...and here's the logs as of 4/25/05 11:30am seattle time...
win.ini, system.ini, Acticescan, and HJT
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
CMC=1
CMCDLLNAME=mapi.dll
CMCDLLNAME32=mapi32.dll
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo2
asx=MPEGVideo2
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo2
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo2
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo2
wm=MPEGVideo2
wma=MPEGVideo2
wmv=MPEGVideo2
wmx=MPEGVideo2
wvx=MPEGVideo2
wpl=MPEGVideo
[LILACports]
EPS_LPT1:=
EPS_LPT2:=
EPS_LPT3:=
******************
; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=dosapp.FON
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
******************
Incident Status Location
Virus:Trj/StartPage.NA Disinfected Operating system
Spyware:Spyware/Heterofind No disinfected C:\spe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\seksdialer.exe
Virus:Trj/StartPage.NA Disinfected Operating system
Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\toolbar.exe
Virus:Trj/Trexe.A Disinfected Operating system
Adware:Adware/Delta No disinfected Windows Registry
Virus:Bck/Dumador.O Disinfected Operating system
Adware:Adware/Hotoffers No disinfected C:\WINDOWS\System32\SEARCHDLL.DLL
Adware:Adware/Spywad No disinfected C:\WINDOWS\ms2.exe
Adware:Adware/BlueScreenWarningNo disinfected Windows Registry
Virus:Trj/Agent.OM Disinfected Personal Folders\Sent Items\geeks..smitfraud trojan \wp.zip[wp.exe]
Virus:Exploit/URLSpoof Disinfected C:\Documents and Settings\dane\Local Settings\Temporary Internet Files\Content.IE5\0P6705Q3\%68%70[1][Content]
Virus:Exploit/URLSpoof Disinfected C:\Documents and Settings\dane\Local Settings\Temporary Internet Files\Content.IE5\291YNE54\%68%70[1]
Virus:Trj/Dropper.GC Disinfected C:\Documents and Settings\dane\Local Settings\Temporary Internet Files\Content.IE5\58835LKX\winupdate45458101[1].exe
Virus:Exploit/LoadImage Disinfected C:\Documents and Settings\dane\Local Settings\Temporary Internet Files\Content.IE5\APTERAXK\sploit[1].anr
Virus:Exploit/LoadImage Disinfected C:\Documents and Settings\dane\Local Settings\Temporary Internet Files\Content.IE5\LDXVOUNT\555[1].ani
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\dane\Local Settings\Temporary Internet Files\Content.IE5\LDXVOUNT\mtrslib2[1].js
Virus:Trj/Relink.A Disinfected C:\Documents and Settings\dane\Local Settings\Temporary Internet Files\Content.IE5\LRQJ8OV6\dir31320646[1].htm
Virus:Exploit/LoadImage Disinfected C:\Documents and Settings\dane\Local Settings\Temporary Internet Files\Content.IE5\LRQJ8OV6\ifect[1].anr
Virus:Exploit/URLSpoof Disinfected C:\Documents and Settings\dane\Local Settings\Temporary Internet Files\Content.IE5\LX0J5IZ9\%68%70[1][Content]
Virus:Trj/Downloader.AME Disinfected C:\Documents and Settings\dane\Local Settings\Temporary Internet Files\Content.IE5\LX0J5IZ9\zaebalinah[1].exe
Adware:Adware/StartPage.ABA No disinfected C:\Documents and Settings\dane\Local Settings\Temporary Internet Files\Content.IE5\MLNGTG3M\up8[1].txt
Virus:Exploit/LoadImage Disinfected C:\Documents and Settings\dane\Local Settings\Temporary Internet Files\Content.IE5\UF67IV6Z\555[1].ani
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\dane\Local Settings\Temporary Internet Files\Content.IE5\UF67IV6Z\js[1].htm
Virus:Trj/Downloader.BOG Disinfected C:\Documents and Settings\dane\Local Settings\Temporary Internet Files\Content.IE5\W5CN870R\win32[1].exe
Virus:Trj/Dropper.GC Disinfected C:\Documents and Settings\dane\Local Settings\Temporary Internet Files\Content.IE5\ZAK3V5OT\winupdate50901410[1].exe
Adware:Adware/Wow No disinfected C:\Documents and Settings\patty\Local Settings\Temp\fdil.dat
Adware:Adware/SearchBar No disinfected C:\Documents and Settings\patty\Local Settings\Temp\WWWTBar.dll
Adware:Adware/CWS.Searchmeup No disinfected C:\new.exe
Virus:VBS/Inor.AF Renamed C:\ntdetect.hta
Virus:Trj/Multidropper.CX Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3C1A4E1D-B1B8-440F-B196-1FD98B.asq
Virus:Trj/Multidropper.CX Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\4C7957F6-D379-4AB2-B078-2A4161.asq
Virus:Trj/Multidropper.CX Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\A6862C20-1F1B-4B31-B067-AB0C58.asq
Virus:Trj/Multidropper.CX Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\E2B685F5-820A-41A5-9E2D-15D664.asq
Virus:Trj/Downloader.AMC Disinfected C:\RECYCLER\S-1-5-21-3133878665-3290079477-1788334251-1003\Dc42.exe
Virus:Trj/Downloader.AME Disinfected C:\RECYCLER\S-1-5-21-3133878665-3290079477-1788334251-1003\Dc43.exe
Virus:Trj/Multidropper.CX Disinfected C:\RECYCLER\xxx\Dc53\Dc51\S-1-5-21-3133878665-3290079477-1788334251-1003\Dc49\S-1-5-21-3133878665-3290079477-1788334251-1003\Dc21\Dc15.exe
Adware:Adware/StatBlaster No disinfected C:\RECYCLER\xxx\Dc53\Dc51\S-1-5-21-3133878665-3290079477-1788334251-1003\Dc49\S-1-5-21-3133878665-3290079477-1788334251-1003\Dc21\Dc21\UGG1Av6.exe
Spyware:Spyware/Heterofind No disinfected C:\spe\start.chm
Virus:Trj/StartPage.NA Disinfected C:\WINDOWS\bhoass.dll
Adware:Adware/StartPage.ABA No disinfected C:\WINDOWS\bhoassw.dll
Adware:Adware/Exex No disinfected C:\WINDOWS\jsconsole.dll
Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\ms1.exe
Adware:Adware/Spywad No disinfected C:\WINDOWS\ms2.exe
Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\ms3.exe
Virus:Trj/StartPage.JW Disinfected C:\WINDOWS\remove_me.dll
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\seksdialer.exe
Virus:Trj/Multidropper.CX Disinfected C:\WINDOWS\system32\notepad.com
Adware:Adware/GloboSearch No disinfected C:\WINDOWS\system32\popup_bl.dll
Virus:Trj/Downloader.BCK Disinfected C:\WINDOWS\system32\searchdll.dll
Adware:Adware/GloboSearch No disinfected C:\WINDOWS\system32\systr.OLD
Adware:Adware/SearchBar No disinfected C:\WINDOWS\system32\WWWTBar.dll
Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\tool.exe
Virus:Trj/Downloader.KC Disinfected C:\WINDOWS\toolbar.exe
Adware:Adware/SearchBar No disinfected C:\WINDOWS\WWWTBar.dll
Virus:Trj/Downloader.AMC Disinfected C:\WINDOWS\XPsys.exe
Virus:Trj/DialerDrop.A Disinfected C:\winhelp.chm
*************************
Logfile of HijackThis v1.99.1
Scan saved at 11:36:00 AM, on 4/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\dane\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://msn.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://msn.comO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Microsoft® JavaScript® Console - {F1C82202-A967-4244-A191-441F2D029901} - C:\WINDOWS\System32\comdlg32.ocx (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {F1C82202-A967-4244-A191-441F2D029901} - C:\WINDOWS\System32\comdlg32.ocx (HKCU)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O13 - WWW. Prefix: http://
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 -
http://surechat.com:...va/cfs31229.cabO16 - DPF: ConferenceRoom Java Client -
http://chat.privatef...000/java/cr.cabO16 - DPF: Yahoo! Chat -
http://us.chat1.yimg...t/c381/chat.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop...p/PCPitStop.CABO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....467&clcid=0x409O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) -
http://www.pcpitstop...cpConnCheck.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by24fd.bay24....es/MsnPUpld.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.c.../ymmapi_416.dllO16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
http://us.dl1.yimg.c...utocomplete.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://fdl.msn.com/p...t/msnchat45.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{6D6C6BBA-79AC-4A08-B60D-280829FFE112}: NameServer = 207.115.64.2,207.115.64.3
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Thanks again!!!.....you did remind me not to do any online banking etc., so i havn't yet used the pay system here...AND I KNOW THAT YOU'RE SAYING THAT I DON'T NEED TO DONATE ANYTHING..GOT THAT...but would still like to know shat sort of donation range has felt appropriate for you in the past...if you don't mind...joshua