I've been trying to clean a friend's computer, without a lot of luck. Please help.
Logfile of HijackThis v1.99.1
Scan saved at 9:21:57 AM, on 3/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ipujt\Jyacngh.exe
C:\Program Files\Raajrtc\Xramr.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\system32\winupdt.exe
C:\Program Files\m0o8dsgj\m0o8dsgj.exe
C:\windows\system32\msnavc32.exe
C:\WINDOWS\msexploren.exe
C:\WINDOWS\system32\dx3beros.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system\gufkdxub.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sysmonnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\windaek32.exe
C:\WINDOWS\system32\rcpptext.exe
C:\WINDOWS\system32\sca2cenu.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.42.87.219/sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.42.87.219/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll
O2 - BHO: (no name) - {075C7F25-A32C-4B58-B523-16E26EAA9BD6} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {14313491-179E-4D53-BCAB-9254A61B6DA6} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {2C0506B8-345E-4FFB-9233-2D8188B8A14D} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {2C255940-0152-4EBA-901B-72CBD41F6451} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {3FED5ACE-5DD2-4F15-95BC-45B808D77CE2} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: MSW.cIExplorer - {4B57B77A-B130-4EB8-8CFB-42B880F6D311} - C:\Documents and Settings\All Users\Application Data\msw\MSW.dll
O2 - BHO: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINDOWS\DOWNLO~1\search3.dll
O2 - BHO: (no name) - {51CFB6EF-9DAB-4E82-9CB2-60B06228494D} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5794E4D2-3A7C-4024-9677-6E843E0C7F2A} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {5FEE1DD8-6B88-4C52-93E8-984B6F858822} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {60B5A625-FF9D-4DB1-A291-DC367AC890B5} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {6460B876-0F6B-47C2-9A98-ECB87776928F} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {7BB4AD32-2E12-4B38-BAB3-4326E4E67A25} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {9868DFEE-530E-4646-AC16-F9C420647A12} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {9ACF7BC0-F838-4E3E-BE40-41610B99E1C2} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {9B54589D-E74D-4E4C-9C3B-030D8A76E9E3} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {9F1F1755-8FFE-42A2-B43B-5AF09D92AEA5} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {A0B92F24-C92C-4CCD-B762-C6F0F53A515C} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {D703AA50-42D9-441A-9C32-49A543F7D11B} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {E1693175-A166-4DF6-AF2C-ECB91F068EB4} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: SDWin32 Class - {EAE3E1CD-0711-4840-9BC1-7555FD700EBE} - C:\WINDOWS\system32\vxuxc.dll
O2 - BHO: (no name) - {F89E87D3-CC14-4853-8C48-D4D5EEFF7031} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O3 - Toolbar: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINDOWS\DOWNLO~1\search3.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [Vlfpl] C:\Program Files\Ipujt\Jyacngh.exe
O4 - HKLM\..\Run: [Bkbstvya] C:\Program Files\Raajrtc\Xramr.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\system32\winupdt.exe
O4 - HKLM\..\Run: [arrsaa] c:\windows\system32\arrsaa.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [antiware] C:\windows\system32\eliteowt32.exe
O4 - HKLM\..\Run: [vxuxcc] C:\WINDOWS\system32\vxuxcc.exe
O4 - HKLM\..\Run: [m0o8dsgj] C:\Program Files\m0o8dsgj\m0o8dsgj.exe
O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
O4 - HKLM\..\Run: [WinAmpAgent] C:\WINDOWS\msexploren.exe /i
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\system32\sysmonnt
O4 - HKCU\..\Run: [LBtnROitO] rcpptext.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupd...ll/aun_0008.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe