HOme Search Assistant, Shopping Wizard!
These Hijcaks are a pain. My OS is Windows XP Professional and I am unable to enter safe mode to complete your removal instructions. What can I do? Here is my Hijack This Log file
Logfile of HijackThis v1.99.0
Scan saved at 8:30:39 AM, on 2/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\ISS Trace\Bin\ISSTraceMonitorHost.exe
C:\Program Files\ISS Trace\Bin\ISSRetailTraceServer.exe
C:\Program Files\ISS Trace\Bin\ISSTraceFileMaintenance.exe
C:\Program Files\ISS Messaging\Bin\ISS.Messaging.Shell.NTService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ISS\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ISS\Binn\sqlagent.EXE
C:\Program Files\ISS\bin\system\service_start.exe
C:\Program Files\ISS\Bin\System\ISSTraceServer.exe
C:\Program Files\ISS\Bin\System\CheckPrimaryStatus.exe
C:\Program Files\ISS\Bin\System\IShipListener.exe
C:\Program Files\ISS\Bin\System\CreditService.exe
C:\Program Files\ISS\Bin\System\MessageListener.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MBE\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MBE\Binn\sqlagent.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netek.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\system32\ipgq.exe
c:\program files\iss\bin\app\ISSHealthCheck.exe
C:\Program Files\Mail Boxes Etc\CMSServices\CMSServices.exe
C:\Program Files\ISS\Bin\App\Watcher.exe
C:\Program Files\ISS\Bin\App\ISSNavigator.exe
C:\PROGRAM FILES\ISS\BIN\APP\TASKLISTENER.EXE
C:\Program Files\ISS\POS\ISSPOS.exe
C:\Documents and Settings\Administrator\My Documents\hijack this\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\wspak.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wspak.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\wspak.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\wspak.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wspak.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\wspak.dll/sp.html#27130
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\wspak.dll/sp.html#27130
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: (no name) - {7FF53652-4DA9-7C18-869B-8B90C486CE63} - C:\WINDOWS\system32\winze32.dll
O2 - BHO: (no name) - {A21E60F2-0648-C70B-6954-C8674404125D} - C:\WINDOWS\system32\winze32.dll
O2 - BHO: (no name) - {E64A1221-EF23-71DB-7E2E-69E1FF3E64CB} - C:\WINDOWS\system32\winze32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [POSStartUp] C:\Program Files\ISS\Bin\App\Logon.exe /L
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitence32.exe
O4 - HKLM\..\Run: [ipgq.exe] C:\WINDOWS\system32\ipgq.exe
O4 - HKLM\..\RunOnce: [netek.exe] C:\WINDOWS\system32\netek.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {4392B188-CBA7-4CA8-A24F-31B378B3F4B5} (MSI.AXM) - https://mbe.iship.com/pss005/bin/msi_axm.cab
O16 - DPF: {48032833-56FF-4D44-ACB4-1BBAC4A3D942} (MSI.Printer) - https://mbe.iship.com/pss005/bin/msi_printer.cab
O16 - DPF: {51A4A871-14C1-40F1-8E24-8CA7CF6D620B} (MSI.Scale) - https://mbe.iship.com/pss005/bin/msi_scales.cab
O16 - DPF: {5B37ABB0-9FC0-4FA1-B2F9-95CC9A088D3C} (MSI.Ports) - https://mbe.iship.com/pss005/bin/msi_portenum.cab
O16 - DPF: {5C8F2A10-0C1B-4499-870E-6C0573AFF7BF} (MSI.csz_TDatabase ) - https://mbe.iship.com/pss005/bin/msi_cszapi.cab
O16 - DPF: {5CD04B10-040B-4929-9195-066894576CA9} (MSI.Registry) - https://mbe.iship.com/pss005/bin/msi_registry.cab
O16 - DPF: {66407C2E-2514-11D3-82F4-00A0C9D57E74} (MSI.cms_CSZ) - https://mbe.iship.com/pss005/bin/cms_csz.cab
O16 - DPF: {7EB52C24-2ED3-47DA-8845-3673931B22F9} (MSI_LabelManager Object) - https://mbe.iship.com/pss005/bin/msi_label.cab
O16 - DPF: {A12552C3-8947-11D1-9D49-00A02475D4E0} (MSI.sss_ShippingStationServices) - https://mbe.iship.com/pss005/bin/msi_shippingstation.cab
O16 - DPF: {B1234A37-C3D2-4EA1-BC14-054BC2F22807} (MSI.ClientPOS) - https://mbe.iship.com/pss005/bin/msi_posclient.cab
O16 - DPF: {BB7FDAE3-7188-45EC-84AD-E85777F96E2A} (MSI.ofl_TRatingX ) - https://mbe.iship.com/pss005/bin/msi_ratingx.cab
O16 - DPF: {F6F81E1B-2A96-491A-AEFA-6D7A0BA1CB38} (MSI.ClientScriptTools) - https://mbe.iship.com/pss005/bin/msi_cst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75FB3B8E-F9A3-4232-A05F-2AB74C12E294}: NameServer = 206.13.30.12,206.13.29.12
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSLoader - Unknown - C:\Program Files\ISS\bin\system\service_start.exe
O23 - Service: ISS Messaging Service - ISS Retail, Inc. - C:\Program Files\ISS Messaging\Bin\ISS.Messaging.Shell.NTService.exe
O23 - Service: ISSStartServices - Unknown - C:\Program Files\ISS\bin\system\StartServices.exe
O23 - Service: ISS Retail Trace Server - ISS Retail, Inc. - C:\Program Files\ISS Trace\Bin\ISSRetailTraceServer.exe
O23 - Service: ISS Trace File Maintenance - ISS Retail, Inc. - C:\Program Files\ISS Trace\Bin\ISSTraceFileMaintenance.exe
O23 - Service: ISS Trace Monitor Host - ISS Retail, Inc. - C:\Program Files\ISS Trace\Bin\ISSTraceMonitorHost.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Retrospect Launcher - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TSG Printer Tools - Mail Boxes Etc. - c:\program files\ups\tsg printer tools\tsg.tools.printers.service.exe
O23 - Service: ZServices v1.0.90 - Mail Boxes Etc./Technology - C:\Program Files\Mail Boxes Etc\Z Services 1.0\ZServices.exe
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\ntsj.exe (file missing)
Logfile of HijackThis v1.99.0
Scan saved at 8:30:39 AM, on 2/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\ISS Trace\Bin\ISSTraceMonitorHost.exe
C:\Program Files\ISS Trace\Bin\ISSRetailTraceServer.exe
C:\Program Files\ISS Trace\Bin\ISSTraceFileMaintenance.exe
C:\Program Files\ISS Messaging\Bin\ISS.Messaging.Shell.NTService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ISS\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ISS\Binn\sqlagent.EXE
C:\Program Files\ISS\bin\system\service_start.exe
C:\Program Files\ISS\Bin\System\ISSTraceServer.exe
C:\Program Files\ISS\Bin\System\CheckPrimaryStatus.exe
C:\Program Files\ISS\Bin\System\IShipListener.exe
C:\Program Files\ISS\Bin\System\CreditService.exe
C:\Program Files\ISS\Bin\System\MessageListener.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MBE\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MBE\Binn\sqlagent.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netek.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\system32\ipgq.exe
c:\program files\iss\bin\app\ISSHealthCheck.exe
C:\Program Files\Mail Boxes Etc\CMSServices\CMSServices.exe
C:\Program Files\ISS\Bin\App\Watcher.exe
C:\Program Files\ISS\Bin\App\ISSNavigator.exe
C:\PROGRAM FILES\ISS\BIN\APP\TASKLISTENER.EXE
C:\Program Files\ISS\POS\ISSPOS.exe
C:\Documents and Settings\Administrator\My Documents\hijack this\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\wspak.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wspak.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\wspak.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\wspak.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wspak.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\wspak.dll/sp.html#27130
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\wspak.dll/sp.html#27130
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: (no name) - {7FF53652-4DA9-7C18-869B-8B90C486CE63} - C:\WINDOWS\system32\winze32.dll
O2 - BHO: (no name) - {A21E60F2-0648-C70B-6954-C8674404125D} - C:\WINDOWS\system32\winze32.dll
O2 - BHO: (no name) - {E64A1221-EF23-71DB-7E2E-69E1FF3E64CB} - C:\WINDOWS\system32\winze32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [POSStartUp] C:\Program Files\ISS\Bin\App\Logon.exe /L
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitence32.exe
O4 - HKLM\..\Run: [ipgq.exe] C:\WINDOWS\system32\ipgq.exe
O4 - HKLM\..\RunOnce: [netek.exe] C:\WINDOWS\system32\netek.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {4392B188-CBA7-4CA8-A24F-31B378B3F4B5} (MSI.AXM) - https://mbe.iship.com/pss005/bin/msi_axm.cab
O16 - DPF: {48032833-56FF-4D44-ACB4-1BBAC4A3D942} (MSI.Printer) - https://mbe.iship.com/pss005/bin/msi_printer.cab
O16 - DPF: {51A4A871-14C1-40F1-8E24-8CA7CF6D620B} (MSI.Scale) - https://mbe.iship.com/pss005/bin/msi_scales.cab
O16 - DPF: {5B37ABB0-9FC0-4FA1-B2F9-95CC9A088D3C} (MSI.Ports) - https://mbe.iship.com/pss005/bin/msi_portenum.cab
O16 - DPF: {5C8F2A10-0C1B-4499-870E-6C0573AFF7BF} (MSI.csz_TDatabase ) - https://mbe.iship.com/pss005/bin/msi_cszapi.cab
O16 - DPF: {5CD04B10-040B-4929-9195-066894576CA9} (MSI.Registry) - https://mbe.iship.com/pss005/bin/msi_registry.cab
O16 - DPF: {66407C2E-2514-11D3-82F4-00A0C9D57E74} (MSI.cms_CSZ) - https://mbe.iship.com/pss005/bin/cms_csz.cab
O16 - DPF: {7EB52C24-2ED3-47DA-8845-3673931B22F9} (MSI_LabelManager Object) - https://mbe.iship.com/pss005/bin/msi_label.cab
O16 - DPF: {A12552C3-8947-11D1-9D49-00A02475D4E0} (MSI.sss_ShippingStationServices) - https://mbe.iship.com/pss005/bin/msi_shippingstation.cab
O16 - DPF: {B1234A37-C3D2-4EA1-BC14-054BC2F22807} (MSI.ClientPOS) - https://mbe.iship.com/pss005/bin/msi_posclient.cab
O16 - DPF: {BB7FDAE3-7188-45EC-84AD-E85777F96E2A} (MSI.ofl_TRatingX ) - https://mbe.iship.com/pss005/bin/msi_ratingx.cab
O16 - DPF: {F6F81E1B-2A96-491A-AEFA-6D7A0BA1CB38} (MSI.ClientScriptTools) - https://mbe.iship.com/pss005/bin/msi_cst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75FB3B8E-F9A3-4232-A05F-2AB74C12E294}: NameServer = 206.13.30.12,206.13.29.12
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSLoader - Unknown - C:\Program Files\ISS\bin\system\service_start.exe
O23 - Service: ISS Messaging Service - ISS Retail, Inc. - C:\Program Files\ISS Messaging\Bin\ISS.Messaging.Shell.NTService.exe
O23 - Service: ISSStartServices - Unknown - C:\Program Files\ISS\bin\system\StartServices.exe
O23 - Service: ISS Retail Trace Server - ISS Retail, Inc. - C:\Program Files\ISS Trace\Bin\ISSRetailTraceServer.exe
O23 - Service: ISS Trace File Maintenance - ISS Retail, Inc. - C:\Program Files\ISS Trace\Bin\ISSTraceFileMaintenance.exe
O23 - Service: ISS Trace Monitor Host - ISS Retail, Inc. - C:\Program Files\ISS Trace\Bin\ISSTraceMonitorHost.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Retrospect Launcher - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TSG Printer Tools - Mail Boxes Etc. - c:\program files\ups\tsg printer tools\tsg.tools.printers.service.exe
O23 - Service: ZServices v1.0.90 - Mail Boxes Etc./Technology - C:\Program Files\Mail Boxes Etc\Z Services 1.0\ZServices.exe
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\ntsj.exe (file missing)
0
Comments
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qaqbz.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qaqbz.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\qaqbz.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qaqbz.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qaqbz.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qaqbz.dll/sp.html#27130
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qaqbz.dll/sp.html#27130
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: (no name) - {A21E60F2-0648-C70B-6954-C8674404125D} - C:\WINDOWS\system32\winze32.dll
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitence32.exe
O4 - HKLM\..\Run: [ipgq.exe] C:\WINDOWS\system32\ipgq.exe
O4 - HKLM\..\RunOnce: [netek.exe] C:\WINDOWS\system32\netek.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\ntsj.exe (file missing)
Fix those entries then find and delete the following files:
C:\WINDOWS\system32\qaqbz.dll
C:\WINDOWS\isrvs\
C:\WINDOWS\system32\winze32.dll
C:\WINDOWS\system32\ipgq.exe
C:\WINDOWS\system32\netek.exe
Then reboot your computer and post a new log.