Yes, I did download and run Cleanup.
I ran Activescan and below is what it found. It says it found 47 infections. The other online scan TrendMicro's HouseCall would not download or run.
Incident Status Location
Adware:Adware/SaveNow No disinfected Windows Registry
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\System32\cache32_rtneg?
Adware:Adware/BHO No disinfected Windows Registry
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\bsx32
Adware:Adware/Apropos No disinfected C:\Program Files\cxtpls
Adware:Adware/NavHelper No disinfected C:\Program Files\Ares
Adware:Adware/DealHelper No disinfected Windows Registry
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:Adware/WildTangent No disinfected C:\WINDOWS\wt
Adware:Adware/WUpd No disinfected C:\Program Files\DeskAd Service
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Burrell IV\Favorites\Finances & Business
Adware:Adware/Beginto No disinfected Windows Registry
Adware:Adware/ClockSync No disinfected C:\Program Files\ClockSync
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Burrell IV\Application Data\sskknwrd.dll
Adware:Adware/SearchRelevancy No disinfected Windows Registry
Adware:Adware/Adtomi No disinfected C:\found.001\dir0000.chk\A0009985.exe
Adware:Adware/Adtomi No disinfected C:\found.001\dir0000.chk\A0009986.sys
Adware:Adware/Adtomi No disinfected C:\found.001\dir0000.chk\A0009987.sys
Adware:Adware/Adtomi No disinfected C:\found.001\dir0000.chk\A0009988.exe
Adware:Adware/nCase No disinfected C:\Program Files\180searchassistant\180searchassistant.exe
Adware:Adware/Minibug No disinfected C:\Program Files\AIM\Sysfiles\WxBug.EXE
Adware:Adware/MyWay No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\42978068.asw
Adware:Adware/MyWay No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\42978068.asw[mySetp.exe]
Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\42978545.asw
Adware:Adware/SAHAgent No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\87735151.asw
Adware:Adware/SAHAgent No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\87736871.asw
Adware:Adware/SAHAgent No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\87740932.asw
Adware:Adware/SAHAgent No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\87742812.asw
Spyware:Spyware/Altnet No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\87844683.asw
Adware:Adware/WUpd No disinfected C:\Program Files\DeskAd Service\DeskAdComm.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\abasa5jrp.ini
Adware:Adware/Apropos No disinfected C:\WINDOWS\system32\cxtpls_loader.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\hochkaod3.ini
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\u6f6uftuc.ini
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\xmlparse.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\xmltok.dll
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\DrTemp\farmmext.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\DrTemp\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\DrTemp\farmmext.ini
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI1995.tmp\farmmext.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI1995.tmp\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI1995.tmp\farmmext.ini
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI45B7.tmp\farmmext.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI45B7.tmp\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI45B7.tmp\farmmext.ini
Adware:Adware/Transponder No disinfected C:\WINDOWS\Temp\THICDE.tmp\dlmax.dll
Adware:Adware/Transponder No disinfected C:\WINDOWS\Temp\THICDE.tmp\dlmax.inf
I ran spybot again and callinghome.biz still exist. The 2 files hidden in the registry are HKEY_USERS\S-1-5-18\Software\DLMAX and
HKEY_USERS\DEFAULT\Software\DLMAX
Below is a fresh HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 8:12:29 PM, on 4/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\110288~1\EE\AOLHOS~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\PROGRA~1\COMMON~1\AOL\110288~1\EE\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://home.bellsout...ge=hb/index.htmR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://home.bellsouth.net/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102883278\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Concur Expense Applets -
https://etravel.usps...ets/cnqr_ie.cabO16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) -
http://www.streamaud...d/ccpm_0237.cabO16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) -
http://ppupdates.ca....r/axscanner.cabO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
http://aolcc.aol.com...kup/qdiagcc.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://bin.mcafee.co...84/mcinsctl.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1095565157140O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) -
http://www.ofoto.com..._1/axofupld.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://bin.mcafee.co...,21/mcgdmgr.cabO16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) -
http://grsbncswea1/R...tivexviewer.cabO16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} (Personal System Administrator Control) -
http://206.65.172.23...ll/gtdowngc.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{A7314BA0-21BA-41E0-819E-C00260E29C93}: NameServer = 205.152.37.23,205.152.132.23
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = usps.gov
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = usps.gov
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = usps.gov
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe