B0684F-D7BF-4743-B050-F
DC3F48F7E3
B} (FilePlanet Download Control Class) -
http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-B
E107C0EC16
6} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cabO16 - DPF: {6E32070A-766D-4EE6-879C-D
C1FA91D2FC
3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163705183734O16 - DPF: {8E28B3A9-FE83-45D1-B657-D
5426B81A12
1} (CustomerCtrl Class) -
http://cs5b.instantservice.com/jars/customerxsigned33.cabO16 - DPF: {9059F30F-4EB1-4BD2-9FDC-3
6F43A218F4
A} (Microsoft RDP Client Control (redist)) -
http://wrcs-ntsrv1.corp.fedex.com/tsweb/msrdp.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-0
0104B06BDE
3} (CamImage Class) -
http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocxO16 - DPF: {96816368-C1E3-414D-A193-6
3C3CC92199
0} (MJPEGRender Control) -
http://standrewslinkstrust.remotemanager.co.uk/common/activex/MJPEGRender.ocxO16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0
E40F83B1AD
F} (Live365Player Class) -
http://www.live365.com/players/play365.cabO16 - DPF: {DE625294-70E6-45ED-B895-C
FFA13AEB04
4} (AxisMediaControlEmb Class) -
http://66.91.147.106:8010/activex/AMC.cabO20 - AppInit_DLLs: 6741f5de
O20 - Winlogon Notify: eqciwtko - C:\WINDOWS\SYSTEM32\dhcpmo
nt.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2ev
xx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sg
ag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\driver
s\CDAC11BA
.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcC
DA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
\11\Intel 32\IDriverT.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\Iomega
Access.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga
.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService
.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshi
eld.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstsk
mgr.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc
.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3
2.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.
exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBst
rA.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMAN
T~1\SCRIPT
~1\SBServ.
exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCt
rl\x10nets
.exe (file missing)
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA
.exe
--
End of file - 9548 bytes
Any help is appreciated.
Mike
