Heres my Hijack this log and others

Re: my hijack this log.

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments. You also should be telling us what problems you are having but I can see a whole bunch of them (multiple trojans, Look2Me infection, bad service, home page hijack).

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

.

 

Okay! Part of the reason your logs are so large is because there is a load of garbage in your D:\Program Files\Norton AntiVirus\Quarantine and also in the NProtect bin (Norton is protect your recycle bin too). Let's first take care of all of this junk.

Locate the option in your Norton Antivirus to empty the Quarantine folder and empty everything in it.

Now delete all files in this Temp folder:
C:\Documents and Settings\travis1\Local Settings\Temp

Now empty your TIF (Temporary Internet Files):

Now we need to Reset Web Settings:

• In Internet Explorer click Tools, Internet Options, then click the General tab. Now Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now empty your Recycle Bin.

Now Empty the Norton N-protect folder. Here is how you do that: Emptying the Norton Protected Recycle Bin

 

After completing the steps in my previous message, continue with the below.

Did you install Quicktime like this to your root folder? It is never a good idea to do something like this. You should always install porgrams to their recommended default folder names to avoid having things be suspected as malware. The way this appears, I would not know if it is malware or not.
D:\qttask.exe

Did you install Windows Media Player improperly or is the below malware as point out by Panda:
Virus:W32/WinName.D.worm Disinfected C:\Program Files\wmplayer\p.zip[music.exe]
Virus:W32/WinName.D.worm Disinfected C:\Program Files\wmplayer\v.tmp
Virus:W32/WinName.D.worm Disinfected C:\Program Files\wmplayer\wmplayer.exe


The same applies to how you installed Global PC Booster. Executables should be in their own subfolder of C:\Program Files not in C:\Program Files
D:\Program Files\pcbooster.exe

Same applies to MS Antispyware which you have:
D:\Program Files\gcasServ.exe

Are the above steps mandatory....no! But it is a much better practice especially with all the malware floating around. They all would be suspected to possibly be malware posing as the real programs.

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban.exe
O20 - Winlogon Notify: WindowsUpdate - C:\WINNT\system32\wz2_32.dll

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:

C:\Documents and Settings\travis1\Desktop\Cheap Holiday Travel.url
C:\Documents and Settings\travis1\Desktop\Remove Spyware.url
C:\PROGRAM FILES\COMMON FILES\InetGet <-- the whole folder
C:\Program Files\Network Monitor <-- the whole folder
C:\WINNT\ahadp.exe
C:\WINNT\kwv2.dat
C:\windows\winsysupd.exe
C:\windows\winsysban.exe
C:\WINNT\inf\bi419.inf
C:\WINNT\inf\biini.inf
C:\WINNT\inf\polall1r.inf
C:\WINNT\system32\0waop2rk.dll
C:\WINNT\system32\dKtaclen.dll
C:\WINNT\system32\ezPopStub.exe
C:\WINNT\system32\vgdex.dll
C:\WINNT\SYSTEM32\exclean.exe
C:\WINNT\system32\wz2_32.dll

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode. And do another PandaActiveScan and attach the new log.

Also attach a new HJT log.

Make sure you tell us how things are working.

Reminder Note: Once we have determine you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Your popups are being caused by a Look 2 Me infection.

Please download Spy Sweeper

• Click the link above to download the program.
• Install it. Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, click Options on the left side.
• Click the Sweep Options tab.
• Under What to Sweep please put a check next to the following:
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
• Click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into notepad and save it as spysweeper.txt and attach it to your post along

Now also get a new PandaScan log and a new HJT log and attach them.

 

Please download and run CWShredder Make sure you select Fix.

Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now use Windows Explorer to delete the below folder:
C:\PROGRAM FILES\COMMON FILES\Windows

Additional step to delete turbo.inf:

- Click Start, Run, and enter cmd in the box and click OK. This opens a commend prompt windows.
- Enter the following command lines each followed by the enter key
cd C:\WINNT\Downloaded Program Files\
attrib -r -h -s turbo.inf
del turbo.inf
exit

Now reboot and post a new Panda log.

Make sure you tell me how things are working now.

 

Download and run: W2KFix then see if you can run that procedure. If not, you could be missing some system files. Notably cmd.exe which should be in c:\winnt\system32

Another approach that may work if the file is not hidden or protected:

Click Start, Run, and enter del C:\WINNT\Downloaded Program Files\turbo.inf in the box and click OK.