Sorry
I sent as attachment last time. here it is for sure.
also log of virus scan.
Logfile of HijackThis v1.99.1
Scan saved at 1:56:39 PM, on 4/22/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\AntiViral Toolkit Pro\avpcc.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\Program Files\AntiViral Toolkit Pro\avpcc.exe
D:\WINNT\system32\cdplayer.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\AntiViral Toolkit Pro\avpm.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\WINNT\system32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\HjT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://cgi1.ebay.com...geName=MerchMaxR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://cgi1.ebay.com...geName=MerchMaxO1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CreateCD50] D:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVPCC] D:\Program Files\AntiViral Toolkit Pro\avpcc.exe /wait
O4 - HKLM\..\Run: [DeluxeCD] D:\WINNT\system32\cdplayer.exe -tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: AVP Monitor.lnk = D:\Program Files\AntiViral Toolkit Pro\avpm.exe
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....738&clcid=0x409O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
http://www.bitdefend...bitdefender.cabO23 - Service: AVP Control Centre (AVPCC) - Kaspersky Labs. - D:\Program Files\AntiViral Toolkit Pro\avpcc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
virus scan log
KAV Scan 04/20/2005 01:40:14 PM
Master Boot Record of HDD1 Entry #2 I/O error.
Master Boot Record of HDD1 Entry #2 I/O error.
C:\kaza folder\PowerDVD XP 4.0 Deluxe_swe.exe ZIP: unknown format.
C:\Downloads\3Com\3c905c-txm Hp 6470Z\3c90x1.exe LHA: unknown format.
C:\Downloads\3Com\3c905c-txm Hp 6470Z\3c90x1.exe LHA: unknown format.
D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UPHEBALW\Antibagle-de-Z[1].exe corrupted.
D:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{01A4086A-F087-4C4C-8CE9-2556A0911A28}\Microsoft\Outlook Express\Deleted Items.dbx/[From
[email protected],][Date Mon, 31 Jan 2005 18:27:51 +0300]/html detected: Trojan-Spy.HTML.Smitfraud.c
D:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{01A4086A-F087-4C4C-8CE9-2556A0911A28}\Microsoft\Outlook Express\Deleted Items.dbx/[From
[email protected],][Date Mon, 31 Jan 2005 18:27:51 +0300]/html disinfection failed: Trojan-Spy.HTML.Smitfraud.c
D:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{01A4086A-F087-4C4C-8CE9-2556A0911A28}\Microsoft\Outlook Express\Deleted Items.dbx disinfection failed: Trojan-Spy.HTML.Smitfraud.c
D:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{01A4086A-F087-4C4C-8CE9-2556A0911A28}\Microsoft\Outlook Express\Inbox.dbx/[From "WINTERS" <
[email protected]>][Date Fri, 30 Apr 2004 10:55:51 -0600]/UNNAMED/Readme.exe detected: Email-Worm.Win32.Bagle.z
D:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{01A4086A-F087-4C4C-8CE9-2556A0911A28}\Microsoft\Outlook Express\Inbox.dbx/[From "WINTERS" <
[email protected]>][Date Fri, 30 Apr 2004 10:55:51 -0600]/UNNAMED/Readme.exe disinfection failed: Email-Worm.Win32.Bagle.z
D:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{01A4086A-F087-4C4C-8CE9-2556A0911A28}\Microsoft\Outlook Express\Inbox.dbx/[From "WINTERS" <
[email protected]>][Date Fri, 30 Apr 2004 10:55:51 -0600]/UNNAMED disinfection failed: Email-Worm.Win32.Bagle.z
D:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{01A4086A-F087-4C4C-8CE9-2556A0911A28}\Microsoft\Outlook Express\Inbox.dbx disinfection failed: Email-Worm.Win32.Bagle.z
D:\Program Files\AntiViral Toolkit Pro\Infected\Deleted Items.dbx/[From
[email protected],][Date Mon, 31 Jan 2005 18:27:51 +0300]/html detected: Trojan-Spy.HTML.Smitfraud.c
D:\Program Files\AntiViral Toolkit Pro\Infected\Deleted Items.dbx/[From
[email protected],][Date Mon, 31 Jan 2005 18:27:51 +0300]/html disinfection failed: Trojan-Spy.HTML.Smitfraud.c
D:\Program Files\AntiViral Toolkit Pro\Infected\Deleted Items.dbx disinfection failed: Trojan-Spy.HTML.Smitfraud.c
D:\Program Files\AntiViral Toolkit Pro\Infected\Inbox.dbx/[From "WINTERS" <
[email protected]>][Date Fri, 30 Apr 2004 10:55:51 -0600]/UNNAMED/Readme.exe detected: Email-Worm.Win32.Bagle.z
D:\Program Files\AntiViral Toolkit Pro\Infected\Inbox.dbx/[From "WINTERS" <
[email protected]>][Date Fri, 30 Apr 2004 10:55:51 -0600]/UNNAMED/Readme.exe disinfection failed: Email-Worm.Win32.Bagle.z
D:\Program Files\AntiViral Toolkit Pro\Infected\Inbox.dbx/[From "WINTERS" <
[email protected]>][Date Fri, 30 Apr 2004 10:55:51 -0600]/UNNAMED disinfection failed: Email-Worm.Win32.Bagle.z
D:\Program Files\AntiViral Toolkit Pro\Infected\Inbox.dbx disinfection failed: Email-Worm.Win32.Bagle.z
Scan process complete.
Wednesday, April 20, 2005 1:40 PM
Wednesday, April 20, 2005 1:40 PM Antiviral Toolkit Pro started:
______________________________________________________________________
Scanned
Sector Objects : 5
Files : 58286
Folders : 1417
Archives : 2360
Packed : 252
Found
Viruses : 2
Virus bodies : 4
Disinfected : 0
Deleted : 0
Warnings : 0
Suspicious : 0
Corrupted : 1
I/O Errors : 2
Scan speed (Kb/sec) : 2455
Scan time : 24:55
______________________________________________________________________
Wednesday, April 20, 2005 2:05 PM Antiviral Toolkit Pro finished: