kevinlw1974
asked on
Need help cleaning Spyware/Virus off a PC.
Here is the Hijack this log. I have already turned off restore function and have Ad Aware and Spy Bot. I also have AV protection.
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc3
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MYWEBS~1\bar\2
c:\progra~1\intern~1\iexpl
c:\progra~1\intern~1\iexpl
C:\PROGRA~1\HEWLET~1\HPSHA
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\AccessMedia\AMTray.e
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\MediaNotifier\MediaN
C:\WINDOWS\System32\RUNDLL
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\P2PNET~1\P2PNE
C:\PROGRA~1\MYDAIL~1\MYDAI
C:\PROGRA~1\COMMON~1\tsa\t
C:\PROGRA~1\ezula\mmod.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Program Files\Hewlett-Packard\AiO\
C:\Program Files\Common Files\Intuit\QuickBooks\QB
C:\WINDOWS\webshots.scr
C:\PROGRA~1\HEWLET~1\AiO\S
C:\WINDOWS\System32\hpoipm
C:\Program Files\Hewlett-Packard\AiO\
C:\Program Files\Hewlett-Packard\AiO\
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MYACCE~1\v2\am
C:\WINDOWS\Java\chatlnk.ex
C:\DOCUME~1\Angela\LOCALS~
C:\PROGRA~1\COMMON~1\tsa\t
C:\Documents and Settings\Angela\Desktop\Hi
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R0 - HKCU\Software\Microsoft\In
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-F
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-1
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-2
O3 - Toolbar: MyAccessMedia - {BB904F20-02A2-49CE-B948-8
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2
O4 - HKLM\..\Run: [typedash] C:\PROGRA~1\mpegwavenew\Fr
O4 - HKLM\..\Run: [forbowsflagscr] C:\Documents and Settings\All Users\Application Data\bat idle for bows\wma each.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebat
O4 - HKLM\..\Run: [hjxohc] C:\WINDOWS\System32\hjxohc
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [gvewfeezqdpdz] C:\WINDOWS\System32\fspsij
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [AccessMedia] "C:\Program Files\AccessMedia\AccessMe
O4 - HKLM\..\Run: [AccessMedia Tray] "C:\Program Files\AccessMedia\AMTray.e
O4 - HKLM\..\Run: [AccessMedia P2P Loader] "C:\Program Files\p2pnetworks\amp2pl.e
O4 - HKLM\..\Run: [Media Notifier] "C:\Program Files\MediaNotifier\MediaN
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTR
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAI
O4 - HKCU\..\Run: [Tsa] C:\PROGRA~1\COMMON~1\tsa\t
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bi
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBoun
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.ex
O4 - Global Startup: HPAiODevice(hp officejet 5100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bi
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QB
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: (no name) - {2F2C9F60-4504-4ed9-8672-5
O9 - Extra 'Tools' menuitem: Launch MyAccessMedia - {2F2C9F60-4504-4ed9-8672-5
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.
O16 - DPF: {00000EF1-0786-4633-87C6-1
O16 - DPF: {00B71CFB-6864-4346-A978-C
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1
O16 - DPF: {205FF73B-CA67-11D5-99DD-4
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {8E0D4DE5-3180-4024-A327-4
O16 - DPF: {B942A249-D1E7-4C11-98AE-F
O16 - DPF: {FB37AE65-64F4-4D27-AB4F-A
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc3
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MYWEBS~1\bar\2
c:\progra~1\intern~1\iexpl
c:\progra~1\intern~1\iexpl
C:\PROGRA~1\HEWLET~1\HPSHA
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\AccessMedia\AMTray.e
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\MediaNotifier\MediaN
C:\WINDOWS\System32\RUNDLL
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\P2PNET~1\P2PNE
C:\PROGRA~1\MYDAIL~1\MYDAI
C:\PROGRA~1\COMMON~1\tsa\t
C:\PROGRA~1\ezula\mmod.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Program Files\Hewlett-Packard\AiO\
C:\Program Files\Common Files\Intuit\QuickBooks\QB
C:\WINDOWS\webshots.scr
C:\PROGRA~1\HEWLET~1\AiO\S
C:\WINDOWS\System32\hpoipm
C:\Program Files\Hewlett-Packard\AiO\
C:\Program Files\Hewlett-Packard\AiO\
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MYACCE~1\v2\am
C:\WINDOWS\Java\chatlnk.ex
C:\DOCUME~1\Angela\LOCALS~
C:\PROGRA~1\COMMON~1\tsa\t
C:\Documents and Settings\Angela\Desktop\Hi
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R0 - HKCU\Software\Microsoft\In
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-F
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-1
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-2
O3 - Toolbar: MyAccessMedia - {BB904F20-02A2-49CE-B948-8
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2
O4 - HKLM\..\Run: [typedash] C:\PROGRA~1\mpegwavenew\Fr
O4 - HKLM\..\Run: [forbowsflagscr] C:\Documents and Settings\All Users\Application Data\bat idle for bows\wma each.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebat
O4 - HKLM\..\Run: [hjxohc] C:\WINDOWS\System32\hjxohc
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [gvewfeezqdpdz] C:\WINDOWS\System32\fspsij
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [AccessMedia] "C:\Program Files\AccessMedia\AccessMe
O4 - HKLM\..\Run: [AccessMedia Tray] "C:\Program Files\AccessMedia\AMTray.e
O4 - HKLM\..\Run: [AccessMedia P2P Loader] "C:\Program Files\p2pnetworks\amp2pl.e
O4 - HKLM\..\Run: [Media Notifier] "C:\Program Files\MediaNotifier\MediaN
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTR
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAI
O4 - HKCU\..\Run: [Tsa] C:\PROGRA~1\COMMON~1\tsa\t
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bi
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBoun
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.ex
O4 - Global Startup: HPAiODevice(hp officejet 5100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bi
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QB
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: (no name) - {2F2C9F60-4504-4ed9-8672-5
O9 - Extra 'Tools' menuitem: Launch MyAccessMedia - {2F2C9F60-4504-4ed9-8672-5
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.
O16 - DPF: {00000EF1-0786-4633-87C6-1
O16 - DPF: {00B71CFB-6864-4346-A978-C
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1
O16 - DPF: {205FF73B-CA67-11D5-99DD-4
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {8E0D4DE5-3180-4024-A327-4
O16 - DPF: {B942A249-D1E7-4C11-98AE-F
O16 - DPF: {FB37AE65-64F4-4D27-AB4F-A
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
sure, no problem.... good luck :)
ASKER