F keys messed up, apps wont open, slow performance

[homeslicezero]

None of my anti-virus/spyware programs seem to fully fix my computer...




Logfile of HijackThis v1.99.1
Scan saved at 10:18:21 PM, on 12/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\igps.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\pgws.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\apimp32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ssstars.scr
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\sdkvf32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\graal\graal.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wpqxb.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wpqxb.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\wpqxb.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wpqxb.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wpqxb.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\wpqxb.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\wpqxb.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - Default URLSearchHook is missing
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.mozilla.org/start/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z3lawqf4.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z3lawqf4.slt\prefs.js)
O2 - BHO: Class - {008764D5-773A-A0CE-0E07-D1A50B2AEB9C} - C:\WINDOWS\system32\crub32.dll (file missing)
O2 - BHO: Class - {0108204E-FE17-D532-5C20-738F637A3E9A} - C:\WINDOWS\system32\crwc.dll (file missing)
O2 - BHO: Class - {028697AB-AAC0-E8A1-A394-10CF6F8477FE} - C:\WINDOWS\winuc.dll (file missing)
O2 - BHO: Class - {0440684A-D8DB-D641-9A8D-0E5901DA3AE7} - C:\WINDOWS\system32\ipyc32.dll (file missing)
O2 - BHO: Class - {0619904A-3C71-5AF3-23E3-03703516D199} - C:\WINDOWS\system32\ntga32.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {0B7CF0C1-AE5A-B428-6229-E649815FF71C} - C:\WINDOWS\mfclr32.dll
O2 - BHO: Class - {0E7FF52C-0406-8C94-A21B-13C5178BCC0B} - C:\WINDOWS\system32\javawf.dll (file missing)
O2 - BHO: Class - {0FEF3DCB-727B-207F-1E58-40117737169C} - C:\WINDOWS\mfcwv32.dll
O2 - BHO: Class - {11EB3E6A-EFA3-85E6-D818-DE13957C0E7E} - C:\WINDOWS\system32\criv.dll (file missing)
O2 - BHO: Class - {13712ED8-0884-CF0B-46CC-6B33643B8AA3} - C:\WINDOWS\system32\appky32.dll
O2 - BHO: Class - {15169BF7-4D6B-25BA-10D4-D4B3372CA27F} - C:\WINDOWS\iezx32.dll
O2 - BHO: Class - {18294F8D-6F9D-D77F-49D8-87964829337F} - C:\WINDOWS\system32\apitm.dll
O2 - BHO: Class - {1C3CA150-10F8-FB34-3958-5207D6CEB86F} - C:\WINDOWS\javavu.dll
O2 - BHO: Class - {1DF7A18C-48C0-6851-A397-35138992868E} - C:\WINDOWS\system32\syszt32.dll
O2 - BHO: Class - {258F801D-6B33-BFBF-D1ED-53C72E5D057F} - C:\WINDOWS\system32\apiix32.dll
O2 - BHO: Class - {2B91E7DA-0139-CAF2-705A-DC5942CF0C87} - C:\WINDOWS\ieem32.dll
O2 - BHO: Class - {2C0FF493-7CFE-EBB6-BFED-F224B4D819A0} - C:\WINDOWS\system32\atlbm32.dll (file missing)
O2 - BHO: Class - {2E2D4B26-4CD2-E13B-EE1F-3BB2852CDEAC} - C:\WINDOWS\system32\sdkqc.dll (file missing)
O2 - BHO: Class - {302FD6F2-399E-02BF-F24F-70F4CAF474E0} - C:\WINDOWS\system32\atlep32.dll
O2 - BHO: Class - {324C7B28-F8EB-05C3-47CF-680DDABE2D8D} - C:\WINDOWS\ipdn.dll
O2 - BHO: Class - {33653C70-F82F-3235-E5B9-5751B1F39585} - C:\WINDOWS\system32\ntpk32.dll
O2 - BHO: Class - {3710CF58-4F9C-5364-2D7D-D2B63F4C0E70} - C:\WINDOWS\javayr32.dll (file missing)
O2 - BHO: Class - {3764A70B-08CA-A3C8-9F8B-1BABB4D566F5} - C:\WINDOWS\apibl32.dll
O2 - BHO: Class - {4478A40E-095C-9113-16CA-AAE4FCB0841A} - C:\WINDOWS\netxr32.dll (file missing)
O2 - BHO: Class - {46573A23-343E-58A3-FFA8-2F9550FE8774} - C:\WINDOWS\ielu32.dll
O2 - BHO: Class - {46BB1EBA-D57F-6E17-4E2F-3A13BD626D28} - C:\WINDOWS\winyn.dll (file missing)
O2 - BHO: Class - {4890C089-827C-E424-6B1F-A679F9DE3943} - C:\WINDOWS\apiaq32.dll (file missing)
O2 - BHO: Class - {49792A75-5972-4ABC-2D57-7AF58F732F2A} - C:\WINDOWS\d3qt32.dll (file missing)
O2 - BHO: Class - {4A430138-F1D0-5EC5-AC4A-4D6A5177FF9E} - C:\WINDOWS\system32\ntbx.dll (file missing)
O2 - BHO: Class - {4A5C6E2E-5A48-2941-6259-E5B9D79F9B78} - C:\WINDOWS\system32\d3pd32.dll (file missing)
O2 - BHO: Class - {4CB86D61-970D-C338-7AD0-8B13C488150E} - C:\WINDOWS\sdkat32.dll (file missing)
O2 - BHO: Class - {4D567ABA-C061-F0F9-6007-B9B4A96FB412} - C:\WINDOWS\appvm32.dll
O2 - BHO: Class - {4EFEDBE3-55DF-655C-7684-265961EDD697} - C:\WINDOWS\javaci32.dll (file missing)
O2 - BHO: Class - {50CEBE40-0931-C174-0942-791226F19C0F} - C:\WINDOWS\ntsq32.dll
O2 - BHO: Class - {55B9BF74-5683-BABA-EBB1-63E94A1461AE} - C:\WINDOWS\addhr32.dll (file missing)
O2 - BHO: Class - {563D02A9-2D52-A958-F3F7-B4EDD757F8D3} - C:\WINDOWS\system32\mswx32.dll
O2 - BHO: Class - {597A992E-DA16-8D00-4005-2D68DF9AD305} - C:\WINDOWS\appwn32.dll (file missing)
O2 - BHO: Class - {5B24A6A0-B086-3DFB-BCF0-D61AE8A3EB9B} - C:\WINDOWS\system32\appfk32.dll (file missing)
O2 - BHO: Class - {5BCDB351-F6CE-3209-14B3-9286BD7B588C} - C:\WINDOWS\mfcrv.dll
O2 - BHO: Class - {5FA23166-401F-13C1-370A-22B100AB77E7} - C:\WINDOWS\system32\winut32.dll
O2 - BHO: Class - {608E0B57-2DAA-992C-22A7-44A788BA97AD} - C:\WINDOWS\msxm32.dll (file missing)
O2 - BHO: Class - {61D02CEC-F196-F016-A5EC-BFA68EABD7C3} - C:\WINDOWS\system32\sdkue32.dll
O2 - BHO: Class - {630C6B08-7B91-5062-388B-69A5E8BD566B} - C:\WINDOWS\system32\appfd32.dll (file missing)
O2 - BHO: Class - {63FF24F4-3A79-8B02-6E12-81C9BAAFF3A0} - C:\WINDOWS\system32\msry.dll (file missing)
O2 - BHO: Class - {64ACBCED-4C70-32ED-5E7C-6D6EFEDA085F} - C:\WINDOWS\mfcui32.dll
O2 - BHO: Class - {6570AC72-A038-A983-C7D7-83C78EDB1EC0} - C:\WINDOWS\system32\ipir.dll
O2 - BHO: Class - {692D3B7A-538A-5E50-F1CA-7BAC96318BCD} - C:\WINDOWS\system32\d3re.dll (file missing)
O2 - BHO: Class - {6F9CD290-449C-DBE4-621A-E7E113A0EE2F} - C:\WINDOWS\system32\netjy.dll
O2 - BHO: Class - {706783C6-BCDD-E424-D617-D3F30FF3F17F} - C:\WINDOWS\atlqf.dll
O2 - BHO: Class - {74B12533-C0AD-21DF-9849-FC71F480E8D6} - C:\WINDOWS\addcw32.dll (file missing)
O2 - BHO: Class - {76B4D012-4EE8-90C5-518E-4B4BD4BD4BF9} - C:\WINDOWS\addih32.dll (file missing)
O2 - BHO: Class - {78BD3F6B-9103-0C2E-C7D6-50C173A56B10} - C:\WINDOWS\ntlg.dll
O2 - BHO: Class - {7B33F205-6CB9-19B5-29D9-B4F7678C6449} - C:\WINDOWS\javavd.dll (file missing)
O2 - BHO: Class - {7FD58EC4-B55E-2A44-DFAB-99005B7E4071} - C:\WINDOWS\crpd32.dll (file missing)
O2 - BHO: Class - {80010426-C366-9F5D-EAF5-3372D821F450} - C:\WINDOWS\system32\d3ps.dll (file missing)
O2 - BHO: Class - {809BEC2F-9B63-B600-853B-83F15DB31424} - C:\WINDOWS\system32\d3tq.dll (file missing)
O2 - BHO: Class - {80CDCDFA-69CC-380D-123F-DF6C7FC64845} - C:\WINDOWS\system32\mfclw.dll (file missing)
O2 - BHO: Class - {8291F30C-F81A-B2CF-C934-5E5DA6E15E63} - C:\WINDOWS\system32\mshb.dll (file missing)
O2 - BHO: Class - {854604F6-7639-916F-EFED-29E3BDC1A5E3} - C:\WINDOWS\addaq32.dll (file missing)
O2 - BHO: Class - {855DD527-5979-EE8A-BFBF-9BAF7562315E} - C:\WINDOWS\system32\sysld.dll
O2 - BHO: Class - {869819CE-8035-1170-64C2-6EE1E98B3458} - C:\WINDOWS\system32\winfp.dll (file missing)
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll
O2 - BHO: Class - {8E933ABB-42C4-50B3-C2F8-EFF15E8A53AE} - C:\WINDOWS\d3rf.dll (file missing)
O2 - BHO: Class - {8F99086A-1ECC-586D-E124-EE5C740E2067} - C:\WINDOWS\system32\mfczs32.dll (file missing)
O2 - BHO: Class - {9117A0F1-5CE3-FD33-453B-94B4ED6E175C} - C:\WINDOWS\sdktp.dll
O2 - BHO: Class - {91789B58-5FD0-711E-B1E0-CB7DB1F51240} - C:\WINDOWS\system32\d3sf.dll (file missing)
O2 - BHO: Class - {949C22B6-F320-E403-AF31-7D507C16EE96} - C:\WINDOWS\crtr.dll (file missing)
O2 - BHO: Class - {95C6CC09-197A-2E0B-08A2-31A543B88320} - C:\WINDOWS\mfcht32.dll (file missing)
O2 - BHO: Class - {98BEE562-A984-68F6-3C3D-5BA8C901DC71} - C:\WINDOWS\system32\atlzb32.dll (file missing)
O2 - BHO: Class - {9971458F-29E5-772B-D55C-E681993738D1} - C:\WINDOWS\addqx32.dll
O2 - BHO: Class - {A1963F3B-3090-7909-8C1F-E3655DCD0684} - C:\WINDOWS\ieof32.dll
O2 - BHO: Class - {A3AEB4A5-95AC-A45A-7CC2-F455FE967B86} - C:\WINDOWS\ieek32.dll
O2 - BHO: Class - {A6B28178-FDEC-9648-8BCA-0112C88FB2B4} - C:\WINDOWS\system32\syswt32.dll (file missing)
O2 - BHO: Class - {A770CCE7-7208-DBB0-07E4-49DEFD3F792D} - C:\WINDOWS\system32\d3bf.dll
O2 - BHO: Class - {A8DBFF81-041C-F290-213E-2D0CB852CF56} - C:\WINDOWS\ipie.dll (file missing)
O2 - BHO: Class - {A91EF599-5AF3-83C2-86F7-5C9793216040} - C:\WINDOWS\atlnm32.dll (file missing)
O2 - BHO: Class - {AA44A5DE-979B-B3E7-BB11-CE4EC3DD4FFA} - C:\WINDOWS\msis32.dll
O2 - BHO: Class - {AC23653D-BE50-EAD2-A25B-51705938FCB7} - C:\WINDOWS\javajs.dll
O2 - BHO: Class - {AC6A43AB-1A3F-29D3-3712-10035FEEBCCE} - C:\WINDOWS\system32\ipsl.dll (file missing)
O2 - BHO: Class - {AC736673-E2F7-004B-D854-EC50B36BEC22} - C:\WINDOWS\system32\winbf32.dll (file missing)
O2 - BHO: Class - {ACBD86D2-3428-4089-04FA-49FAF324E149} - C:\WINDOWS\crbh.dll (file missing)
O2 - BHO: Class - {AEADE211-1738-D170-94D4-88BB276E7B57} - C:\WINDOWS\d3wq32.dll
O2 - BHO: Class - {AF18EC40-144D-3BCE-A27E-F2F65E338D3C} - C:\WINDOWS\system32\d3ss32.dll (file missing)
O2 - BHO: Class - {B848F4A7-CDA6-C8F8-395D-D8207FF7AF0E} - C:\WINDOWS\system32\atlno.dll (file missing)
O2 - BHO: Class - {BA5A91EC-2B2A-2B49-C41E-E07C3952DB06} - C:\WINDOWS\winmx32.dll (file missing)
O2 - BHO: Class - {BBF6C91B-BC8D-9FD0-A0DA-199E2D773BC9} - C:\WINDOWS\winbp32.dll (file missing)
O2 - BHO: Class - {BCD2875D-DE08-3E61-8D26-0683DC5EB9EE} - C:\WINDOWS\apidf.dll (file missing)
O2 - BHO: Class - {BFA7FB09-7AC3-95E9-2881-B1966F738029} - C:\WINDOWS\winnf32.dll (file missing)
O2 - BHO: Class - {C2E0B279-5970-A3D1-B0AB-50937597E089} - C:\WINDOWS\javaem32.dll (file missing)
O2 - BHO: Class - {C2EDCAB7-F3DD-97B8-3EA9-8E7D5E1F1800} - C:\WINDOWS\system32\winag32.dll (file missing)
O2 - BHO: Class - {C6CC3C8F-278A-F9FE-34FA-2D452EE42825} - C:\WINDOWS\system32\appid.dll (file missing)
O2 - BHO: Class - {C8EE100B-191A-611C-5766-34F50DE08954} - C:\WINDOWS\addjy32.dll (file missing)
O2 - BHO: Class - {CAD07FE9-6CBE-706E-AD3F-ABD30C3C2C92} - C:\WINDOWS\atlua.dll (file missing)
O2 - BHO: Class - {CC5B5524-AEF5-F97F-E4E0-90901289B58D} - C:\WINDOWS\system32\apict.dll
O2 - BHO: Class - {CDD25743-1CD3-E350-AC37-EBB88EAD3517} - C:\WINDOWS\system32\iphc.dll
O2 - BHO: Class - {CEAC2CBA-2124-08BE-88D4-4FA5CF322623} - C:\WINDOWS\system32\sysxd.dll (file missing)
O2 - BHO: Class - {D02480E7-0B48-D7D0-2402-BB57B32CDEE5} - C:\WINDOWS\sysux.dll
O2 - BHO: Class - {D3392890-1389-1643-1819-1732118F3F2E} - C:\WINDOWS\winle32.dll (file missing)
O2 - BHO: Class - {D4B4BEE2-1F69-402B-C09C-92E458C76671} - C:\WINDOWS\system32\javaxk.dll
O2 - BHO: Class - {D74D00C3-EB52-A0FF-0E67-45BE41EF3E73} - C:\WINDOWS\sdkpu32.dll
O2 - BHO: Class - {DA37E403-1C6D-477E-2601-BECE6AB2B1DE} - C:\WINDOWS\winnz.dll (file missing)
O2 - BHO: Class - {DED9B197-A97B-8EB4-D4C0-1E70C2D3CFF5} - C:\WINDOWS\system32\sysdt32.dll (file missing)
O2 - BHO: Class - {DFB43825-EE36-C454-6511-BEE2D9E06D01} - C:\WINDOWS\iptm32.dll (file missing)
O2 - BHO: Class - {E0E5A173-0CF3-BCA9-8543-4B6252CD9DA6} - C:\WINDOWS\winao32.dll (file missing)
O2 - BHO: Class - {E2CF3F20-7B47-7FDF-0B4B-317598789569} - C:\WINDOWS\system32\appmv.dll
O2 - BHO: Class - {E4C7E707-7E3A-871E-8DF5-DA66BFA2117F} - C:\WINDOWS\system32\ieat32.dll (file missing)
O2 - BHO: Class - {E57A8C9B-872F-8EF2-0664-534170970E96} - C:\WINDOWS\crhb.dll
O2 - BHO: Class - {EC73797F-7882-910B-D3F1-0CA9320AF6C7} - C:\WINDOWS\system32\apppb.dll (file missing)
O2 - BHO: Class - {EE652B58-81BA-1EE8-3F28-E10AC735AC5F} - C:\WINDOWS\system32\ntbi.dll (file missing)
O2 - BHO: Class - {F3D8DFCC-C963-F6D5-205B-07D798983E90} - C:\WINDOWS\system32\d3zy32.dll (file missing)
O2 - BHO: Class - {F4991605-C957-0BAE-49B7-A7115B539ABB} - C:\WINDOWS\system32\iezj32.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll
O2 - BHO: Class - {F61C43C0-8F6A-C654-1213-B906276F3ADF} - C:\WINDOWS\msli32.dll
O2 - BHO: Class - {F6D9089D-FF9B-AADD-2E2E-CE965672C18A} - C:\WINDOWS\system32\appyp32.dll (file missing)
O2 - BHO: Class - {F738EB84-0335-3BB1-0C22-657E391A1AF0} - C:\WINDOWS\atlkm32.dll (file missing)
O2 - BHO: Class - {FBA69C0B-86A6-19AD-2AF4-F5150E5C1CAE} - C:\WINDOWS\system32\winac32.dll (file missing)
O2 - BHO: Class - {FC7FA546-1AEA-EE38-DC94-F504B065743E} - C:\WINDOWS\system32\netro32.dll (file missing)
O2 - BHO: Class - {FD65995E-83EB-AA5E-05B6-8EDEE3733961} - C:\WINDOWS\mfchy.dll (file missing)
O2 - BHO: Class - {FE86D30B-A146-BF97-704D-BA72A9640928} - C:\WINDOWS\winye.dll (file missing)
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ieag32.exe] C:\WINDOWS\ieag32.exe
O4 - HKLM\..\Run: [sdkks.exe] C:\WINDOWS\sdkks.exe
O4 - HKLM\..\Run: [windk32.exe] C:\WINDOWS\system32\windk32.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [d3dx.exe] C:\WINDOWS\system32\d3dx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ieea32.exe] C:\WINDOWS\system32\ieea32.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\pcrowr.exe reg_run
O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\system32\igps.exe"
O4 - HKLM\..\Run: [mfcui32.exe] C:\WINDOWS\mfcui32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [apimp32.exe] C:\WINDOWS\apimp32.exe
O4 - HKLM\..\RunOnce: [AOLRebootNeeded] regsvr32.exe /s
O4 - HKCU\..\Run: [FreeMem Pro] "C:\PROGRA~1\FREEME~1\Fmempro.exe" autostart
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [qwmi] C:\PROGRA~1\COMMON~1\qwmi\qwmim.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\sdkvf32.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

 

[MicroBell]

Hi and Welcome to TF

I can see why. Your SEVERLY infected which leaves you with 2 choices..

1. Format and Reinstall XP
2. Try to clean the system.

Cleaning the system will require many posts and attempts so I'll leave that up to you on how much time you want to devote into this..as you can reinstall quicker then cleaning the PC. I'll provide a first run on this log.

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.

• Ad-Aware® SE Personal Edition
  *Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
  
• Spybot Search & Destroy
• CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Please go to at least two of these sites and run an online Virus Scan. Be sure to have the AutoFix box(s) checked if the site has that option.

http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym
http://www3.ca.com/virusinfo/virusscan.aspx

Download and install Cleanup but DO NOT run it yet!

Download, install, and update Ewido Security Suite

• Install ewido security suite
• Launch ewido, there should be a big E icon on your desktop, double-click it.
• The program will prompt you to update click the OK button
• The program will now go to the main screen

You will need to update ewido to the latest definition files.

• On the left hand side of the main screen click update
• Click on Start

The update will start and a progress bar will show the updates being installed.
After the updates are installed, exit Ewido


Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
  [X]Scan local drives for temporary files (Please uncheck this option)
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.


Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Run Ewido:

• Click [Scanner]
• Click [Complete System Scan] to begin scanning.
• Click [OK] when prompted to clean files
• With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
• Once finished, click the [Save report] button
• Save the report to your desktop

Close Ewido

Reboot back to normal mode....

Download, install & launch - Webroot SpySweeper (Trial) (8.3 MB)

When SpySweeper starts, please accept any prompts to update definitions.

Then configure it as followed:

• From the left pane, click Options
• Select the Sweep Options tab & ensure the following are ticked:
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All Users accounts
  • Do Not Sweep System Restore Folder
  • Enable Direct Disk Sweeping
  • Sweep For Rootkits
• After that's done, select Sweep from the left pane & click on the Start button
• Allow Spysweeper to reboot your machine to remove the infected files.

Once you reboot..post a new hijackthis log. Let me know IF your going to continue or reinstall XP.

 

[homeslicezero]

Heheheh. Did I break the record?

But anyways, I'll get the hijackthis info sometime today I think...I'm about halfway through and its looking alot better. Oh and I can't reformat it because I lost the windows XP Install disk. So I guess I gotta take the long way...

 

[homeslicezero]

Ok, here's the new, not near as long log....Although the viruses screwed over my Internet Explorer so I could only do one online scan.

Logfile of HijackThis v1.99.1
Scan saved at 5:47:45 PM, on 12/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.mozilla.org/start/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z3lawqf4.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z3lawqf4.slt\prefs.js)
O2 - BHO: Class - {0440684A-D8DB-D641-9A8D-0E5901DA3AE7} - C:\WINDOWS\system32\ipyc32.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {11EB3E6A-EFA3-85E6-D818-DE13957C0E7E} - C:\WINDOWS\system32\criv.dll (file missing)
O2 - BHO: Class - {2C0FF493-7CFE-EBB6-BFED-F224B4D819A0} - C:\WINDOWS\system32\atlbm32.dll (file missing)
O2 - BHO: Class - {4A430138-F1D0-5EC5-AC4A-4D6A5177FF9E} - C:\WINDOWS\system32\ntbx.dll (file missing)
O2 - BHO: Class - {4EFEDBE3-55DF-655C-7684-265961EDD697} - C:\WINDOWS\javaci32.dll (file missing)
O2 - BHO: Class - {597A992E-DA16-8D00-4005-2D68DF9AD305} - C:\WINDOWS\appwn32.dll (file missing)
O2 - BHO: Class - {608E0B57-2DAA-992C-22A7-44A788BA97AD} - C:\WINDOWS\msxm32.dll (file missing)
O2 - BHO: Class - {64ACBCED-4C70-32ED-5E7C-6D6EFEDA085F} - C:\WINDOWS\mfcui32.dll (file missing)
O2 - BHO: Class - {7B33F205-6CB9-19B5-29D9-B4F7678C6449} - C:\WINDOWS\javavd.dll (file missing)
O2 - BHO: Class - {80CDCDFA-69CC-380D-123F-DF6C7FC64845} - C:\WINDOWS\system32\mfclw.dll (file missing)
O2 - BHO: Class - {869819CE-8035-1170-64C2-6EE1E98B3458} - C:\WINDOWS\system32\winfp.dll (file missing)
O2 - BHO: Class - {91789B58-5FD0-711E-B1E0-CB7DB1F51240} - C:\WINDOWS\system32\d3sf.dll (file missing)
O2 - BHO: Class - {A770CCE7-7208-DBB0-07E4-49DEFD3F792D} - C:\WINDOWS\system32\d3bf.dll (file missing)
O2 - BHO: Class - {BBF6C91B-BC8D-9FD0-A0DA-199E2D773BC9} - C:\WINDOWS\winbp32.dll (file missing)
O2 - BHO: Class - {C2EDCAB7-F3DD-97B8-3EA9-8E7D5E1F1800} - C:\WINDOWS\system32\winag32.dll (file missing)
O2 - BHO: Class - {D3392890-1389-1643-1819-1732118F3F2E} - C:\WINDOWS\winle32.dll (file missing)
O2 - BHO: Class - {DED9B197-A97B-8EB4-D4C0-1E70C2D3CFF5} - C:\WINDOWS\system32\sysdt32.dll (file missing)
O2 - BHO: Class - {E4C7E707-7E3A-871E-8DF5-DA66BFA2117F} - C:\WINDOWS\system32\ieat32.dll (file missing)
O2 - BHO: Class - {F3D8DFCC-C963-F6D5-205B-07D798983E90} - C:\WINDOWS\system32\d3zy32.dll (file missing)
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O2 - BHO: Class - {FBA69C0B-86A6-19AD-2AF4-F5150E5C1CAE} - C:\WINDOWS\system32\winac32.dll (file missing)
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [FreeMem Pro] "C:\PROGRA~1\FREEME~1\Fmempro.exe" autostart
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [qwmi] C:\PROGRA~1\COMMON~1\qwmi\qwmim.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

 

[MicroBell]

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
  [X]Scan local drives for temporary files (Please uncheck this option)
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Run hijackthis and fix the following entrys...

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0440684A-D8DB-D641-9A8D-0E5901DA3AE7} - C:\WINDOWS\system32\ipyc32.dll (file missing)
O2 - BHO: Class - {11EB3E6A-EFA3-85E6-D818-DE13957C0E7E} - C:\WINDOWS\system32\criv.dll (file missing)
O2 - BHO: Class - {2C0FF493-7CFE-EBB6-BFED-F224B4D819A0} - C:\WINDOWS\system32\atlbm32.dll (file missing)
O2 - BHO: Class - {4A430138-F1D0-5EC5-AC4A-4D6A5177FF9E} - C:\WINDOWS\system32\ntbx.dll (file missing)
O2 - BHO: Class - {4EFEDBE3-55DF-655C-7684-265961EDD697} - C:\WINDOWS\javaci32.dll (file missing)
O2 - BHO: Class - {597A992E-DA16-8D00-4005-2D68DF9AD305} - C:\WINDOWS\appwn32.dll (file missing)
O2 - BHO: Class - {608E0B57-2DAA-992C-22A7-44A788BA97AD} - C:\WINDOWS\msxm32.dll (file missing)
O2 - BHO: Class - {64ACBCED-4C70-32ED-5E7C-6D6EFEDA085F} - C:\WINDOWS\mfcui32.dll (file missing)
O2 - BHO: Class - {7B33F205-6CB9-19B5-29D9-B4F7678C6449} - C:\WINDOWS\javavd.dll (file missing)
O2 - BHO: Class - {80CDCDFA-69CC-380D-123F-DF6C7FC64845} - C:\WINDOWS\system32\mfclw.dll (file missing)
O2 - BHO: Class - {869819CE-8035-1170-64C2-6EE1E98B3458} - C:\WINDOWS\system32\winfp.dll (file missing)
O2 - BHO: Class - {91789B58-5FD0-711E-B1E0-CB7DB1F51240} - C:\WINDOWS\system32\d3sf.dll (file missing)
O2 - BHO: Class - {A770CCE7-7208-DBB0-07E4-49DEFD3F792D} - C:\WINDOWS\system32\d3bf.dll (file missing)
O2 - BHO: Class - {BBF6C91B-BC8D-9FD0-A0DA-199E2D773BC9} - C:\WINDOWS\winbp32.dll (file missing)
O2 - BHO: Class - {C2EDCAB7-F3DD-97B8-3EA9-8E7D5E1F1800} - C:\WINDOWS\system32\winag32.dll (file missing)
O2 - BHO: Class - {D3392890-1389-1643-1819-1732118F3F2E} - C:\WINDOWS\winle32.dll (file missing)
O2 - BHO: Class - {DED9B197-A97B-8EB4-D4C0-1E70C2D3CFF5} - C:\WINDOWS\system32\sysdt32.dll (file missing)
O2 - BHO: Class - {E4C7E707-7E3A-871E-8DF5-DA66BFA2117F} - C:\WINDOWS\system32\ieat32.dll (file missing)
O2 - BHO: Class - {F3D8DFCC-C963-F6D5-205B-07D798983E90} - C:\WINDOWS\system32\d3zy32.dll (file missing)
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O2 - BHO: Class - {FBA69C0B-86A6-19AD-2AF4-F5150E5C1CAE} - C:\WINDOWS\system32\winac32.dll (file missing)
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O4 - HKCU\..\Run: [qwmi] C:\PROGRA~1\COMMON~1\qwmi\qwmim.exe

Delete the following files/folders IF found.

C:\WINDOWS\system32\ipyc32.dll
C:\WINDOWS\system32\criv.dll
C:\WINDOWS\system32\atlbm32.dll
C:\WINDOWS\system32\ntbx.dll
C:\WINDOWS\javaci32.dll
C:\WINDOWS\appwn32.dll
C:\WINDOWS\msxm32.dll
C:\WINDOWS\mfcui32.dll
C:\WINDOWS\javavd.dll
C:\WINDOWS\system32\mfclw.dll
C:\WINDOWS\system32\winfp.dll
C:\WINDOWS\system32\d3sf.dll
C:\WINDOWS\system32\d3bf.dll
C:\WINDOWS\winbp32.dll
C:\WINDOWS\system32\winag32.dll
C:\WINDOWS\winle32.dll
C:\WINDOWS\system32\sysdt32.dll
C:\WINDOWS\system32\ieat32.dll
C:\WINDOWS\system32\d3zy32.dll
C:\WINDOWS\system32\winac32.dll

C:\PROGRA~1\COMMON~1\qwmi <--folder
C:\Program Files\TBONAS <--folder

Run Ewido:

• Click [Scanner]
• Click [Complete System Scan] to begin scanning.
• Click [OK] when prompted to clean files
• With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
• Once finished, click the [Save report] button
• Save the report to your desktop

Close Ewido

Reboot back to normal mode....

Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

1. Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
2. Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

• If it finds any malware, it will offer you a report.
  [*] Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
  [*] Click on see report. Then click Save report

Please post that log in your next reply along with the Ewido log and a new hijackthis log.

 

[homeslicezero]

But there's one problem...My computer wont let me boot into safe mode.

 

[MicroBell]

Ok...run the fix in normal mode then.

 

[homeslicezero]

Ok, I've done everything but the Panda Activescan. I try to download the ActiveX controls that it needs, but it an error comes up and it cant complete the download. I turned off my firewall, but it still didnt work.

 

[MicroBell]

Ok..lets try another scanner...

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).

• Save it to your desktop.
• Double-click the new icon on your desktop (tmas-web-scan.exe)
• It will say "Loading TrendMicro definitions".
• Once the definitions are loaded, the program will appear to close then re-open.
• Click "Start Scan"
• After it's done scanning, click "Scan Results"
• Make sure all items found have a check next to them, then click "Clean Threats Now".
• Click Exit.

Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log".

I then need you to repeat the same procedure above again... using the TrendMicro scan tool. I need the log from the second scan/clean...NOT the first...as this will contain whatÂ’s left in the system.

 

[homeslicezero]

Ok...I finished the scan but I don't understand where I get the log at...but I'll post the other two anyways.

HIJACKTHIS:

Logfile of HijackThis v1.99.1
Scan saved at 1:51:53 PM, on 12/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.mozilla.org/start/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z3lawqf4.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\z3lawqf4.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


EWIDO:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:39:56 AM, 12/24/2005
+ Report-Checksum: ADCB57CB

+ Scan result:

No infected objects found.


::Report End

Oh, and I unchecked some stuff in msconfig so a bunch of stuff wouldnt load up when I reboot my computer, is that ok?