Whew....sorry it took so long to reply. The scans ran for hours. Please find below the log from the latest HiJackThis run.
Logfile of HijackThis v1.99.1
Scan saved at 5:09:54 AM, on 4/7/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\mysql\bin\winmysqladmin.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\mysql\bin\mysqld-nt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Documents and Settings\Win xp\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.equibase.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Citianywhere\CA\IPInsight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Citianywhere\CA\IPInsight\IPMon32.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.equibase.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.co...etup1.0.0.8.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcaf...84/mcinsctl.cabO16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} -
http://mediaplayer.w...ler/install.cabO16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) -
http://housecall65.t...ivex/hcImpl.cabO16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) -
http://www.iwin.com/...bugs/axhost.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.mcaf...,21/mcgdmgr.cabO16 - DPF: {C32F59BF-180B-416A-ABF7-161060990A88} -
http://download.veri...pdate_1-0-0.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.game...aploader_v6.cabO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Visual Studio Analyzer RPC bridge - Unknown owner - C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe (file missing)
-------------------------------- Kaspersky Report Next ----------------------------------------------------------
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, April 07, 2006 4:59:20 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 7/04/2006
Kaspersky Anti-Virus database records: 186644
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Z:\
Scan Statistics:
Total number of scanned objects: 143883
Number of viruses found: 5
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 03:00:22
Infected Object Name / Virus Name / Last Action
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1314\A0168130.exe Infected: Trojan-Downloader.Win32.Zlob.jx skipped
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1319\A0169714.tlb Infected: Trojan-Downloader.Win32.Zlob.js skipped
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1319\A0169715.exe Infected: Backdoor.Win32.Delf.agh skipped
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1319\A0169716.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1319\A0169717.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1319\A0169718.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1319\A0169719.exe Infected: not-a-virus:AdWare.Win32.Trymedia.a skipped
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1319\A0169720.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
Scan process completed.
---------------------------------------- Next is the Ewido Report ---------------------------------------------------
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 10:04:12 PM, 4/6/2006
+ Report-Checksum: D7453342
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup
HKLM\SOFTWARE\Microsoft\VisualStudio\Analyzer\Events\{6C736D71-BCBF-11D0-8A23-00AA00B58E10} -> Adware.CoolWebSearch : Cleaned with backup
C:\WINDOWS\system32\interf.tlb -> Trojan.Small : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\installer_MARKETING61.exe -> Downloader.Adload.a : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\[bleep]snow.exe -> Backdoor.Delf.adj : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win xp@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win xp@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win
[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win xp@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win xp@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win xp@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win xp@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win xp@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win
[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win xp@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win xp@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win
[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win xp@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win xp@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win xp@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win
[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win xp@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win xp@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win xp@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win xp@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win
[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win xp@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win
[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Win xp\Cookies\win xp@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1313\A0168020.tlb -> Downloader.Zlob.js : Cleaned with backup
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1313\A0168034.tlb -> Downloader.Zlob.js : Cleaned with backup
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1313\A0168107.tlb -> Downloader.Zlob.js : Cleaned with backup
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1314\A0168122.tlb -> Downloader.Zlob.js : Cleaned with backup
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1314\A0168123.dll -> Downloader.Zlob.jx : Cleaned with backup
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1314\A0169138.tlb -> Downloader.Zlob.js : Cleaned with backup
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1314\A0169150.tlb -> Downloader.Zlob.js : Cleaned with backup
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1314\A0169198.tlb -> Downloader.Zlob.js : Cleaned with backup
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1314\A0169312.tlb -> Downloader.Zlob.js : Cleaned with backup
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1314\A0169330.tlb -> Downloader.Zlob.js : Cleaned with backup
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1314\A0169347.tlb -> Downloader.Zlob.js : Cleaned with backup
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1314\A0169428.tlb -> Downloader.Zlob.js : Cleaned with backup
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1314\A0169443.tlb -> Downloader.Zlob.js : Cleaned with backup
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1315\A0169458.tlb -> Downloader.Zlob.js : Cleaned with backup
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1316\A0169495.tlb -> Downloader.Zlob.js : Cleaned with backup
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1317\A0169528.tlb -> Downloader.Zlob.js : Cleaned with backup
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1318\A0169568.tlb -> Downloader.Zlob.js : Cleaned with backup
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1318\A0169587.exe -> Downloader.Zlob.is : Cleaned with backup
C:\System Volume Information\_restore{C5182735-73DB-4050-A3B7-9857F78264B7}\RP1318\A0169589.exe -> Downloader.Zlob.js : Cleaned with backup
C:\Recycled\Dc2.exe -> Backdoor.Delf.adj : Cleaned with backup
C:\Downloads\MahJongSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Downloads\WheelOfFortuneSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Downloads\JEOPARDYSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Downloads\OregonTrail-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Downloads\TyperSharkSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
F:\Racing\CharlesTown\2005\Charts\20050513.txt -> Worm.Simpsalapim.j : Cleaned with backup
::Report End
-----------------------------------------------------------------------------------------------------------------------------
Thank you once again for hanging in there and for all your assistance.
Sincerely, Vpsolis