so far, i have:
-aurora popping up
-an elitebar i can't fully get rid of
-searchmiracle placing links in random text
-a search bar that appears on the left-hand side (with related sites for viagra and [bleep])
-this weird file akazmz that recently started running that won't close
-and this one file that keeps changing it's name every time I try to close it or delete it. It's current name is: cipvgc
Your help is greatly appreciated!
Here's my log from HJT:
Logfile of HijackThis v1.99.1
Scan saved at 11:18:57 AM, on 5/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\akazmz.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\cipvgc.exe
C:\Documents and Settings\Kendra.INSPIRON\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Norton Personal Firewall] lah.exe
O4 - HKLM\..\Run: [AdStatus Service] C:\Program Files\AdStatus Service\AdStatServ.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
O4 - HKLM\..\Run: [ibcdap] C:\WINDOWS\ibcdap.exe
O4 - HKLM\..\Run: [motoin] C:\WINDOWS\mm15201518.Stub.exe
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\WINDOWS\TEMP\cxtpls_loader.exe" /PC=CP.IST /ForSupportedBrowsers /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\DOCUME~1\KENDRA~1.INS\LOCALS~1\Temp\~compoundinst0\auto_update_loader.exe" /PC=CP.IST /ForSupportedBrowsers /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [zjemwy] c:\windows\system32\zjemwy.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [qq3j36h] mimjet32.exe
O4 - HKLM\..\Run: [System] mah.exe
O4 - HKLM\..\Run: [Windows Support Center] msmsgr.exe
O4 - HKLM\..\Run: [Windows Media Player 3.6d] wmpa36d.exe
O4 - HKLM\..\Run: [Windows Userinit Check] C:\WINDOWS\System32\nwst.exe C:\WINDOWS\System32\chkinst.exe
O4 - HKLM\..\Run: [Task Man] C:\WINDOWS\system32\rpcxpd.exe
O4 - HKLM\..\Run: [Windows Media Player 3.6e] wmpa36e.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteirk32.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\akazmz.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [eshijn] c:\windows\system32\cipvgc.exe
O4 - HKLM\..\RunServices: [Norton Personal Firewall] lah.exe
O4 - HKLM\..\RunServices: [svhost.exe] svhost.exe
O4 - HKLM\..\RunServices: [System] mah.exe
O4 - HKLM\..\RunServices: [Windows Support Center] msmsgr.exe
O4 - HKLM\..\RunServices: [Windows Media Player 3.6d] wmpa36d.exe
O4 - HKLM\..\RunServices: [Windows Media Player 3.6e] wmpa36e.exe
O4 - HKLM\..\RunOnce: [bqntboq.exe] C:\WINDOWS\System32\bqntboq.exe /k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Norton Personal Firewall] lah.exe
O4 - HKCU\..\Run: [b9stRWNnT] mdwgnt.exe
O4 - HKCU\..\Run: [System] mah.exe
O4 - HKCU\..\Run: [Windows Support Center] msmsgr.exe
O4 - HKCU\..\Run: [msvtri] C:\WINDOWS\System32\msvtri.exe
O4 - HKCU\..\RunServices: [Windows Support Center] msmsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://reports.ha.uc...tivexviewer.cab
O23 - Service: Remote Procedure Call (RPC) Extensions (RpcxSs) - Unknown owner - C:\WINDOWS\system32\rpcxss.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: UserCheck - Unknown owner - C:\WINDOWS\system32\usrchk.exe (file missing)
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)