I temporarily disabled System Restore on my CPU. Here are my Hack This Log as well as Ewido Security Suite Scan Log.
Can anyone help??
Logfile of HijackThis v1.99.1
Scan saved at 9:42:36 PM, on 11/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\sesinetd.exe
C:\WINDOWS\system32\hserver.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HomepageBHO - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} - C:\WINDOWS\system32\hp5280.tmp (file missing)
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\System_Check\McAfee\McAfee AntiSpyware\MssCli.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Houdini License Server (HoudiniLicenseServer) - Side Effects Software Inc. - C:\WINDOWS\system32\sesinetd.exe
O23 - Service: Houdini License Client (HoudiniServer) - Side Effects Software Inc. - C:\WINDOWS\system32\hserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Unknown owner - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 8:16:54 PM, 11/14/2005
+ Report-Checksum: 7B4D0FEA
+ Scan result:
HKLM\SOFTWARE\Classes\.ResProtocol\Clsid\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{8992B6CA-B8C9-4AED-BF89-0A17F6296A06} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/QDow.dll\\.Owner -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/QDow.dll\\{26E8361F-BCE7-4F75-A347-98C88B418322} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/engine.txt\\.Owner -> Spyware.SearchSquire : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/engine.txt\\{907CA0E5-CE84-11D6-9508-02608CDD2846} -> Spyware.SearchSquire : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/engine2.txt\\.Owner -> Spyware.SearchSquire : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/engine2.txt\\{907CA0E5-CE84-11D6-9508-02608CDD2846} -> Spyware.SearchSquire : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/IEAccess2.dll\\.Owner -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/IEAccess2.dll\\{1D2DCA0D-B30F-40AD-9690-087105F214EC} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/partner.txt\\.Owner -> Spyware.SearchSquire : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/partner.txt\\{907CA0E5-CE84-11D6-9508-02608CDD2846} -> Spyware.SearchSquire : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/SearchSquire33.dll\\.Owner -> Spyware.SearchSquire : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/SearchSquire33.dll\\{907CA0E5-CE84-11D6-9508-02608CDD2846} -> Spyware.SearchSquire : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/SearchUpdate33.exe\\.Owner -> Spyware.SearchSquire : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/SearchUpdate33.exe\\{907CA0E5-CE84-11D6-9508-02608CDD2846} -> Spyware.SearchSquire : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/unSearch33.exe\\.Owner -> Spyware.SearchSquire : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/unSearch33.exe\\{907CA0E5-CE84-11D6-9508-02608CDD2846} -> Spyware.SearchSquire : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced -> Spyware.Downloadware : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Toolbar -> Spyware.WebSearch : Error during cleaning
HKU\S-1-5-21-329068152-492894223-725345543-1003\Software\DelFin -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-329068152-492894223-725345543-1003\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-329068152-492894223-725345543-1003\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-329068152-492894223-725345543-1003\Software\Classes\CLSID\\ -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-329068152-492894223-725345543-1003_Classes\CLSID\\ -> Spyware.AproposMedia : Error during cleaning
[528] C:\WINDOWS\system32\ld66D8.tmp -> TrojanDownloader.Zlob.az : Cleaned with backup
[2276] C:\WINDOWS\system32\hp4FDE.tmp -> Trojan.Small.fs : Cleaned with backup
C:\Program Files\backups\backup-20051110-214403-787.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\backups\backup-20051112-111711-349.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\backups\backup-20051113-105711-287.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\CxtPls -> Spyware.AproposMedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00702850.cab/WToolsA.exe -> Spyware.Wintools : Cleaned with backup
C:\WINDOWS\NDNuninstall4_80.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\1024\ld1524.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\1024\ld1582.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\1024\ld16CA.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\1024\ld1A06.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\1024\ld228E.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\1024\ld68BF.tmp -> TrojanDropper.Small.ahg : Cleaned with backup
C:\WINDOWS\system32\1024\ldA720.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\hp4FDE.tmp -> Trojan.Small.fs : Cleaned with backup
C:\WINDOWS\system32\hp6820.tmp -> Trojan.Small.fs : Cleaned with backup
C:\WINDOWS\system32\ld66D8.tmp -> TrojanDownloader.Zlob.az : Cleaned with backup
C:\WINDOWS\system32\mscornet.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\winservn.exe -> Spyware.PurityScan : Cleaned with backup
::Report End