Panda Report:
Incident Status Location
Adware:adware/look2me Not disinfected c:\windows\system\UpdInstall.exe
Adware:adware/addestroyer Not disinfected c:\windows\system\SWRT01.dll
Adware:adware/virtualbouncer Not disinfected c:\windows\system\INNERVBINSTALL.LOG
Spyware:spyware/betterinet Not disinfected c:\windows\inf\BIINI.INF
Potentially unwanted tool:application/winfixer2005 Not disinfected c:\program files\common files\WinSoftware
Adware:adware/ncase Not disinfected c:\program files\nCase
Adware:adware/sidesearch Not disinfected c:\program files\Lycos
Adware:Adware/Gator Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1014.dll
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\Downloaded Program Files\flash.inf
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\computer13@go[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/GoStats Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\computer13@belnk[2].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\computer13@com[2].txt
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\Cookies\computer13@atwola[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\WINDOWS\Cookies\computer13@rightmedia[1].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\[email protected][3].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\computer13@go[1].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Xmts Not disinfected C:\WINDOWS\Cookies\computer13@xmts[1].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\computer13@belnk[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\computer13@burstnet[2].txt
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\Cookies\computer13@atwola[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\WINDOWS\Cookies\computer13@cgi-bin[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\SYSTEM\xmltok.dll
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\INF\BIB.INF
Adware:Adware/VirtualBouncer Not disinfected C:\WINDOWS\spywarelabs.exe
---------------------------------------------------------------------------------
HiJack This Log:
Logfile of HijackThis v1.99.1
Scan saved at 5:07:03 PM, on 10/16/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\HPBPRO.EXE
C:\WINDOWS\SYSTEM\HPBOID.EXE
C:\PROGRAM FILES\DANTZ\RETROSPECT\RETRORUN.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\HPNRA.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\PROLIFIC\ONE BUTTON\ONEBTN.EXE
C:\WINDOWS\START MENU\PROGRAMS\STARTUP\MSOFFICE.EXE
C:\PROGRAM FILES\COMMON FILES\INTUIT\QUICKBOOKS\QBUPDATE\QBUPDATE.EXE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tvguys.com/
F1 - win.ini: run=HPFsched
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~2\INKWATCH.EXE
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\SYSTEM\hpnra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Prolific_OneButton] C:\Program Files\Prolific\One Button\OneBtn.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [HP Port Resolver] C:\WINDOWS\SYSTEM\hpbpro.exe
O4 - HKLM\..\RunServices: [HP Status Server] C:\WINDOWS\SYSTEM\hpboid.exe
O4 - HKLM\..\RunServices: [Retrospect Launcher] C:\PROGRAM FILES\DANTZ\RETROSPECT\RETRORUN.EXE
O4 - Startup: MSOFFICE.EXE
O4 - Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtange...gent/wtinst.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181...s/ccpm_0237.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.righ...l/java/RntX.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.samsphoto...add/XUpload.ocx
O16 - DPF: {A45B1DCB-C0D5-11D6-8ED5-0001023D1A2A} (VirtualTerminalCom1.UserControl1) - https://merchantacco...erminalCom1.cab
O16 - DPF: {E4213CED-C99C-11D6-8ED5-0001023D1A2A} (VirtualTerminalCom2.UserControl1) - https://merchantacco...erminalCom2.cab
O16 - DPF: {140F03AE-0588-11D4-BD45-0050048A82BF} (eShare Web Collaboration Class) - http://63.166.193.10...ects/emagic.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.ritzpix.c...ploadClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://24.221.223.12...sCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = swbell.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.164.1.8,151.164.1.7
-----------------------------------------------------------------
Again, thank you for you help!
Regards, StarCMC