Got tagged with this nasty virus or trojan cant even get online.
Please help!!!
Here is my logfile:
Logfile of HijackThis v1.99.1
Scan saved at 11:00:27 PM, on 3/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\csrss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\Explorer.EXE
C:\WINDOWS2\system32\LEXBCES.EXE
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\system32\LEXPPS.EXE
C:\WINDOWS2\cjlihkb.exe
C:\WINDOWS2\AGRSMMSG.exe
C:\WINDOWS2\System32\logon.exe
C:\WINDOWS2\System32\mswupdate32.exe
C:\WINDOWS2\System32\section.exe
C:\WINDOWS2\System32\winPE.exe
C:\WINDOWS2\cjlihkbA.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS2\SYSC00.exe
C:\sdkhj.exe
C:\WINDOWS2\System32\rundll32.exe
C:\windows2\system32\qldsregk.exe
C:\WINDOWS2\newfrn.exe
C:\mousepad1.exe
C:\WINDOWS2\System32\qjhyuadn.exe
C:\Program Files\Pjwfkq\Olgno.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\COMMON~1\wium\wiumm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS2\system32\twinmrag.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\FCAdvice\FCAdvice.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS2\nem220.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS2\DH.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS2\wsem303.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS2\System32\msdxm.ocx
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS2\System32\logon.exe
O4 - HKLM\..\Run: [microsft windows updates] mswupdate32.exe
O4 - HKLM\..\Run: [Windows System Section] section.exe
O4 - HKLM\..\Run: [ms ownage] winPE.exe
O4 - HKLM\..\Run: [cjlihkbA] C:\WINDOWS2\cjlihkbA.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS2\SYSC00.exe
O4 - HKLM\..\Run: [mdc] C:\sdkhj.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS2\System32\wintask.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [{91-19-9E-EF-ZN}] C:\windows2\system32\qldsregk.exe CORN001
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS2\newfrn.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [gimmysmileys] C:\\gimmysmileys1.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard1.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad1.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS2\system32\twinmrag.exe CORN001
O4 - HKLM\..\Run: [Microsoft ® Windows Binary Runtime Service] C:\WINDOWS2\System32\qjhyuadn.exe
O4 - HKLM\..\Run: [Ngvstl] C:\Program Files\Pjwfkq\Olgno.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\RunServices: [microsft windows updates] mswupdate32.exe
O4 - HKLM\..\RunServices: [Windows System Section] section.exe
O4 - HKLM\..\RunServices: [ms ownage] winPE.exe
O4 - HKCU\..\Run: [Windows System Section] section.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [wium] C:\PROGRA~1\COMMON~1\wium\wiumm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\regclean.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS2\system32\dwdsregt.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS2\system32\twinmrag.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS2\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS2\web\related.htm
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.shar...ver/Install.cab
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE77-288B1E346E99} - C:\Program Files\FCAdvice\FCAdvice.dll
O20 - AppInit_DLLs: repairs303169536.dll,Runner.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS2\system32\LEXBCES.EXE
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS2\cjlihkb.exe