Help with HJT log to rid of Xlime ads

Unknown

Hi and thanks for reading. Ok I have been getting those pop-up ads all the time from xlime and offeroptimizer and its getting really annoying, and now I know how dangerous it can be so I need to get things fixed. I have Ad-Aware 6.0 and I downloaded all the updates for it. I then performed a "system smart scan" and saved the logfile but I tihnk the site said not to post cause its too long, so I'll just put what the bottom stated:

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 80
Objects found so far: 472

7:34:34 PM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:05:23:812
Objects scanned :50065
Objects identified :472
Objects ignored :0
New objects :472.

I then ran HiJackThis and this is the log:

Logfile of HijackThis v1.99.1
Scan saved at 7:37:27 PM, on 5/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\7lckpirz\7lckpirz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?uid=136004489&id=5.0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?uid=136004489&id=5.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.portalsearching.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?uid=136004489&id=5.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?uid=136004489&id=5.0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?uid=136004489&id=5.0
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?uid=136004489&id=5.0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\m3tsp8.dll (file missing)
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll (file missing)
O2 - BHO: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08470BB9-003C-4960-BFB6-EC58497B0BB0} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {1213863A-C0EA-4E3A-B1C6-422D134964F9} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {1221BB21-253D-4FCC-A31F-6817DE04379F} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {148709B1-688F-428A-9C5B-4483A805F7F2} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {15D1596F-A06A-4DD7-92C4-7C93F39F9712} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {2166FE8E-3ECA-41A3-B389-434457FBC0EA} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {2423BED4-314D-46CA-A3D0-5DE23BD0795C} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {246A6AF4-17CC-415C-B44F-D9B766DECA48} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {25F24114-DA09-4C8E-B602-4BE5B3B35B5E} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {26EC4313-32A2-401C-953E-DC39B4B94AE8} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {2CE84B7D-2DA2-4727-AACA-CB426C6485EB} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {39F28D9E-EF04-44CA-90CB-A6411DDFEFEA} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {3EC98D67-2E34-4B8D-8DAF-2DA2E8CEEAAF} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {48275ABD-5E1E-4BA7-817A-75FAB10E9142} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {5C06E5EA-D4D7-4349-A19A-21B41C26251D} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {5F8B7169-E561-4618-956A-9766FF827332} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {6372FFD0-2B09-47A6-98CC-01645D8FB90F} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {67F295FE-EC98-4884-AEFC-FE37D01174F2} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {69644ECA-CF19-44F6-8C51-6295415A6D67} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {6F033C27-BC76-458B-98F0-4962AAEA9FCA} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {72504C11-2B47-4AF0-BC58-8E08FA4AE393} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {77A0EE14-7B8C-42B8-A878-B7DE954D68B5} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {797DB2A7-972A-4531-9795-050A8AD3BEFF} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {7D7B7648-F612-4BCA-89EF-D0088A7A8355} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {884FE4D9-3708-425E-803E-B12B47D71E63} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {8A5F529A-121C-4B26-A76E-B3511F0ECD80} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {8E211DDC-96BE-432D-B395-D2B7E799FA8C} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {9B6976F9-F45F-416D-974E-27012E70256E} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {A0849A6E-F34F-4EE7-B22B-860ABE0D16E0} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {A4EB295A-7003-4FCD-95CB-7A1E2DBE98C5} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {A760ABDD-9D1A-4752-906D-318E4B81A3CA} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AB3C9BB6-3F55-42C1-81F4-0E2B856048F4} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {B9E4A414-6889-4039-978E-7E8123DB8D75} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C68B21BD-B974-40A2-A1FC-BBFE01BD6F35} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {C7541D3E-0BF4-4358-8E31-9F27531D49F9} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {CD762C97-A033-4324-B0BB-E27F4D60300D} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {D12D5C28-D19C-4EFE-8E16-4317A846D560} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {D5560F63-74E8-469E-B914-2445DE2A5C55} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: BHO.clsInetSpeak - {D6862A22-1DD6-11D3-BB7C-444553540000} - C:\WINDOWS\Downloaded Program Files\BHO.dll (file missing)
O2 - BHO: (no name) - {DB61E167-0927-46D0-A281-B55A1F55E9B1} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {DD1002BC-B2BC-4545-8948-BEE6E1613801} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {E8BC4424-63D2-4EC3-BFA8-6B30876C3E1A} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {EAB0D757-D7A4-44A7-AC99-538CC3AA9F66} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {EB727E64-640F-42A8-8FC9-435B5EA0F318} - C:\Program Files\CSBB\CSBB.dll (file missing)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL
O3 - Toolbar: MBKWBar - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - C:\Program Files\MBKWBar\IEToolBar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [nowupdate.exe] C:\WINDOWS\System32\nowupdate.exe
O4 - HKLM\..\Run: [rundl.exe] C:\WINDOWS\System32\rundl.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [axmnlhb] C:\WINDOWS\System32\iahhjs.exe
O4 - HKLM\..\Run: [nzhyx] C:\WINDOWS\System32\nbmmqji.exe
O4 - HKLM\..\Run: [juczlo] C:\WINDOWS\System32\ljouiai.exe
O4 - HKLM\..\Run: [gsbiip] C:\WINDOWS\System32\vvxt.exe
O4 - HKLM\..\Run: [ptsrxiru] C:\WINDOWS\System32\ghogp.exe
O4 - HKLM\..\Run: [gftjfsyp] C:\WINDOWS\System32\puhmk.exe
O4 - HKLM\..\Run: [uzpkl] C:\WINDOWS\System32\cqsxenb.exe
O4 - HKLM\..\Run: [sxrgakj] C:\WINDOWS\System32\zhptgqh.exe
O4 - HKLM\..\Run: [poztcm] C:\WINDOWS\System32\unhf.exe
O4 - HKLM\..\Run: [ufdsxl] C:\WINDOWS\System32\dsjowa.exe
O4 - HKLM\..\Run: [spwblk] C:\WINDOWS\System32\fmwh.exe
O4 - HKLM\..\Run: [rdbu] C:\WINDOWS\System32\aihkyd.exe
O4 - HKLM\..\Run: [freeuhn] C:\WINDOWS\System32\nezvagg.exe
O4 - HKLM\..\Run: [fxrasi] C:\WINDOWS\System32\lrhnsccm.exe
O4 - HKLM\..\Run: [fanp] C:\WINDOWS\System32\omngtu.exe
O4 - HKLM\..\Run: [nyhovham] C:\WINDOWS\System32\yosy.exe
O4 - HKLM\..\Run: [cdzn] C:\WINDOWS\System32\jifjufi.exe
O4 - HKLM\..\Run: [rlipa] C:\WINDOWS\System32\lqhjnij.exe
O4 - HKLM\..\Run: [bffta] C:\WINDOWS\System32\nsuco.exe
O4 - HKLM\..\Run: [hkll] C:\WINDOWS\System32\iofnpmx.exe
O4 - HKLM\..\Run: [icusdyz] C:\WINDOWS\System32\lisxq.exe
O4 - HKLM\..\Run: [rylhppc] C:\WINDOWS\system32\qarbpvmc.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [Enh Win Updt] C:\WINDOWS\enhupdt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [7lckpirz] C:\Program Files\7lckpirz\7lckpirz.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\RunServices: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe
O4 - HKLM\..\RunServices: [nowupdate.exe] C:\WINDOWS\System32\nowupdate.exe
O4 - HKLM\..\RunServices: [rundl.exe] C:\WINDOWS\System32\rundl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [oghzp] C:\WINDOWS\System32\xciwyab.exe k:oghzp:
O4 - HKCU\..\Run: [ezbma] C:\WINDOWS\System32\lwpg.exe k:ezbma:
O4 - HKCU\..\Run: [ramiuo] C:\WINDOWS\System32\xrwlnemv.exe k:ramiuo:
O4 - HKCU\..\Run: [lxyvv] C:\WINDOWS\System32\xjazia.exe k:lxyvv:
O4 - HKCU\..\RunServices: [nowupdate.exe] C:\WINDOWS\System32\nowupdate.exe
O4 - HKCU\..\RunServices: [rundl.exe] C:\WINDOWS\System32\rundl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://www115.coolsavings.com/download/cscmv5X.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/17a2eea9b4f9c313b304/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://cc.iwon.com/ct/pm3/iwonpm_10_1,0,2,5.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D6862A22-1DD6-11D3-BB7C-444553540000} (BHO.clsInetSpeak) - http://www.sexxx-direct.com/BHO.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315
O20 - AppInit_DLLs: mad.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Hope you guys can help

Buckeye_Sam

That's a full log.

I'd like to run some scans on your computer to see if we can remove a lot of this stuff all at once. Adaware 6.0 is an older version, unless you have the Pro version.



First, please make sure that you can VIEW ALL HIDDEN FILES.


Please follow these instructions to run Adware.

• Download, install, update, configure, and run Ad-Aware SE Personal 1.05.
  1. Download Ad-Aware SE Personal 1.05:
     • Download Ad-Aware SE Personal 1.05.
     • Save aawsepersonal.exe to a convenient location.
  2. Install Ad-Aware SE Personal 1.05:
     • Double-click on aawsepersonal.exe to install the program.
     • Follow the default settings for installation.
     • After the program has finished installing uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
  3. Update Ad-Aware SE Personal 1.05:
     • Double-click the Ad-Aware SE Personal icon on your desktop.
     • Click "Check for updates now" then click "Connect".
     • It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
  4. Configure Ad-Aware SE Personal 1.05:
     • Click on the Gear button at the top of the window.
     • Click "General" on the left hand side to display the General Settings box.
       • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
         • "Automatically save logfile"
         • "Automatically quarantine objects prior to removal"
         • "Safe Mode (always request confirmation)"
         • "Prompt to update outdated definitions" - change to 7 days from the default 14.
     • Click "Scanning" on the left hand side to display the Scan Settings box.
       • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
         • "Scan within archives"
         • "Select drives & folders to scan" - select your hard drive(s).
         • "Scan active processes"
         • "Scan registry"
         • "Deep-scan registry"
         • "Scan my IE favorites for banned URLs"
         • "Scan my Hosts file"
     • Click "Advanced" on the left hand side to display the Advanced Settings box.
       • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
         • "Move deleted files to Recycle Bin"
         • "Include additional object information"
         • "Include negligible objects information"
         • "Include environment information"
     • Click "Defaults" on the left hand side to display the Default Settings box.
       • Make sure these items have your preferred settings in them.:
         • "Default homepage"
         • "Default searchpage"
     • Click "Tweak" on the left hand side to display the Tweak Settings box.
       • Click the + (plus) sign next to the Log Files section. This will expand the section.
       • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
         • "Include basic Ad-Aware settings in log file"
         • "Include additional Ad-Aware settings in log file"
         • "Include reference summary in log file"
         • "Include alternate data stream details in log file"
       • Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
       • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
         • "Unload recognized processes & modules during scan"
         • "Scan registry for all users instead of current user only"
         • "Obtain command line of scanned processes"
       • Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
       • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
         • "Always try to unload modules before deletion"
         • "During removal, unload Explorer and IE if necessary"
         • "Let Windows remove files in use at next reboot"
         • "Delete quarantined objects after restoring"
     • Once you are done with these settings, click "Proceed" to save them.
     • This will take you back to the main screen.
  5. Run Ad-Aware SE Personal 1.05:
     • Click the "Start" button.
     • Uncheck the "Search for negligible risk entries" entry.
     • Choose the "Use custom scanning options" scan mode.
     • Click the "Next" button.
     • Ad-Aware will begin to scan for malware residing on your computer.
     • Allow the scan to finish.
     • Right-click on any entry in the list and click "Select All" to select the whole list.
     • Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.

---

Please download and install A-Squared. You will have to register with them in order to install the updates, but it's free. Once updated, run a full scan and remove everything that is found.

http://www.majorgeeks.com/download4281.html

---

Please download and install Cleanup 4.0, but don't run it yet.
http://cleanup.stevengould.org/

Please download CWShredder but don't run it yet.
http://cwshredder.net/bin/CWSInstall.exe


Reboot your computer into SAFE MODE


Run CWShredder, making sure to click "Fix".


Next run CleanUp.

---

Finally, reboot back to normal mode and post a new hijackthis. We'll see what's left and then go get 'em.

Vampirespike11

Hey Buckeye_Sam thanks for replying and helping. Ok I did everything you stated to do, I ran all the scans and got rid of about 1000 objects with Adaware SE and about 120 more with A-Squared. I booted the computer in Safe Mode and ran the CWShredder and it came up that it found nothing. I did not run the other program though, the Clean-Up one because it stated that I have to backup files on the harddisk before I do so and I don't know how to do that so I went ahead and skipped over CleanUp just in case I messed up my computer. I booted back in normal for Windows and ran a new HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:05:27 PM, on 5/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\qarbpvmc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08470BB9-003C-4960-BFB6-EC58497B0BB0} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {1213863A-C0EA-4E3A-B1C6-422D134964F9} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {1221BB21-253D-4FCC-A31F-6817DE04379F} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {148709B1-688F-428A-9C5B-4483A805F7F2} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {15D1596F-A06A-4DD7-92C4-7C93F39F9712} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {2166FE8E-3ECA-41A3-B389-434457FBC0EA} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {2423BED4-314D-46CA-A3D0-5DE23BD0795C} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {246A6AF4-17CC-415C-B44F-D9B766DECA48} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {25F24114-DA09-4C8E-B602-4BE5B3B35B5E} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {26EC4313-32A2-401C-953E-DC39B4B94AE8} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {2CE84B7D-2DA2-4727-AACA-CB426C6485EB} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {39F28D9E-EF04-44CA-90CB-A6411DDFEFEA} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {3EC98D67-2E34-4B8D-8DAF-2DA2E8CEEAAF} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {48275ABD-5E1E-4BA7-817A-75FAB10E9142} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {5C06E5EA-D4D7-4349-A19A-21B41C26251D} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {5F8B7169-E561-4618-956A-9766FF827332} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {6372FFD0-2B09-47A6-98CC-01645D8FB90F} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {67F295FE-EC98-4884-AEFC-FE37D01174F2} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {69644ECA-CF19-44F6-8C51-6295415A6D67} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {6F033C27-BC76-458B-98F0-4962AAEA9FCA} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {72504C11-2B47-4AF0-BC58-8E08FA4AE393} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {77A0EE14-7B8C-42B8-A878-B7DE954D68B5} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {797DB2A7-972A-4531-9795-050A8AD3BEFF} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {7D7B7648-F612-4BCA-89EF-D0088A7A8355} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {884FE4D9-3708-425E-803E-B12B47D71E63} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {8A5F529A-121C-4B26-A76E-B3511F0ECD80} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {8E211DDC-96BE-432D-B395-D2B7E799FA8C} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {9B6976F9-F45F-416D-974E-27012E70256E} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {A0849A6E-F34F-4EE7-B22B-860ABE0D16E0} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {A4EB295A-7003-4FCD-95CB-7A1E2DBE98C5} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {A760ABDD-9D1A-4752-906D-318E4B81A3CA} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AB3C9BB6-3F55-42C1-81F4-0E2B856048F4} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {B9E4A414-6889-4039-978E-7E8123DB8D75} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C68B21BD-B974-40A2-A1FC-BBFE01BD6F35} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {C7541D3E-0BF4-4358-8E31-9F27531D49F9} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {CD762C97-A033-4324-B0BB-E27F4D60300D} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {D12D5C28-D19C-4EFE-8E16-4317A846D560} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {D5560F63-74E8-469E-B914-2445DE2A5C55} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {DB61E167-0927-46D0-A281-B55A1F55E9B1} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {DD1002BC-B2BC-4545-8948-BEE6E1613801} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {E8BC4424-63D2-4EC3-BFA8-6B30876C3E1A} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {EAB0D757-D7A4-44A7-AC99-538CC3AA9F66} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {EB727E64-640F-42A8-8FC9-435B5EA0F318} - C:\Program Files\CSBB\CSBB.dll (file missing)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL (file missing)
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL
O3 - Toolbar: MBKWBar - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - C:\Program Files\MBKWBar\IEToolBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [nowupdate.exe] C:\WINDOWS\System32\nowupdate.exe
O4 - HKLM\..\Run: [rundl.exe] C:\WINDOWS\System32\rundl.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [axmnlhb] C:\WINDOWS\System32\iahhjs.exe
O4 - HKLM\..\Run: [nzhyx] C:\WINDOWS\System32\nbmmqji.exe
O4 - HKLM\..\Run: [juczlo] C:\WINDOWS\System32\ljouiai.exe
O4 - HKLM\..\Run: [gsbiip] C:\WINDOWS\System32\vvxt.exe
O4 - HKLM\..\Run: [ptsrxiru] C:\WINDOWS\System32\ghogp.exe
O4 - HKLM\..\Run: [gftjfsyp] C:\WINDOWS\System32\puhmk.exe
O4 - HKLM\..\Run: [uzpkl] C:\WINDOWS\System32\cqsxenb.exe
O4 - HKLM\..\Run: [sxrgakj] C:\WINDOWS\System32\zhptgqh.exe
O4 - HKLM\..\Run: [poztcm] C:\WINDOWS\System32\unhf.exe
O4 - HKLM\..\Run: [ufdsxl] C:\WINDOWS\System32\dsjowa.exe
O4 - HKLM\..\Run: [spwblk] C:\WINDOWS\System32\fmwh.exe
O4 - HKLM\..\Run: [rdbu] C:\WINDOWS\System32\aihkyd.exe
O4 - HKLM\..\Run: [freeuhn] C:\WINDOWS\System32\nezvagg.exe
O4 - HKLM\..\Run: [fxrasi] C:\WINDOWS\System32\lrhnsccm.exe
O4 - HKLM\..\Run: [fanp] C:\WINDOWS\System32\omngtu.exe
O4 - HKLM\..\Run: [nyhovham] C:\WINDOWS\System32\yosy.exe
O4 - HKLM\..\Run: [cdzn] C:\WINDOWS\System32\jifjufi.exe
O4 - HKLM\..\Run: [rlipa] C:\WINDOWS\System32\lqhjnij.exe
O4 - HKLM\..\Run: [bffta] C:\WINDOWS\System32\nsuco.exe
O4 - HKLM\..\Run: [hkll] C:\WINDOWS\System32\iofnpmx.exe
O4 - HKLM\..\Run: [icusdyz] C:\WINDOWS\System32\lisxq.exe
O4 - HKLM\..\Run: [rylhppc] C:\WINDOWS\system32\qarbpvmc.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Enh Win Updt] C:\WINDOWS\enhupdt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\RunServices: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe
O4 - HKLM\..\RunServices: [nowupdate.exe] C:\WINDOWS\System32\nowupdate.exe
O4 - HKLM\..\RunServices: [rundl.exe] C:\WINDOWS\System32\rundl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [oghzp] C:\WINDOWS\System32\xciwyab.exe k:oghzp:
O4 - HKCU\..\Run: [ezbma] C:\WINDOWS\System32\lwpg.exe k:ezbma:
O4 - HKCU\..\Run: [ramiuo] C:\WINDOWS\System32\xrwlnemv.exe k:ramiuo:
O4 - HKCU\..\Run: [lxyvv] C:\WINDOWS\System32\xjazia.exe k:lxyvv:
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\RunServices: [nowupdate.exe] C:\WINDOWS\System32\nowupdate.exe
O4 - HKCU\..\RunServices: [rundl.exe] C:\WINDOWS\System32\rundl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/17a2eea9b4f9c313b304/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://cc.iwon.com/ct/pm3/iwonpm_10_1,0,2,5.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315
O20 - AppInit_DLLs: mad.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

If I really do need to run Cleanup, can you help me on what I should do to backup files if backing them up is even necessary. Thanks again for the help, hope the new log is better than the old one.

Buckeye_Sam

It's not necessary to backup your files before running CleanUp. It will only remove temp files and junk that is unnecessary on your machine.

Click Start -> Control Panel -> Add/Remove Programs and uninstall any of these programs that are listed.

New.net Application
New.net Domains
My Way Toolbar
Wild Tangent
TV Media




Now let's attack the malware in your log and get you cleaned up.

Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL (file missing)
O2 - BHO: (no name) - {08470BB9-003C-4960-BFB6-EC58497B0BB0} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {1213863A-C0EA-4E3A-B1C6-422D134964F9} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {1221BB21-253D-4FCC-A31F-6817DE04379F} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {148709B1-688F-428A-9C5B-4483A805F7F2} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {15D1596F-A06A-4DD7-92C4-7C93F39F9712} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {2166FE8E-3ECA-41A3-B389-434457FBC0EA} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {2423BED4-314D-46CA-A3D0-5DE23BD0795C} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {246A6AF4-17CC-415C-B44F-D9B766DECA48} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {25F24114-DA09-4C8E-B602-4BE5B3B35B5E} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {26EC4313-32A2-401C-953E-DC39B4B94AE8} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {2CE84B7D-2DA2-4727-AACA-CB426C6485EB} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {39F28D9E-EF04-44CA-90CB-A6411DDFEFEA} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {3EC98D67-2E34-4B8D-8DAF-2DA2E8CEEAAF} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {48275ABD-5E1E-4BA7-817A-75FAB10E9142} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {5C06E5EA-D4D7-4349-A19A-21B41C26251D} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {5F8B7169-E561-4618-956A-9766FF827332} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {6372FFD0-2B09-47A6-98CC-01645D8FB90F} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {67F295FE-EC98-4884-AEFC-FE37D01174F2} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {69644ECA-CF19-44F6-8C51-6295415A6D67} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {6F033C27-BC76-458B-98F0-4962AAEA9FCA} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {72504C11-2B47-4AF0-BC58-8E08FA4AE393} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {77A0EE14-7B8C-42B8-A878-B7DE954D68B5} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {797DB2A7-972A-4531-9795-050A8AD3BEFF} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {7D7B7648-F612-4BCA-89EF-D0088A7A8355} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {884FE4D9-3708-425E-803E-B12B47D71E63} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {8A5F529A-121C-4B26-A76E-B3511F0ECD80} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {8E211DDC-96BE-432D-B395-D2B7E799FA8C} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {9B6976F9-F45F-416D-974E-27012E70256E} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {A0849A6E-F34F-4EE7-B22B-860ABE0D16E0} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {A4EB295A-7003-4FCD-95CB-7A1E2DBE98C5} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {A760ABDD-9D1A-4752-906D-318E4B81A3CA} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {AB3C9BB6-3F55-42C1-81F4-0E2B856048F4} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {B9E4A414-6889-4039-978E-7E8123DB8D75} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {C68B21BD-B974-40A2-A1FC-BBFE01BD6F35} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {C7541D3E-0BF4-4358-8E31-9F27531D49F9} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {CD762C97-A033-4324-B0BB-E27F4D60300D} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {D12D5C28-D19C-4EFE-8E16-4317A846D560} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {D5560F63-74E8-469E-B914-2445DE2A5C55} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {DB61E167-0927-46D0-A281-B55A1F55E9B1} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {DD1002BC-B2BC-4545-8948-BEE6E1613801} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {E8BC4424-63D2-4EC3-BFA8-6B30876C3E1A} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {EAB0D757-D7A4-44A7-AC99-538CC3AA9F66} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {EB727E64-640F-42A8-8FC9-435B5EA0F318} - C:\Program Files\CSBB\CSBB.dll (file missing)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL (file missing)
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL
O3 - Toolbar: MBKWBar - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - C:\Program Files\MBKWBar\IEToolBar.dll (file missing)
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe " -boot
O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe
O4 - HKLM\..\Run: [nowupdate.exe] C:\WINDOWS\System32\nowupdate.exe
O4 - HKLM\..\Run: [rundl.exe] C:\WINDOWS\System32\rundl.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [axmnlhb] C:\WINDOWS\System32\iahhjs.exe
O4 - HKLM\..\Run: [nzhyx] C:\WINDOWS\System32\nbmmqji.exe
O4 - HKLM\..\Run: [juczlo] C:\WINDOWS\System32\ljouiai.exe
O4 - HKLM\..\Run: [gsbiip] C:\WINDOWS\System32\vvxt.exe
O4 - HKLM\..\Run: [ptsrxiru] C:\WINDOWS\System32\ghogp.exe
O4 - HKLM\..\Run: [gftjfsyp] C:\WINDOWS\System32\puhmk.exe
O4 - HKLM\..\Run: [uzpkl] C:\WINDOWS\System32\cqsxenb.exe
O4 - HKLM\..\Run: [sxrgakj] C:\WINDOWS\System32\zhptgqh.exe
O4 - HKLM\..\Run: [poztcm] C:\WINDOWS\System32\unhf.exe
O4 - HKLM\..\Run: [ufdsxl] C:\WINDOWS\System32\dsjowa.exe
O4 - HKLM\..\Run: [spwblk] C:\WINDOWS\System32\fmwh.exe
O4 - HKLM\..\Run: [rdbu] C:\WINDOWS\System32\aihkyd.exe
O4 - HKLM\..\Run: [freeuhn] C:\WINDOWS\System32\nezvagg.exe
O4 - HKLM\..\Run: [fxrasi] C:\WINDOWS\System32\lrhnsccm.exe
O4 - HKLM\..\Run: [fanp] C:\WINDOWS\System32\omngtu.exe
O4 - HKLM\..\Run: [nyhovham] C:\WINDOWS\System32\yosy.exe
O4 - HKLM\..\Run: [cdzn] C:\WINDOWS\System32\jifjufi.exe
O4 - HKLM\..\Run: [rlipa] C:\WINDOWS\System32\lqhjnij.exe
O4 - HKLM\..\Run: [bffta] C:\WINDOWS\System32\nsuco.exe
O4 - HKLM\..\Run: [hkll] C:\WINDOWS\System32\iofnpmx.exe
O4 - HKLM\..\Run: [icusdyz] C:\WINDOWS\System32\lisxq.exe
O4 - HKLM\..\Run: [rylhppc] C:\WINDOWS\system32\qarbpvmc.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Enh Win Updt] C:\WINDOWS\enhupdt.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\RunServices: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe
O4 - HKLM\..\RunServices: [nowupdate.exe] C:\WINDOWS\System32\nowupdate.exe
O4 - HKLM\..\RunServices: [rundl.exe] C:\WINDOWS\System32\rundl.exe
O4 - HKCU\..\Run: [oghzp] C:\WINDOWS\System32\xciwyab.exe kghzp:
O4 - HKCU\..\Run: [ezbma] C:\WINDOWS\System32\lwpg.exe k:ezbma:
O4 - HKCU\..\Run: [ramiuo] C:\WINDOWS\System32\xrwlnemv.exe k:ramiuo:
O4 - HKCU\..\Run: [lxyvv] C:\WINDOWS\System32\xjazia.exe k:lxyvv:
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\RunServices: [nowupdate.exe] C:\WINDOWS\System32\nowupdate.exe
O4 - HKCU\..\RunServices: [rundl.exe] C:\WINDOWS\System32\rundl.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/17a2eea...ip/RdxIE601.cab
O20 - AppInit_DLLs: mad.dll


Reboot your computer into SAFE MODE

Then delete these files or directories (Do not be concerned if they do not exist):

mad.dll
C:\WINDOWS\System32\winupdate.exe
C:\WINDOWS\System32\nowupdate.exe
C:\WINDOWS\System32\rundl.exe
C:\WINDOWS\System32\iahhjs.exe
C:\WINDOWS\System32\nbmmqji.exe
C:\WINDOWS\System32\ljouiai.exe
C:\WINDOWS\System32\vvxt.exe
C:\WINDOWS\System32\ghogp.exe
C:\WINDOWS\System32\puhmk.exe
C:\WINDOWS\System32\cqsxenb.exe
C:\WINDOWS\System32\zhptgqh.exe
C:\WINDOWS\System32\unhf.exe
C:\WINDOWS\System32\dsjowa.exe
C:\WINDOWS\System32\fmwh.exe
C:\WINDOWS\System32\aihkyd.exe
C:\WINDOWS\System32\nezvagg.exe
C:\WINDOWS\System32\lrhnsccm.exe
C:\WINDOWS\System32\omngtu.exe
C:\WINDOWS\System32\yosy.exe
C:\WINDOWS\System32\jifjufi.exe
C:\WINDOWS\System32\lqhjnij.exe
C:\WINDOWS\System32\nsuco.exe
C:\WINDOWS\System32\iofnpmx.exe
C:\WINDOWS\System32\lisxq.exe
C:\WINDOWS\system32\qarbpvmc.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\enhupdt.exe
C:\WINDOWS\farmmext.exe
C:\WINDOWS\System32\xciwyab.exe
C:\WINDOWS\System32\lwpg.exe
C:\WINDOWS\System32\xrwlnemv.exe
C:\WINDOWS\System32\xjazia.exe
C:\Program Files\WildTangent
C:\PROGRA~1\NEWDOT~1\
C:\Program Files\TV Media



Reboot your computer to go back to normal mode and post a new log.

Vampirespike11

In the Add/Remove Programs I got rid of New.net Domains and part of WildTangent, when I tried to delete the other section of WildTangent it came up with a message telling me other programs use it and they might not work, so I didnt delete it in case of anything going wrong. I put a check next to all of the items you said to and fixed them. I went into safe mode but couldnt find any of the directories, I looked in the C:\ folder under WINDOWS\System32\ but couldnt really find any of them. I can recheck again if you still notice that they might be on my computer. I ran HJT and this is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 7:52:28 PM, on 5/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\New Folder\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://cc.iwon.com/ct/pm3/iwonpm_10_1,0,2,5.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Hope thats better, and thanks again for all the help you are offering to me now, I appreciate it.

Buckeye_Sam

You're getting there.

Make sure that you can VIEW ALL HIDDEN FILES.

Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)


Reboot your computer into SAFE MODE

Then delete these files or directories (Do not be concerned if they do not exist):

C:\WINDOWS\systb.dll
C:\WINDOWS\wupdt.exe
C:\PROGRAM FILES\NEWDOTNET
C:\Program Files\Ebates_MoeMoneyMaker


Reboot your computer to go back to normal mode.



Please run at least two of these online scans.
Make sure they are set to clean automatically:

Panda Virus Scan

Bit Defender

TrendMicro Housecall

There will be files that these scans will not remove. Please include that information in your next post.


Reboot and post a new hijackthis log and the info from your virus scans.

Vampirespike11

Hey Buckeye Sam I got rid of all the files you wanted to get rid of through HiJackThis and in SAFE MODE I could only find the C:\Program Files\newdotnet but it wouldnt let me delete it, kept saying it was being used by another program. I ran the Panda Scan and this is what came up:

Incident Status Location

Spyware:Spyware/New.net No disinfected C:\Program Files\NewDotNet\newdotnet6_38.dll
Spyware:Spyware/New.net No disinfected C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL
Spyware:Spyware/New.net No disinfected Windows Registry
Adware:Adware/MyWay No disinfected C:\Program Files\MyWay
Spyware:Spyware/ClearSearch No disinfected Windows Registry
Adware:Adware/KeenValue No disinfected C:\Program Files\Common Files\Updater
Spyware:Spyware/BetterInet No disinfected Windows Registry
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\SHAgentNew.dll
Adware:Adware/FunWeb No disinfected C:\Program Files\FunWebProducts
Spyware:Spyware/Searchcentrix No disinfected Windows Registry
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Owner\Application Data\tvm*.dll
Adware:Adware/SideSearch No disinfected C:\Documents and Settings\Owner\Application Data\Lycos
Adware:Adware/IPInsight No disinfected C:\WINDOWS\FARMMEXT.exe
Adware:Adware/QuickSearch No disinfected C:\Program Files\QuickSearch
Adware:Adware/IEPlugin No disinfected Windows Registry
Adware:Adware/Twain-Tech No disinfected C:\DOCUME~1\Owner\LOCALS~1\Temp\THI*.tmp
Adware:Adware/WildTangent No disinfected C:\Program Files\WILDTANGENT
Spyware:Spyware/Altnet No disinfected C:\WINDOWS\Temp\Adware
Adware:Adware/MyWebSearch No disinfected Windows Registry
Adware:Adware/Transponder No disinfected C:\WINDOWS\dlmax.dll
Adware:Adware/InstaFinder No disinfected C:\Program Files\INSTAFINK
Adware:Adware/MBKWBar No disinfected Windows Registry
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Owner\Application Data\tvmknwrd.dll
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Owner\Application Data\tvmuknwrd.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr4A5A\TvmBho.dll
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI1C12.tmp\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI1C12.tmp\farmmext.ini
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI5BF8.tmp\dlmax.cab
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI5BF8.tmp\dlmax.cab[dlmax.inf]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI5BF8.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI5BF8.tmp\dlmax.cab[spike.exe]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI5BF8.tmp\dlmax.dll
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI5BF8.tmp\dlmax.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI6285.tmp\farmmext.cab[farmmext.inf]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI6285.tmp\farmmext.cab[farmmext.exe]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI6285.tmp\farmmext.cab[farmmext.ini]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI6285.tmp\farmmext.exe
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI6285.tmp\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI6285.tmp\farmmext.ini
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI7DB6.tmp\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI7DB6.tmp\farmmext.ini
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Tvm.upd
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\tvmupdater.exe
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\UE1.tmp
Adware:Adware/KeenValue No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\UpdatedUpdaterInstall.exe
Spyware:Spyware/YourSiteBar No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0HQRW9YB\CA23KXQB.HTM
Spyware:Spyware/YourSiteBar No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0HQRW9YB\CA8ZYP8D.HTM
Spyware:Spyware/YourSiteBar No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0HQRW9YB\CALV5QSJ.HTM
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Spike\Local Settings\Temp\Tvm.upd
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Spike\Local Settings\Temp\U1BD8.tmp
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Spike\Local Settings\Temp\U58.tmp
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\Stanny My Manny\Local Settings\Temp\btgrab.cab
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\Stanny My Manny\Local Settings\Temp\btgrab.cab[btgrab.inf]
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\Stanny My Manny\Local Settings\Temp\btgrab.cab[BTGrab.dll]
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\Stanny My Manny\Local Settings\Temp\btgrab.cab[polall1b.exe]
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\Stanny My Manny\Local Settings\Temp\btgrab.inf
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Stanny My Manny\Local Settings\Temp\DrTemp\bho_prob.exe
Spyware:Spyware/ClearSearch No disinfected C:\Documents and Settings\Stanny My Manny\Local Settings\Temporary Internet Files\Content.IE5\3H57ZMOS\csIEHookInst[1].DL_[csIEHookInst[1].DLl]
Spyware:Spyware/ClearSearch No disinfected C:\Documents and Settings\Stanny My Manny\Local Settings\Temporary Internet Files\Content.IE5\8S2EADVW\csLDRupdater[1].DL_[csLDRupdater[1].DLl]
Adware:Adware/Transponder No disinfected C:\New Folder\backups\backup-20050517-194203-329.dll
Spyware:Spyware/New.net No disinfected C:\New Folder\backups\backup-20050517-194204-131.dll
Virus:Trj/Imiserv.D Disinfected C:\New Folder\backups\backup-20050520-185817-451.dll
Spyware:Spyware/ClearSearch No disinfected C:\Program Files\7lckpirz\0py3uqj9.DLL
Adware:Adware Program No disinfected C:\Program Files\7lckpirz\71307312.exe
Adware:Adware Program No disinfected C:\Program Files\7lckpirz\71307312.exe.dat
Spyware:Spyware/ClearSearch No disinfected C:\Program Files\7lckpirz\usphtsuv.DLL
Spyware:Spyware/ClearSearch No disinfected C:\Program Files\7lckpirz\yuwda3ec.DLL
Adware:Adware/IWon No disinfected C:\Program Files\iWon\iWonBar\1.bin\I1POPSWT.DLL
Adware:Adware/IWon No disinfected C:\Program Files\iWon\iWonBar\1.bin\NPIWON0.DLL
Adware:Adware/IWon No disinfected C:\Program Files\iWon\iWonSlot\1.bin\IWONSLOT.DLL
Adware:Adware/MBKWBar No disinfected C:\Program Files\MBKWBar\MBKWBar.exe
Adware:Adware/MyWay No disinfected C:\Program Files\MyWay\myBar\2.bin\NPMYWAY.DLL
Spyware:Spyware/New.net No disinfected C:\Program Files\NewDotNet\newdotnet6_38.dll
Adware:Adware/Gator No disinfected C:\RECYCLER\NPROTECT\00728841.CAB[CMEIIAPI.dll]
Adware:Adware/Gator No disinfected C:\RECYCLER\NPROTECT\00728841.CAB[GController.dll]
Adware:Adware/Gator No disinfected C:\RECYCLER\NPROTECT\00728841.CAB[GDwldEng.dll]
Adware:Adware/Gator No disinfected C:\RECYCLER\NPROTECT\00728841.CAB[GIocl.dll]
Adware:Adware/Gator No disinfected C:\RECYCLER\NPROTECT\00728841.CAB[GIoclClient.dll]
Adware:Adware/Gator No disinfected C:\RECYCLER\NPROTECT\00728841.CAB[GObjs.dll]
Adware:Adware/Gator No disinfected C:\RECYCLER\NPROTECT\00728841.CAB[GStore.dll]
Adware:Adware/Gator No disinfected C:\RECYCLER\NPROTECT\00728841.CAB[GStoreServer.dll]
Adware:Adware/Gator No disinfected C:\RECYCLER\NPROTECT\00728844.CAB[GMT.exe]
Adware:Adware/Gator No disinfected C:\RECYCLER\NPROTECT\00728844.CAB[gtrawbm.fil]
Spyware:Spyware/ClearSearch No disinfected C:\RECYCLER\NPROTECT\00729929.DLL
Adware:Adware/KeenValue No disinfected C:\WINDOWS\browserxtras\pn\remove.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\dlmax.dll
Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\iwonslot1,0,2,5.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\farmmext.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\farmmext.ini
Adware:Adware/BTGrab No disinfected C:\WINDOWS\inf\btgrab.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\dlmax.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\farmmext.inf
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_30.exe
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32a.sys
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
And this is the new HiJackThis Log too:
Logfile of HijackThis v1.99.1
Scan saved at 10:09:00 PM, on 5/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://cc.iwon.com/ct/pm3/iwonpm_10_1,0,2,5.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks again for all your help.

Buckeye_Sam

Click Start -> Control Panel -> Add/Remove Programs and uninstall this program if listed.

New.net Application
or
New.net Domains


If neither is listed, download and run this tool.

http://www.new.net/support/uninstall6_38.exe

---

Please download and install Cleanup 4.0
http://cleanup.stevengould.org/

---

Reboot your computer into SAFE MODE

Then delete these files or directories (Do not be concerned if they do not exist):

C:\Program Files\NewDotNet
C:\Program Files\MyWay
C:\Program Files\Common Files\Updater
C:\Program Files\FunWebProducts
C:\Program Files\7lckpirz
C:\Program Files\iWon
C:\Program Files\MBKWBar
C:\Program Files\QuickSearch
C:\Program Files\WILDTANGENT
C:\Program Files\INSTAFINK
C:\Documents and Settings\Owner\Application Data\tvm*.dll
C:\Documents and Settings\Owner\Application Data\Lycos
C:\Documents and Settings\Owner\Application Data\tvmknwrd.dll
C:\Documents and Settings\Owner\Application Data\tvmuknwrd.dll
C:\WINDOWS\FARMMEXT.exe
C:\WINDOWS\farmmext.ini
C:\WINDOWS\dlmax.dll
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\NDNuninstall6_30.exe
C:\WINDOWS\inf\btgrab.inf
C:\WINDOWS\inf\dlmax.inf
C:\WINDOWS\inf\farmmext.inf
C:\WINDOWS\browserxtras\pn\remove.exe
C:\WINDOWS\system32\SHAgentNew.dll

---

While still in Safe Mode, run CleanUp.

---

Reboot back to normal mode and post a new hijackthis log.