[mnkyboi]

I have to get rid of a lot of spyware on my computer. I know for a fact i have that damn PSguard on my box as well as searchaid, coolwebsearch, and possibly still have reminants of the alcan.a worm. Here is my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 11:32:38 AM, on 11/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\crqh.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\system32\sndvol32.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\javazk32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jaymz\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\uezuj.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uezuj.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\uezuj.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\uezuj.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uezuj.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\uezuj.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {06103706-2824-5060-4507-DEAA3B6E9276} - C:\WINDOWS\system32\appyd.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {124A4263-2E16-F5FE-B4ED-8F846E177090} - C:\WINDOWS\winyq32.dll
O2 - BHO: Class - {24BFC623-B375-B36B-78B2-69AF83E92821} - C:\WINDOWS\system32\apiwk.dll
O2 - BHO: Class - {2A41F740-7FB9-5905-D33B-697ADFB0FBED} - C:\WINDOWS\apiki.dll
O2 - BHO: Class - {3592B2D9-6ECF-2944-7066-4AD1D7DD85E6} - C:\WINDOWS\system32\javakl32.dll
O2 - BHO: Class - {40967C3E-0316-B8F3-7AC2-AC680D6E22D9} - C:\WINDOWS\crxg.dll
O2 - BHO: Class - {541E7E38-5F4A-3154-E8F8-883F1958CD11} - C:\WINDOWS\javagp32.dll
O2 - BHO: Class - {54255AC2-2B7F-9119-713D-1BFBB01E8BCD} - C:\WINDOWS\netiq.dll
O2 - BHO: Class - {58F6CA3C-E588-9107-C2D3-E0FF3D0677E3} - C:\WINDOWS\crxb32.dll
O2 - BHO: Class - {6A75C515-CC5F-6696-8035-27DB2757E092} - C:\WINDOWS\winyq32.dll
O2 - BHO: Class - {8C440599-2784-D6EB-9909-BA800B9048EA} - C:\WINDOWS\system32\ipuu32.dll
O2 - BHO: Class - {8F0B1C15-BF6C-B094-50CF-6EAE89E3646E} - C:\WINDOWS\ielo32.dll
O2 - BHO: Class - {8F9B29EE-DA8A-0367-C3C3-3F542AF7BA94} - C:\WINDOWS\sysbd32.dll
O2 - BHO: Class - {9621C648-169F-874A-064C-ABE07A7D8515} - C:\WINDOWS\winyq32.dll
O2 - BHO: Class - {9DB19568-2B3F-C178-5B77-2E3940654587} - C:\WINDOWS\mfckg.dll
O2 - BHO: Class - {B88F1746-E10C-1C5A-7958-71C47B49917B} - C:\WINDOWS\appsp32.dll
O2 - BHO: Class - {C16D484E-CDBD-CAE0-C0C1-B89E40088482} - C:\WINDOWS\system32\d3xs32.dll
O2 - BHO: Class - {C5FF3936-BB85-1990-6EF1-FCC8C4F519B3} - C:\WINDOWS\system32\apivg32.dll
O2 - BHO: Class - {CFE89F1E-A19D-489A-F7BA-28801C2CC368} - C:\WINDOWS\netvg.dll
O2 - BHO: Class - {F5F0086E-C12D-DA23-939A-802FE220ADD3} - C:\WINDOWS\netqz.dll
O2 - BHO: Class - {FEC37FE7-FCAF-0C3B-CBFE-983F52ABE09F} - C:\WINDOWS\winyq32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [javale.exe] C:\WINDOWS\javale.exe
O4 - HKLM\..\Run: [javapv.exe] C:\WINDOWS\system32\javapv.exe
O4 - HKLM\..\Run: [d3it.exe] C:\WINDOWS\system32\d3it.exe
O4 - HKLM\..\Run: [crid32.exe] C:\WINDOWS\system32\crid32.exe
O4 - HKLM\..\Run: [winsl32.exe] C:\WINDOWS\system32\winsl32.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ievx32.exe] C:\WINDOWS\ievx32.exe
O4 - HKLM\..\Run: [winno32.exe] C:\WINDOWS\system32\winno32.exe
O4 - HKLM\..\Run: [sysjt.exe] C:\WINDOWS\sysjt.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [winmb32.exe] C:\WINDOWS\winmb32.exe
O4 - HKLM\..\Run: [crqh.exe] C:\WINDOWS\system32\crqh.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKLM\..\RunOnce: [javazk32.exe] C:\WINDOWS\javazk32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

I also have a panda scan log if that helps. PLEASE HELP!

[JSntgRvr]

Download CW-Shredder at the link below and but do not run it yet:

http://cwshredder.net/bin/CWShredder.exe

Download the following file to a folder in the computer:

http://www.derbilk.de/cms/_data/SpSeHjfix112.zip

Click a blank part of desktop & select new folder, call it spfix unzip the downloaded file SpSeHjfix110.zip into that folder

Disconnect from the Internet and Close ALL OPEN PROGRAMS.

Click on the 'Spfix' icon and run the 'SpSeHjfix'. Click on "Start Disinfection".

When it's finished it will reboot your machine to finish the cleaning process.

The tool creates a log of the fix which will appear in the folder.

If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage

Now run the Shredder - Hit The FIX button!

Reboot and post a fresh HJT log and the log that was created by 'Spfix'. Post also the Panda log.

[mnkyboi]

New HJT log

Logfile of HijackThis v1.99.1
Scan saved at 12:03:38 PM, on 11/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\wuauclt.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Jaymz\Desktop\CWShredder.exe
C:\Documents and Settings\Jaymz\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {40967C3E-0316-B8F3-7AC2-AC680D6E22D9} - C:\WINDOWS\crxg.dll
O2 - BHO: Class - {8F0B1C15-BF6C-B094-50CF-6EAE89E3646E} - C:\WINDOWS\ielo32.dll
O2 - BHO: Class - {C5FF3936-BB85-1990-6EF1-FCC8C4F519B3} - C:\WINDOWS\system32\apivg32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [javapv.exe] C:\WINDOWS\system32\javapv.exe
O4 - HKLM\..\Run: [crid32.exe] C:\WINDOWS\system32\crid32.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [winno32.exe] C:\WINDOWS\system32\winno32.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [winmb32.exe] C:\WINDOWS\winmb32.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe


spfix log

(11/10/05 11:52:36 AM) SPSeHjFix started v1.1.2
(11/10/05 11:52:36 AM) OS: WinXP (5.1.2600)
(11/10/05 11:52:36 AM) Language: english
(11/10/05 11:52:36 AM) Win-Path: C:\WINDOWS
(11/10/05 11:52:36 AM) System-Path: C:\WINDOWS\System32
(11/10/05 11:52:36 AM) Temp-Path: C:\DOCUME~1\Jaymz\LOCALS~1\Temp\
(11/10/05 11:52:43 AM) Disinfection started
(11/10/05 11:52:43 AM) Bad-Dll(IEP): c:\windows\uezuj.dll
(11/10/05 11:52:43 AM) UBF: 4 - UBB: 21 - UBR: 33
(11/10/05 11:52:43 AM) UBF: 4 - UBB: 21 - UBR: 33
(11/10/05 11:52:43 AM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\uezuj.dll/sp.html#93256
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: res://c:\windows\uezuj.dll/sp.html#93256
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\uezuj.dll/sp.html#93256
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: res://c:\windows\uezuj.dll/sp.html#93256
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL: res://c:\windows\uezuj.dll/sp.html#93256
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: res://c:\windows\uezuj.dll/sp.html#93256
(11/10/05 11:52:43 AM) Stealth-String not found
(11/10/05 11:52:43 AM) No locked Files to delete. End without Reboot
(11/10/05 11:53:02 AM) Disinfection started
(11/10/05 11:53:02 AM) Bad-Dll(IEP): c:\windows\uezuj.dll
(11/10/05 11:53:02 AM) UBF: 4 - UBB: 21 - UBR: 33
(11/10/05 11:53:02 AM) UBF: 4 - UBB: 21 - UBR: 33
(11/10/05 11:53:02 AM) Bad IE-pages: (none)
(11/10/05 11:53:02 AM) Stealth-String not found
(11/10/05 11:53:02 AM) No locked Files to delete. End without Reboot
(11/10/05 11:53:37 AM) Disinfection started
(11/10/05 11:53:37 AM) Bad-Dll(IEP): c:\windows\uezuj.dll
(11/10/05 11:53:37 AM) UBF: 4 - UBB: 21 - UBR: 33
(11/10/05 11:53:37 AM) UBF: 4 - UBB: 21 - UBR: 33
(11/10/05 11:53:37 AM) Bad IE-pages: (none)
(11/10/05 11:53:37 AM) Stealth-String not found
(11/10/05 11:53:37 AM) No locked Files to delete. End without Reboot
(11/10/05 11:53:47 AM) Disinfection started
(11/10/05 11:53:47 AM) Bad-Dll(IEP): c:\windows\uezuj.dll
(11/10/05 11:53:47 AM) UBF: 4 - UBB: 21 - UBR: 33
(11/10/05 11:53:47 AM) UBF: 4 - UBB: 21 - UBR: 33
(11/10/05 11:53:47 AM) Bad IE-pages: (none)
(11/10/05 11:53:47 AM) Stealth-String not found
(11/10/05 11:53:47 AM) No locked Files to delete. End without Reboot
(11/10/05 11:54:11 AM) Disinfection started
(11/10/05 11:54:11 AM) Bad-Dll(IEP): c:\windows\uezuj.dll
(11/10/05 11:54:11 AM) UBF: 4 - UBB: 21 - UBR: 33
(11/10/05 11:54:11 AM) UBF: 4 - UBB: 21 - UBR: 33
(11/10/05 11:54:11 AM) Bad IE-pages: (none)
(11/10/05 11:54:11 AM) Stealth-String not found
(11/10/05 11:54:11 AM) No locked Files to delete. End without Reboot
(11/10/05 11:54:12 AM) Disinfection started
(11/10/05 11:54:12 AM) Bad-Dll(IEP): c:\windows\uezuj.dll
(11/10/05 11:54:12 AM) UBF: 4 - UBB: 21 - UBR: 33
(11/10/05 11:54:12 AM) UBF: 4 - UBB: 21 - UBR: 33
(11/10/05 11:54:12 AM) Bad IE-pages: (none)
(11/10/05 11:54:12 AM) Stealth-String not found
(11/10/05 11:54:12 AM) No locked Files to delete. End without Reboot

[JSntgRvr]

Download the trial version of Ewido Security Suite:

http://www.ewido.net/en/download/

· Install Ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido.
· It will prompt you to update click the OK button and it will go to the main screen.
· On the left side of the main screen click update.
· Click on Start and let it update.
· DO NOT run a scan yet.

Restart your computer into Safe Mode.


Perform the following steps in Safe Mode:


Run Ewido:

Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.


Reboot.

Perform an ActiveScan:

http://www.pandasoftware.com/activescan/

Save the report to the desktop.

Post a new Hijack This log and the results of the Ewido and ActiveScan reports.