Options
Ads234
Like tons of others, I have an ads234 problem. Please help me, I've been looking on other threads and trying to fix this for about 3 hours now.
Logfile of HijackThis v1.99.0
Scan saved at 3:20:32 AM, on 12/22/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\wlsmud.exe
C:\WINDOWS\system32\devldr32.exe
C:\documents and settings\tyler\local settings\temp\U0ToZXl2.exe
C:\documents and settings\tyler\local settings\temp\RVvd4OxA.exe
C:\documents and settings\tyler\local settings\temp\U0ToZXl2.exe
C:\documents and settings\tyler\local settings\temp\RVvd4OxA.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\documents and settings\nathan\local settings\temp\lUTLGPDoD.exe
C:\documents and settings\nathan\local settings\temp\lUTLGPDoD.exe
C:\WINDOWS\SM1BG.EXE
C:\documents and settings\tyler\local settings\temp\KB9YjKW.exe
C:\documents and settings\tyler\local settings\temp\KB9YjKW.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\documents and settings\user\local settings\temp\U4NxhrJaw.exe
C:\documents and settings\user\local settings\temp\U4NxhrJaw.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\urltab32.exe
C:\Documents and Settings\Tyler\Application Data\ahsu.exe
C:\WINDOWS\system32\??oolsv.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tyler\Desktop\New Folder (2)\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/1507/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us/1507/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/1507/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nkvd.us/1507/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us/1507/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?uid=132211141&id=5.0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?uid=132211141&id=5.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?uid=132211141&id=5.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?uid=132211141&id=5.0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nkvd.us/1507/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us/1507/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?uid=132211141&id=5.0
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?uid=132211141&id=5.0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.netscape.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CSMHelperObj Class - {0F660F64-F4C9-477F-8529-44181B717472} - C:\Program Files\AT&T\WnClient\Programs\CSMBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Tyler\Local Settings\Temp\3Nl0F.dll
O2 - BHO: (no name) - {FAECC169-05F8-7155-DC6D-05C5377B47E0} - C:\WINDOWS\system32\zpqx.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SysTest] C:\WINDOWS\System32\systest.exe
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\System32\pc32.exe bg
O4 - HKLM\..\Run: [vuiahqchciv] C:\WINDOWS\System32\wlsmud.exe
O4 - HKLM\..\Run: [U0ToZXl2] C:\documents and settings\tyler\local settings\temp\U0ToZXl2.exe
O4 - HKLM\..\Run: [RVvd4OxA] C:\documents and settings\tyler\local settings\temp\RVvd4OxA.exe
O4 - HKLM\..\Run: [U0ToZXl2.exe] C:\documents and settings\tyler\local settings\temp\U0ToZXl2.exe
O4 - HKLM\..\Run: [RVvd4OxA.exe] C:\documents and settings\tyler\local settings\temp\RVvd4OxA.exe
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Tyler\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [lUTLGPDoD] C:\documents and settings\nathan\local settings\temp\lUTLGPDoD.exe
O4 - HKLM\..\Run: [lUTLGPDoD.exe] C:\documents and settings\nathan\local settings\temp\lUTLGPDoD.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [KB9YjKW] C:\documents and settings\tyler\local settings\temp\KB9YjKW.exe
O4 - HKLM\..\Run: [KB9YjKW.exe] C:\documents and settings\tyler\local settings\temp\KB9YjKW.exe
O4 - HKLM\..\Run: [Microsoft CronD Service] MSCRON.EXE
O4 - HKLM\..\Run: [HotNow] C:\Program Files\PVM\Dialers\HotNow\HotNow.exe /dontdial
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [U4NxhrJaw.exe] C:\documents and settings\user\local settings\temp\U4NxhrJaw.exe
O4 - HKLM\..\Run: [U4NxhrJaw] C:\documents and settings\user\local settings\temp\U4NxhrJaw.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [Enh Win Updt] C:\WINDOWS\enhupdt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~3\PSFree.exe
O4 - HKCU\..\Run: [azs2RWeng] urltab32.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Iurb] C:\Documents and Settings\Tyler\Application Data\ahsu.exe
O4 - HKCU\..\Run: [Yma] C:\WINDOWS\system32\??oolsv.exe
O4 - Startup: H3 The Shadow of Death(TM).lnk = C:\Program Files\3DO\Heroes3\RegisterSOD\Remind32.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AnyWho - {0264505A-6793-44E0-AC75-9DCE3B13185C} - C:\Program Files\AT&T\WnClient\Programs\AnyWho.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = hs.maricopa.gov
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = hs.maricopa.gov
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = hs.maricopa.gov
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinTools for IE service - Unknown - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
Logfile of HijackThis v1.99.0
Scan saved at 3:20:32 AM, on 12/22/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\wlsmud.exe
C:\WINDOWS\system32\devldr32.exe
C:\documents and settings\tyler\local settings\temp\U0ToZXl2.exe
C:\documents and settings\tyler\local settings\temp\RVvd4OxA.exe
C:\documents and settings\tyler\local settings\temp\U0ToZXl2.exe
C:\documents and settings\tyler\local settings\temp\RVvd4OxA.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\documents and settings\nathan\local settings\temp\lUTLGPDoD.exe
C:\documents and settings\nathan\local settings\temp\lUTLGPDoD.exe
C:\WINDOWS\SM1BG.EXE
C:\documents and settings\tyler\local settings\temp\KB9YjKW.exe
C:\documents and settings\tyler\local settings\temp\KB9YjKW.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\documents and settings\user\local settings\temp\U4NxhrJaw.exe
C:\documents and settings\user\local settings\temp\U4NxhrJaw.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\urltab32.exe
C:\Documents and Settings\Tyler\Application Data\ahsu.exe
C:\WINDOWS\system32\??oolsv.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tyler\Desktop\New Folder (2)\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/1507/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us/1507/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/1507/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nkvd.us/1507/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us/1507/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?uid=132211141&id=5.0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?uid=132211141&id=5.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?uid=132211141&id=5.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?uid=132211141&id=5.0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nkvd.us/1507/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us/1507/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?uid=132211141&id=5.0
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?uid=132211141&id=5.0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.netscape.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CSMHelperObj Class - {0F660F64-F4C9-477F-8529-44181B717472} - C:\Program Files\AT&T\WnClient\Programs\CSMBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Tyler\Local Settings\Temp\3Nl0F.dll
O2 - BHO: (no name) - {FAECC169-05F8-7155-DC6D-05C5377B47E0} - C:\WINDOWS\system32\zpqx.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SysTest] C:\WINDOWS\System32\systest.exe
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\System32\pc32.exe bg
O4 - HKLM\..\Run: [vuiahqchciv] C:\WINDOWS\System32\wlsmud.exe
O4 - HKLM\..\Run: [U0ToZXl2] C:\documents and settings\tyler\local settings\temp\U0ToZXl2.exe
O4 - HKLM\..\Run: [RVvd4OxA] C:\documents and settings\tyler\local settings\temp\RVvd4OxA.exe
O4 - HKLM\..\Run: [U0ToZXl2.exe] C:\documents and settings\tyler\local settings\temp\U0ToZXl2.exe
O4 - HKLM\..\Run: [RVvd4OxA.exe] C:\documents and settings\tyler\local settings\temp\RVvd4OxA.exe
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Tyler\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [lUTLGPDoD] C:\documents and settings\nathan\local settings\temp\lUTLGPDoD.exe
O4 - HKLM\..\Run: [lUTLGPDoD.exe] C:\documents and settings\nathan\local settings\temp\lUTLGPDoD.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [KB9YjKW] C:\documents and settings\tyler\local settings\temp\KB9YjKW.exe
O4 - HKLM\..\Run: [KB9YjKW.exe] C:\documents and settings\tyler\local settings\temp\KB9YjKW.exe
O4 - HKLM\..\Run: [Microsoft CronD Service] MSCRON.EXE
O4 - HKLM\..\Run: [HotNow] C:\Program Files\PVM\Dialers\HotNow\HotNow.exe /dontdial
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [U4NxhrJaw.exe] C:\documents and settings\user\local settings\temp\U4NxhrJaw.exe
O4 - HKLM\..\Run: [U4NxhrJaw] C:\documents and settings\user\local settings\temp\U4NxhrJaw.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [Enh Win Updt] C:\WINDOWS\enhupdt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~3\PSFree.exe
O4 - HKCU\..\Run: [azs2RWeng] urltab32.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Iurb] C:\Documents and Settings\Tyler\Application Data\ahsu.exe
O4 - HKCU\..\Run: [Yma] C:\WINDOWS\system32\??oolsv.exe
O4 - Startup: H3 The Shadow of Death(TM).lnk = C:\Program Files\3DO\Heroes3\RegisterSOD\Remind32.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AnyWho - {0264505A-6793-44E0-AC75-9DCE3B13185C} - C:\Program Files\AT&T\WnClient\Programs\AnyWho.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = hs.maricopa.gov
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = hs.maricopa.gov
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = hs.maricopa.gov
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinTools for IE service - Unknown - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
0
Comments
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us/1507/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/1507/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nkvd.us/1507/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us/1507/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sides...32211141&id=5.0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sides...32211141&id=5.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sides...32211141&id=5.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sides...32211141&id=5.0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nkvd.us/1507/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us/1507/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sides...32211141&id=5.0
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sides...32211141&id=5.0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.netscape.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Tyler\Local Settings\Temp\3Nl0F.dll
O2 - BHO: (no name) - {FAECC169-05F8-7155-DC6D-05C5377B47E0} - C:\WINDOWS\system32\zpqx.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [vuiahqchciv] C:\WINDOWS\System32\wlsmud.exe
O4 - HKLM\..\Run: [U0ToZXl2] C:\documents and settings\tyler\local settings\temp\U0ToZXl2.exe
O4 - HKLM\..\Run: [RVvd4OxA] C:\documents and settings\tyler\local settings\temp\RVvd4OxA.exe
O4 - HKLM\..\Run: [U0ToZXl2.exe] C:\documents and settings\tyler\local settings\temp\U0ToZXl2.exe
O4 - HKLM\..\Run: [RVvd4OxA.exe] C:\documents and settings\tyler\local settings\temp\RVvd4OxA.exe
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Tyler\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [lUTLGPDoD] C:\documents and settings\nathan\local settings\temp\lUTLGPDoD.exe
O4 - HKLM\..\Run: [lUTLGPDoD.exe] C:\documents and settings\nathan\local settings\temp\lUTLGPDoD.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [KB9YjKW] C:\documents and settings\tyler\local settings\temp\KB9YjKW.exe
O4 - HKLM\..\Run: [KB9YjKW.exe] C:\documents and settings\tyler\local settings\temp\KB9YjKW.exe
O4 - HKLM\..\Run: [Microsoft CronD Service] MSCRON.EXE
O4 - HKLM\..\Run: [U4NxhrJaw.exe] C:\documents and settings\user\local settings\temp\U4NxhrJaw.exe
O4 - HKLM\..\Run: [U4NxhrJaw] C:\documents and settings\user\local settings\temp\U4NxhrJaw.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [Enh Win Updt] C:\WINDOWS\enhupdt.exe
O4 - HKCU\..\Run: [azs2RWeng] urltab32.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Iurb] C:\Documents and Settings\Tyler\Application Data\ahsu.exe
O4 - HKCU\..\Run: [Yma] C:\WINDOWS\system32\??oolsv.exe
Fix those entries then find and delete the files listed above, reboot and post a new log.