My computer has been infected by an IE hijacker of some type. I can't get rid of Home Search Assistent, Search Extender, and Shopping Wizard. When I open IE, my homepage is always reset to "about :blank" and I always get pop ups from "Only the Best". Also IE frequently generates an error and shuts down. I ran ad-aware and it didn't get rid of the problem. I have also run spybot, updated my Norton antivirus definitions and ran a full system scan and it didn't pick anything up. I've rebooted to safe mode and then deleted contents of all temp folders, and cleaned out the recycle bin. Then I reran Adaware, spybot, and the antivurus scan while still in safe mode. I then rebooted and ran the free on-line scan from bitdefender. Here is what it couldn't clean:
E:\WINDOWS\apilf.dll: infected with Trojan.Clicker.Fet.A
E:\WINDOWS\apilf.dll: disinfection failed
E:\WINDOWS\apirn.dll: infected with Trojan.Clicker.Fet.A
E:\WINDOWS\apirn.dll: disinfection failed
E:\WINDOWS\appua32.dll: infected with Trojan.Clicker.Fet.A
E:\WINDOWS\appua32.dll: disinfection failed
E:\WINDOWS\d3tl32.dll: infected with Trojan.Clicker.Fet.A
E:\WINDOWS\d3tl32.dll: disinfection failed
E:\WINDOWS\Downloaded Program Files\YSBactivex.dll: infected with Trojan.Downloader.IstBar.GP
E:\WINDOWS\Downloaded Program Files\YSBactivex.dll: disinfection failed
E:\WINDOWS\msaz32.dll: infected with Trojan.Clicker.Fet.A
E:\WINDOWS\msaz32.dll: disinfection failed
E:\WINDOWS\msxmidi.exe: infected with Trojan.Downloader.Fet.S
E:\WINDOWS\msxmidi.exe: disinfection failed
E:\WINDOWS\system32\adddm32.dll: infected with Trojan.Clicker.Fet.A
E:\WINDOWS\system32\adddm32.dll: disinfection failed
E:\WINDOWS\system32\apijj.dll: infected with Trojan.Clicker.Fet.A
E:\WINDOWS\system32\apijj.dll: disinfection failed
E:\WINDOWS\system32\javaab32.dll: infected with Trojan.Clicker.Fet.A
E:\WINDOWS\system32\javaab32.dll: disinfection failed
E:\WINDOWS\system32\msxf32.dll: infected with Trojan.Clicker.Fet.A
E:\WINDOWS\system32\msxf32.dll: disinfection failed
Next I tried running the "hijackthis", and my Norton kept detecting a virus and posted this message:
Object Name: E:\HJT\hijackthis.log
Virus name: MHTLMRedir.Exploit
Action Taken: The file was deleted automatically
This would delete the hijackthis.log
I disabled Norton Auto Protect, then captured this HJT.log:
Logfile of HijackThis v1.99.0
Scan saved at 7:31:36 AM, on 1/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\LEXPPS.EXE
E:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
E:\WINDOWS\System32\svchost.exe
E:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
E:\WINDOWS\system32\apijq.exe
E:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
E:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
E:\WINDOWS\system32\apihh.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
E:\Documents and Settings\kyle\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\osrmh.dll/sp.html#89328
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\osrmh.dll/sp.html#89328
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://E:\WINDOWS\osrmh.dll/sp.html#89328
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\osrmh.dll/sp.html#89328
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\osrmh.dll/sp.html#89328
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINDOWS\osrmh.dll/sp.html#89328
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy/:8080
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2CE963D1-FD1B-D1F3-A21C-F800645351B3} - E:\WINDOWS\system32\adddm32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "E:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] E:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [LyraHD2TrayApp] "E:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [apihh.exe] E:\WINDOWS\system32\apihh.exe
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EnigmaPopupStop] F:\Kyle's Stuff\downloads\popupstopper\EnigmaPopupStop.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt2_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support2.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://C
ne.MHT!http://www.t058.com//inst//x.chm::/open.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1103814038540
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - E:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - E:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - E:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - E:\WINDOWS\system32\apijq.exe
If anyone could help me out with this "Nasty" thats infected my computer and walk me through the steps I would really appreciate it.
E:\WINDOWS\apilf.dll: infected with Trojan.Clicker.Fet.A
E:\WINDOWS\apilf.dll: disinfection failed
E:\WINDOWS\apirn.dll: infected with Trojan.Clicker.Fet.A
E:\WINDOWS\apirn.dll: disinfection failed
E:\WINDOWS\appua32.dll: infected with Trojan.Clicker.Fet.A
E:\WINDOWS\appua32.dll: disinfection failed
E:\WINDOWS\d3tl32.dll: infected with Trojan.Clicker.Fet.A
E:\WINDOWS\d3tl32.dll: disinfection failed
E:\WINDOWS\Downloaded Program Files\YSBactivex.dll: infected with Trojan.Downloader.IstBar.GP
E:\WINDOWS\Downloaded Program Files\YSBactivex.dll: disinfection failed
E:\WINDOWS\msaz32.dll: infected with Trojan.Clicker.Fet.A
E:\WINDOWS\msaz32.dll: disinfection failed
E:\WINDOWS\msxmidi.exe: infected with Trojan.Downloader.Fet.S
E:\WINDOWS\msxmidi.exe: disinfection failed
E:\WINDOWS\system32\adddm32.dll: infected with Trojan.Clicker.Fet.A
E:\WINDOWS\system32\adddm32.dll: disinfection failed
E:\WINDOWS\system32\apijj.dll: infected with Trojan.Clicker.Fet.A
E:\WINDOWS\system32\apijj.dll: disinfection failed
E:\WINDOWS\system32\javaab32.dll: infected with Trojan.Clicker.Fet.A
E:\WINDOWS\system32\javaab32.dll: disinfection failed
E:\WINDOWS\system32\msxf32.dll: infected with Trojan.Clicker.Fet.A
E:\WINDOWS\system32\msxf32.dll: disinfection failed
Next I tried running the "hijackthis", and my Norton kept detecting a virus and posted this message:
Object Name: E:\HJT\hijackthis.log
Virus name: MHTLMRedir.Exploit
Action Taken: The file was deleted automatically
This would delete the hijackthis.log
I disabled Norton Auto Protect, then captured this HJT.log:
Logfile of HijackThis v1.99.0
Scan saved at 7:31:36 AM, on 1/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\LEXPPS.EXE
E:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
E:\WINDOWS\System32\svchost.exe
E:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
E:\WINDOWS\system32\apijq.exe
E:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
E:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
E:\WINDOWS\system32\apihh.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
E:\Documents and Settings\kyle\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\osrmh.dll/sp.html#89328
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\osrmh.dll/sp.html#89328
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://E:\WINDOWS\osrmh.dll/sp.html#89328
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\osrmh.dll/sp.html#89328
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\osrmh.dll/sp.html#89328
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINDOWS\osrmh.dll/sp.html#89328
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy/:8080
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2CE963D1-FD1B-D1F3-A21C-F800645351B3} - E:\WINDOWS\system32\adddm32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "E:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] E:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [LyraHD2TrayApp] "E:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [apihh.exe] E:\WINDOWS\system32\apihh.exe
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EnigmaPopupStop] F:\Kyle's Stuff\downloads\popupstopper\EnigmaPopupStop.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt2_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support2.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://C
ne.MHT!http://www.t058.com//inst//x.chm::/open.exeO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1103814038540
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - E:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - E:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - E:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - E:\WINDOWS\system32\apijq.exe
If anyone could help me out with this "Nasty" thats infected my computer and walk me through the steps I would really appreciate it.
