Spybot & Ad-Aware got rid of 101 items, TrojanHorse and a-squared got rid of some more, NAV got rid of two viruses and more adware. Desktop shortcuts still unusable. Nothing shows in "All Programs". Nothing shows in Add/Remove programs. Can connect to internet but can't go anywhere.
I am REALLY annoyed at the people who write these things....
Please note that any fixes will have to be able to be downloaded then copied to CD, because the sick computer can't get online!
Here's the Hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 6:18:08 PM, on 5/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ojhny.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ojhny.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ojhny.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ojhny.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ojhny.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ojhny.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ojhny.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Class - {462ABAC7-66E3-5660-8CBA-66D2878BA39A} - C:\WINDOWS\system32\mfche.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [ntfc32.exe] C:\WINDOWS\ntfc32.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [winnr32.exe] C:\WINDOWS\system32\winnr32.exe
O4 - HKLM\..\Run: [apibv32.exe] C:\WINDOWS\apibv32.exe
O4 - HKLM\..\Run: [syswp32.exe] C:\WINDOWS\syswp32.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\dmgzzp.exe
O4 - HKLM\..\Run: [mfcay32.exe] C:\WINDOWS\system32\mfcay32.exe
O4 - HKLM\..\Run: [sdkvo32.exe] C:\WINDOWS\system32\sdkvo32.exe
O4 - HKLM\..\Run: [crpk32.exe] C:\WINDOWS\system32\crpk32.exe
O4 - HKLM\..\Run: [javavl.exe] C:\WINDOWS\system32\javavl.exe
O4 - HKLM\..\Run: [apiyu32.exe] C:\WINDOWS\system32\apiyu32.exe
O4 - HKLM\..\Run: [iecx.exe] C:\WINDOWS\iecx.exe
O4 - HKLM\..\Run: [atlbg32.exe] C:\WINDOWS\atlbg32.exe
O4 - HKLM\..\Run: [atlis32.exe] C:\WINDOWS\atlis32.exe
O4 - HKLM\..\Run: [apifj.exe] C:\WINDOWS\system32\apifj.exe
O4 - HKLM\..\Run: [addsd32.exe] C:\WINDOWS\system32\addsd32.exe
O4 - HKLM\..\Run: [mfcyn.exe] C:\WINDOWS\system32\mfcyn.exe
O4 - HKLM\..\Run: [atlyq.exe] C:\WINDOWS\atlyq.exe
O4 - HKLM\..\Run: [ipxj.exe] C:\WINDOWS\ipxj.exe
O4 - HKLM\..\Run: [ntpt.exe] C:\WINDOWS\system32\ntpt.exe
O4 - HKLM\..\Run: [mfctn32.exe] C:\WINDOWS\system32\mfctn32.exe
O4 - HKLM\..\Run: [nthj32.exe] C:\WINDOWS\nthj32.exe
O4 - HKLM\..\Run: [ntmn32.exe] C:\WINDOWS\system32\ntmn32.exe
O4 - HKLM\..\Run: [netbo.exe] C:\WINDOWS\system32\netbo.exe
O4 - HKLM\..\Run: [sysat32.exe] C:\WINDOWS\sysat32.exe
O4 - HKLM\..\Run: [mstt32.exe] C:\WINDOWS\system32\mstt32.exe
O4 - HKLM\..\Run: [iezf32.exe] C:\WINDOWS\iezf32.exe
O4 - HKLM\..\Run: [appls.exe] C:\WINDOWS\appls.exe
O4 - HKLM\..\Run: [sdkwh.exe] C:\WINDOWS\system32\sdkwh.exe
O4 - HKLM\..\Run: [sdkmu.exe] C:\WINDOWS\sdkmu.exe
O4 - HKLM\..\Run: [ntuh.exe] C:\WINDOWS\system32\ntuh.exe
O4 - HKLM\..\Run: [ipxz32.exe] C:\WINDOWS\system32\ipxz32.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: AutoTBar.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Microsoft AntiSpyware helper - {45504614-1DFC-45FF-8171-0BAFFDFC29F2} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {45504614-1DFC-45FF-8171-0BAFFDFC29F2} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Microsoft AntiSpyware helper - {45504614-1DFC-45FF-8171-0BAFFDFC29F2} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {45504614-1DFC-45FF-8171-0BAFFDFC29F2} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/ ... 1/chat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O21 - SSODL: HIDCBFED - {5905540B-6FD8-3704-0E34-4D3D224C0CCF} - C:\WINDOWS\System32\Oapiaqhh.dll (file missing)
O21 - SSODL: mtklef - {6E3C200D-8256-4559-9897-482BE9236A53} - C:\WINDOWS\System32\nxqd32.dll (file missing)
O21 - SSODL: mtkle - {C7A17401-AC3D-4873-B698-3306E31CDDDF} - C:\WINDOWS\System32\aarapo32.dll (file missing)
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\atlxp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe