So I have read through your forum and performed all the tasks ask of me before I post my logs.

I really appricate this help. Man this virus thingy is a real pain.

Here are my logs:

Logfile of HijackThis v1.99.1
Scan saved at 4:33:30 PM, on 3/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Sygate\SSA\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Omnipod\POD\omnipod.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jucheck.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [POD] C:\Program Files\Omnipod\POD\omnipod.exe /allusers
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Excite Community Tools Notifier] "C:\Program Files\Excite\PrvtMsgr\bin\x8SkPlay.exe" Notifier
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frodo
O15 - Trusted Zone: *.intranet
O15 - Trusted Zone: anaconda.macrovision.com
O15 - Trusted Zone: crmprod.macrovision.com
O15 - Trusted Zone: crmprodsc.macrovision.com
O15 - Trusted Zone: http://crmprodsc.macrovision.com
O15 - Trusted Zone: destrous.macrovision.com
O15 - Trusted Zone: duke.macrovision.com
O15 - Trusted Zone: frodo.macrovision.com
O15 - Trusted Zone: helpdesk.macrovision.com
O15 - Trusted Zone: intranet.macrovision.com
O15 - Trusted Zone: vpn.macrovision.com
O15 - Trusted Zone: http://*.macrovision.com
O15 - Trusted Zone: *.frodo (HKLM)
O15 - Trusted Zone: *.intranet (HKLM)
O15 - Trusted Zone: anaconda.macrovision.com (HKLM)
O15 - Trusted Zone: crmprod.macrovision.com (HKLM)
O15 - Trusted Zone: crmprodsc.macrovision.com (HKLM)
O15 - Trusted Zone: destrous.macrovision.com (HKLM)
O15 - Trusted Zone: duke.macrovision.com (HKLM)
O15 - Trusted Zone: frodo.macrovision.com (HKLM)
O15 - Trusted Zone: helpdesk.macrovision.com (HKLM)
O15 - Trusted Zone: intranet.macrovision.com (HKLM)
O15 - Trusted Zone: vpn.macrovision.com (HKLM)
O15 - Trusted Zone: http://*.macrovision.com (HKLM)
O16 - DPF: {0047388F-51E3-4F3C-B343-D4C2C6F47E72} (Pivotal eRelationship Active Access (Version 5.1) - Smart Portal (rdaprtl.dll)) - http://anaconda.macrovision.com/epower/cab/RDAPRTL.CAB
O16 - DPF: {00479453-31F5-4870-A0FD-BA078BFA789B} (Pivotal eRelationship Active Access (Version 5.1) - Resources (rdares.dll)) - http://destrosch.macrovision.com/epower/cab/RDARES.CAB
O16 - DPF: {00499C34-6952-45AD-9697-241B90292833} (Pivotal eRelationship Active Access (Version 5.1) - Stealth Report Interface (rdaRprt.dll)) - http://anaconda.macrovision.com/epower/cab/RDARPRT.CAB
O16 - DPF: {00A40008-7D21-4F26-A9D7-A2EFC3771C5F} (Pivotal eRelationship Active Access (Version 5.1) - Shared Object Library Interface (rdashare.dll)) - http://anaconda.macrovision.com/epower/cab/RDASHARE.CAB
O16 - DPF: {00FF182B-B4C8-4C76-812F-D24B9A11F242} (Pivotal eRelationship Active Access (Version 5.1) - Portal Control Proxy (rdaui.dll)) - http://anaconda.macrovision.com/epower/cab/RdaUI.cab
O16 - DPF: {28E4BE08-1C25-4CE4-A9AA-3495A9D08C8E} (Pivotal eRelationship Active Access (version 5.1) - Shortcut Handler (rshortcut.dll)) - http://anaconda.macrovision.com/epower/cab/RSHORTCUT.CAB
O16 - DPF: {3814B215-C77A-4EDB-BE3B-F6CB92DD33C5} (Pivotal ePower Lifecycle Engine (Version 5.1) - Instantiator (rdaobjcreate.dll)) - http://anaconda.macrovision.com/epower/cab/RdaObjCreate.cab
O16 - DPF: {A4BD9732-328D-11D4-BB89-00A0C9843488} (Pivotal ePower Lifecycle Engine (Version 5.1) - EMail Class (rn1sendx.dll)) - http://anaconda.macrovision.com/epower/cab/RN1SENDX.CAB
O16 - DPF: {AE4F48D0-6A0A-11D3-9FB0-005004A79108} (Pivotal eRelationship Active Access (Version 5.1) - Plug-in Result Return Collection (dfoutils.dll)) - http://anaconda.macrovision.com/epower/cab/DFOUTILS.CAB
O16 - DPF: {C45056F0-B4BC-4A65-85F0-2A131563795B} (Pivotal ePower Lifecycle Engine (Version 5.1) - Platform Access (rdaclnt.dll)) - http://anaconda.macrovision.com/epower/cab/RDACLNT.CAB
O16 - DPF: {CD883B96-F640-4B89-BA88-F6AE1E72B65B} (Pivotal eRelationship Active Access (Version 5.1) - Email Connector (rdaemail.dll)) - http://destrosch.macrovision.com/epower/cab/RDAEMAIL.CAB
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://vpn.installshield.com/dana-cached/s...uniperSetup.cab
O16 - DPF: {F0006AA7-D371-4315-888F-D143BD1DFA09} (Merant Collage PopupMenu Control) - http://schsqldev/servlet/lib/PopupMenu.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = macrovision.com
O17 - HKLM\Software\..\Telephony: DomainName = macrovision.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{72CADFE3-8D1E-4E26-8744-FA76722CCEB1}: NameServer = 172.17.1.34,172.17.1.34
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = macrovision.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = macrovision.com
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O21 - SSODL: XChwVP - {FCE45A0F-564E-F0A5-47CF-FE4EC8082FD9} - C:\WINDOWS\system32\upmo.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

Welcome to GTG.

Print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download smitRem at http://noahdfear.geekstogo.com/click%20cou.../click.php?id=1 and save the file to your desktop.

Download Ewido Security Suite at http://www.ewido.net/en/download/ and read the Ewido setup instructions at http://rstones12.geekstogo.com/ewidosetup.htm. Install it, and update the definitions to the newest files. Do NOT run a scan yet. NOTE: If you have Windows 9x/ME, you don't need to run Ewido (skip this step).

If you have not already installed Ad-Aware SE 1.06, follow the download and setup instructions at http://rstones12.geekstogo.com/adawareSE_setup.htm. Otherwise, check for updates. Don't run it yet!

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet.

Right click on this link and choose Save Target As. Save it to your desktop but don't run it yet.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Run the FixSF.reg file you saved earlier on your desktop and choose Yes to add it to the registry.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h
O21 - SSODL: XChwVP - {FCE45A0F-564E-F0A5-47CF-FE4EC8082FD9} - C:\WINDOWS\system32\upmo.dll

Delete these:

C:\WINDOWS\system32\kernels64.exe
C:\Windows\System32\dxmpp.dll
C:\Program Files\SpyFalcon\
C:\WINDOWS\system32\upmo.dll

Run the smitRem.exe tool you downloaded earlier. There should be a folder called smitrem created on your desktop. Open it and double click on the RunThis file. Follow the prompts on the screen. Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Post that log along with all others requested in your next reply.

Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:

* Click on scanner.
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with ewido it is finding cases of false positives.
* You will need to step through the process of cleaning files one-by-one.
* If Ewido detects a file you KNOW to be legitimate, select none as the action.
* Do NOT select 'Perform action on all infections'.
* If you are unsure of any entry found, select none for now.
* When the scan is finished, click the Save report button at the bottom of the screen.
* Save the report to your desktop.

Close Ewido.

Right click on your desktop and go to Properties. Then go to the Desktop tab and click on Customize Desktop. Go to the Web tab and delete everything there except My Current Home Page (which should be unchecked). Click OK.

Restart your computer to get back to Normal Mode..

Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoftware.com/products/activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.

Then post the Panda log here along with the logs for smitfiles.txt, Ewido and a new HijackThis log.

Wow, Once you get one of these things you have to jump through a lot of hoop. How do you guys figure out to beat these things? I really impressed.

Again, thank you so much for helping me out

Well, I did everything you said. Here are my logs:

smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Fri 03/03/2006
The current time is: 19:12:50.76

Running from
C:\Documents and Settings\RobEngland\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~

Security Toolbar


~~~ Shortcuts ~~~

Online Security Guide.url
Security Troubleshooting.url


~~~ Favorites ~~~

Antivirus Test Online.url


~~~ system32 folder ~~~

1024 dir
msvol.tlb
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
hp***.tmp


~~~ Icons in System32 ~~~

ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 544 'explorer.exe'
Killing PID 544 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN!



























Logfile of HijackThis v1.99.1
Scan saved at 7:03:45 PM, on 3/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [POD] C:\Program Files\Omnipod\POD\omnipod.exe /allusers
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Excite Community Tools Notifier] "C:\Program Files\Excite\PrvtMsgr\bin\x8SkPlay.exe" Notifier
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frodo
O15 - Trusted Zone: *.intranet
O15 - Trusted Zone: anaconda.macrovision.com
O15 - Trusted Zone: crmprod.macrovision.com
O15 - Trusted Zone: crmprodsc.macrovision.com
O15 - Trusted Zone: http://crmprodsc.macrovision.com
O15 - Trusted Zone: destrous.macrovision.com
O15 - Trusted Zone: duke.macrovision.com
O15 - Trusted Zone: frodo.macrovision.com
O15 - Trusted Zone: helpdesk.macrovision.com
O15 - Trusted Zone: intranet.macrovision.com
O15 - Trusted Zone: vpn.macrovision.com
O15 - Trusted Zone: http://*.macrovision.com
O15 - Trusted Zone: *.frodo (HKLM)
O15 - Trusted Zone: *.intranet (HKLM)
O15 - Trusted Zone: anaconda.macrovision.com (HKLM)
O15 - Trusted Zone: crmprod.macrovision.com (HKLM)
O15 - Trusted Zone: crmprodsc.macrovision.com (HKLM)
O15 - Trusted Zone: destrous.macrovision.com (HKLM)
O15 - Trusted Zone: duke.macrovision.com (HKLM)
O15 - Trusted Zone: frodo.macrovision.com (HKLM)
O15 - Trusted Zone: helpdesk.macrovision.com (HKLM)
O15 - Trusted Zone: intranet.macrovision.com (HKLM)
O15 - Trusted Zone: vpn.macrovision.com (HKLM)
O15 - Trusted Zone: http://*.macrovision.com (HKLM)
O16 - DPF: {0047388F-51E3-4F3C-B343-D4C2C6F47E72} (Pivotal eRelationship Active Access (Version 5.1) - Smart Portal (rdaprtl.dll)) - http://anaconda.macrovision.com/epower/cab/RDAPRTL.CAB
O16 - DPF: {00479453-31F5-4870-A0FD-BA078BFA789B} (Pivotal eRelationship Active Access (Version 5.1) - Resources (rdares.dll)) - http://destrosch.macrovision.com/epower/cab/RDARES.CAB
O16 - DPF: {00499C34-6952-45AD-9697-241B90292833} (Pivotal eRelationship Active Access (Version 5.1) - Stealth Report Interface (rdaRprt.dll)) - http://anaconda.macrovision.com/epower/cab/RDARPRT.CAB
O16 - DPF: {00A40008-7D21-4F26-A9D7-A2EFC3771C5F} (Pivotal eRelationship Active Access (Version 5.1) - Shared Object Library Interface (rdashare.dll)) - http://anaconda.macrovision.com/epower/cab/RDASHARE.CAB
O16 - DPF: {00FF182B-B4C8-4C76-812F-D24B9A11F242} (Pivotal eRelationship Active Access (Version 5.1) - Portal Control Proxy (rdaui.dll)) - http://anaconda.macrovision.com/epower/cab/RdaUI.cab
O16 - DPF: {28E4BE08-1C25-4CE4-A9AA-3495A9D08C8E} (Pivotal eRelationship Active Access (version 5.1) - Shortcut Handler (rshortcut.dll)) - http://anaconda.macrovision.com/epower/cab/RSHORTCUT.CAB
O16 - DPF: {3814B215-C77A-4EDB-BE3B-F6CB92DD33C5} (Pivotal ePower Lifecycle Engine (Version 5.1) - Instantiator (rdaobjcreate.dll)) - http://anaconda.macrovision.com/epower/cab/RdaObjCreate.cab
O16 - DPF: {A4BD9732-328D-11D4-BB89-00A0C9843488} (Pivotal ePower Lifecycle Engine (Version 5.1) - EMail Class (rn1sendx.dll)) - http://anaconda.macrovision.com/epower/cab/RN1SENDX.CAB
O16 - DPF: {AE4F48D0-6A0A-11D3-9FB0-005004A79108} (Pivotal eRelationship Active Access (Version 5.1) - Plug-in Result Return Collection (dfoutils.dll)) - http://anaconda.macrovision.com/epower/cab/DFOUTILS.CAB
O16 - DPF: {C45056F0-B4BC-4A65-85F0-2A131563795B} (Pivotal ePower Lifecycle Engine (Version 5.1) - Platform Access (rdaclnt.dll)) - http://anaconda.macrovision.com/epower/cab/RDACLNT.CAB
O16 - DPF: {CD883B96-F640-4B89-BA88-F6AE1E72B65B} (Pivotal eRelationship Active Access (Version 5.1) - Email Connector (rdaemail.dll)) - http://destrosch.macrovision.com/epower/cab/RDAEMAIL.CAB
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://vpn.installshield.com/dana-cached/s...uniperSetup.cab
O16 - DPF: {F0006AA7-D371-4315-888F-D143BD1DFA09} (Merant Collage PopupMenu Control) - http://schsqldev/servlet/lib/PopupMenu.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = macrovision.com
O17 - HKLM\Software\..\Telephony: DomainName = macrovision.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{72CADFE3-8D1E-4E26-8744-FA76722CCEB1}: NameServer = 172.17.1.34,172.17.1.34
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = macrovision.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = macrovision.com
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O21 - SSODL: XChwVP - {FCE45A0F-564E-F0A5-47CF-FE4EC8082FD9} - C:\WINDOWS\system32\upmo.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe












---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:55:58 PM, 3/3/2006
+ Report-Checksum: FA18226C

+ Scan result:

HKU\S-1-5-21-2051932309-1570835690-1803697834-6862\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Cleaned with backup
:mozilla.10:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.11:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.12:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.13:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.14:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.15:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.16:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.17:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.18:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.19:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.20:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.21:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.22:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.23:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.24:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.25:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.26:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.27:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.28:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.29:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.30:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.32:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.33:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.34:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.35:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.36:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.44:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.54:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.56:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.57:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.65:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.70:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.71:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.72:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.73:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.78:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.81:C:\homestuff\Documents and Settings\Rob\Application Data\Mozilla\Profiles\default\42tauifu.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@cratebarrel.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@e-2dj6wfk4uodzwdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@e-2dj6wfkiemd5sko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@e-2dj6wflikgajagp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@e-2dj6wgkogjazibp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@e-2dj6wgkowld5cho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@e-2dj6wjk4cmcpoaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@e-2dj6wjkyaoc5ico.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@e-2dj6wjkyghazgco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@e-2dj6wjkywjd5wko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@e-2dj6wjlicmdjkbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@e-2dj6wjliooc5kbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@e-2dj6wjmiemczkdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@e-2dj6wjmyamajmfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@e-2dj6wjnysnc5wap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@ehg-bcstore.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@ehg-cbs.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@jcrew.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@reciperewards.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@shopathomeselect[2].txt -> TrackingCookie.Shopathomeselect : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Cookies\rob@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Local Settings\Temp\ADMCache\adm5FE.tmp/asm.exe -> Adware.Altnet : Error during cleaning
C:\homestuff\Documents and Settings\Rob\Local Settings\Temp\Cookies\rob@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Local Settings\Temp\Cookies\rob@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Local Settings\Temp\Cookies\rob@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Local Settings\Temp\Cookies\rob@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Local Settings\Temp\Cookies\rob@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Local Settings\Temp\toolbar.dll -> Adware.WebSearch : Cleaned with backup
C:\homestuff\Documents and Settings\Rob\Local Settings\Temp\upd17.tmp/ME.dll -> Adware.MediaPops : Error during cleaning
C:\homestuff\Documents and Settings\Rob\Local Settings\Temp\__unin__.exe -> Adware.Altnet : Cleaned with backup
C:\homestuff\Program Files\Altnet\download manager\adm25.dll -> Adware.Altnet : Cleaned with backup
C:\homestuff\Program Files\Altnet\download manager\admdloader.dll -> Adware.Altnet : Cleaned with backup
C:\homestuff\Program Files\Altnet\download manager\admfdi.dll -> Adware.Altnet : Cleaned with backup
C:\homestuff\Program Files\Altnet\download manager\admprog.dll -> Adware.Altnet : Cleaned with backup
C:\homestuff\Program Files\Altnet\download manager\altnetuninstall.exe -> Adware.Altnet : Cleaned with backup
C:\homestuff\Program Files\Altnet\download manager\asm.exe -> Adware.Altnet : Cleaned with backup
C:\homestuff\Program Files\eZula\mmod.exe -> Adware.EZula : Cleaned with backup
C:\homestuff\Program Files\eZula\seng.dll -> Adware.EZula : Cleaned with backup
C:\homestuff\Program Files\KaZaA\PerfectNavUninstall.exe -> Downloader.Keenval.e : Cleaned with backup
C:\homestuff\Program Files\KaZaA\TopSearch.dll -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2296.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gdnUS2296.exe -> Downloader.Small.ayl : Cleaned with backup


::Report End






Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\RobEngland\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\RobEngland\Desktop\smitRem.exe[Process.exe]
Virus:W32/Mydoom.AO.worm Not disinfected Archive Folders\Inbox\Mail System Error - Returned Mail\macrovision.com.zip[macrovision.com]
Virus:Trj/Mitglieder.EV Not disinfected Archive Folders\Inbox\price.zip[price.cpl]
Virus:Trj/Mitglieder.EW Not disinfected Archive Folders\Inbox\price_new.zip[price_list.exe]
Adware:Adware/Lop Not disinfected C:\homestuff\desk top junk\new_uninstall.exe
Spyware:Cookie/Kazaa Networks Not disinfected C:\homestuff\Documents and Settings\Marcy\Cookies\marcy@desktop.kazaa[1].txt
Spyware:Cookie/go Not disinfected C:\homestuff\Documents and Settings\Marcy\Cookies\marcy@go[2].txt
Spyware:Cookie/888 Not disinfected C:\homestuff\Documents and Settings\Rob\Cookies\rob@888[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\homestuff\Documents and Settings\Rob\Cookies\rob@adopt.hbmediapro[2].txt
Spyware:Cookie/Ask Not disinfected C:\homestuff\Documents and Settings\Rob\Cookies\rob@ask[1].txt
Spyware:Cookie/Belnk Not disinfected C:\homestuff\Documents and Settings\Rob\Cookies\rob@ath.belnk[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\homestuff\Documents and Settings\Rob\Cookies\rob@azjmp[2].txt
Spyware:Cookie/Banner Not disinfected C:\homestuff\Documents and Settings\Rob\Cookies\rob@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\homestuff\Documents and Settings\Rob\Cookies\rob@belnk[2].txt
Spyware:Cookie/GoStats Not disinfected C:\homestuff\Documents and Settings\Rob\Cookies\rob@c3.gostats[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\homestuff\Documents and Settings\Rob\Cookies\rob@ccbill[2].txt
Spyware:Cookie/did-it Not disinfected C:\homestuff\Documents and Settings\Rob\Cookies\rob@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\homestuff\Documents and Settings\Rob\Cookies\rob@dist.belnk[2].txt
Spyware:Cookie/go Not disinfected C:\homestuff\Documents and Settings\Rob\Cookies\rob@go[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\homestuff\Documents and Settings\Rob\Cookies\rob@rn11[1].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\homestuff\Documents and Settings\Rob\Cookies\rob@spywarestormer[1].txt
Spyware:Cookie/Target Not disinfected C:\homestuff\Documents and Settings\Rob\Cookies\rob@target[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\homestuff\Documents and Settings\Rob\Cookies\rob@winfixer[2].txt
Spyware:Cookie/Xiti Not disinfected C:\homestuff\Documents and Settings\Rob\Cookies\rob@xiti[1].txt
Spyware:Spyware/Altnet Not disinfected C:\homestuff\Documents and Settings\Rob\Local Settings\Temp\ADMCache\adm5FE.tmp[asm.exe]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\homestuff\Documents and Settings\Rob\Local Settings\Temp\common.dll
Spyware:Cookie/Ask Not disinfected C:\homestuff\Documents and Settings\Rob\Local Settings\Temp\Cookies\rob@ask[1].txt
Spyware:Spyware/Overpro Not disinfected C:\homestuff\Documents and Settings\Rob\Local Settings\Temp\nsdtmp09.dll
Adware:Adware/Lop Not disinfected C:\homestuff\Documents and Settings\Rob\Local Settings\Temp\Rem234.exe
Adware:Adware/Lop Not disinfected C:\homestuff\Documents and Settings\Rob\Local Settings\Temp\Rem39C.exe
Adware:Adware/SearchExe Not disinfected C:\homestuff\Documents and Settings\Rob\Local Settings\Temp\se.exe
Adware:Adware/Look2Me Not disinfected C:\homestuff\Documents and Settings\Rob\Local Settings\Temp\upd124.exe
Adware:Adware/Lop Not disinfected C:\homestuff\dtj\desk top junk\new_uninstall.exe
Spyware:Spyware/Altnet Not disinfected C:\homestuff\Program Files\Altnet\download manager\adm.exe
Spyware:Spyware/Altnet Not disinfected C:\homestuff\Program Files\Altnet\download manager\adm4.dll
Spyware:Spyware/Altnet Not disinfected C:\homestuff\Program Files\Altnet\download manager\admdata.dll
Spyware:Spyware/Altnet Not disinfected C:\homestuff\Program Files\Altnet\Points Manager\Points Manager.exe
Adware:Adware/Lop Not disinfected C:\homestuff\Program Files\clockshimbib\Safe Corn.dll
Adware:Adware/eZula Not disinfected C:\homestuff\Program Files\eZula\eabh.dll
Potentially unwanted tool:Application/MyWay Not disinfected C:\homestuff\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
Spyware:Spyware/New.net Not disinfected C:\homestuff\Program Files\NewDotNet\uninstall4_88.exe
Virus:W32/Mydoom.AO.worm Not disinfected Archive Folders\Inbox\Mail System Error - Returned Mail\macrovision.com.zip[macrovision.com]
Virus:Trj/Mitglieder.EV Not disinfected Archive Folders\Inbox\price.zip[price.cpl]
Virus:Trj/Mitglieder.EW Not disinfected Archive Folders\Inbox\price_new.zip[price_list.exe]

Go into your email programs inbox and delete those files found aas viruses by Panda.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4

[-HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}]

Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

Fix these in HijackThis:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O21 - SSODL: XChwVP - {FCE45A0F-564E-F0A5-47CF-FE4EC8082FD9} - C:\WINDOWS\system32\upmo.dll

Uninstall eZula, New.net, Altnet and MyWay via the Add/Remove panel if found.

Delete these if found:

C:\homestuff\desk top junk\new_uninstall.exe
C:\homestuff\dtj\desk top junk\new_uninstall.exe
C:\homestuff\Program Files\Altnet\
C:\homestuff\Program Files\clockshimbib\
C:\homestuff\Program Files\eZula\
C:\homestuff\Program Files\MyWay\
C:\homestuff\Program Files\NewDotNet\
C:\WINDOWS\SYSTEM32\notifyf2.dll
C:\WINDOWS\system32\upmo.dll
C:\WINDOWS\system32\kernels64.exe

Delete everything inside these folders:

C:\homestuff\Documents and Settings\Rob\Cookies\
C:\homestuff\Documents and Settings\Rob\Local Settings\Temp\

Run CleanUp program again.

Restart and run a new Panda scan. Post the log here along with a new HijackThis log.

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.