Hi,
See below for Panda Scan
Incident Status Location
Adware:Adware/Searcher No disinfected C:\WINDOWS\System32\fltmgr.dll
Adware:Adware/Ucmore No disinfected C:\WINDOWS\ucmoreiex.exe
Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\system\adcache
Adware:Adware/Gator No disinfected C:\WINDOWS\gator*.log
Adware:Adware/MyWay No disinfected C:\Program Files\MyWay
Adware:Adware/nCase No disinfected Windows Registry
Spyware:Spyware/Dyfuca No disinfected C:\WINDOWS\stwsi
Spyware:Spyware/ISTbar No disinfected C:\Program Files\Common Files\Totem Shared
Adware:Adware/CWS No disinfected C:\Documents and Settings\frogger\Favorites\AdultGambling.url
Adware:Adware/BookedSpace No disinfected Windows Registry
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:Adware/WildTangent No disinfected C:\WINDOWS\wt\wtupdates
Spyware:Spyware/Altnet No disinfected Windows Registry
Spyware:Spyware/Iehelp No disinfected C:\WINDOWS\Downloaded Program Files\ipreg32.dll
Adware:Adware/InstaFinder No disinfected Windows Registry
Adware:Adware/Pacimedia No disinfected C:\Documents and Settings\frogger\Favorites\1111\1111.url
Virus:Trj/Iyus.M Disinfected Operating system
Adware:Adware/BlueScreenWarningNo disinfected Windows Registry
Spyware:Spyware/ISTbar No disinfected C:\TEMPOLD\Space\Jobs\Paul & Lou\$WRD1403.TMP
Spyware:Spyware/ISTbar No disinfected C:\TEMPOLD\Paul & Lou\$WRD1403.TMP
Virus:Trj/Downloader.CVJ Disinfected C:\WINDOWS\SYSTEM32\soroeosq.exe
Spyware:Spyware/WareOut No disinfected C:\WINDOWS\SYSTEM32\minidrv.exe
Adware:Adware/Searcher No disinfected C:\WINDOWS\SYSTEM32\fltmgr.dll
Virus:W32/Gaobot.DIH.worm Disinfected C:\WINDOWS\winser.exe
Spyware:Spyware/Iehelp No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ipreg32.inf
Spyware:Spyware/Iehelp No disinfected C:\WINDOWS\Downloaded Program Files\ipreg32.dll
Spyware:Spyware/Iehelp No disinfected C:\WINDOWS\Downloaded Program Files\ipreg32.inf
Virus:Trj/Downloader.AXC Disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\load.exe
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:Adware/Gator No disinfected C:\WINDOWS\GatorSilentSetup.log
Spyware:Spyware/New.net No disinfected C:\WINDOWS\newdotnet2_78.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\GatorPatch.log
Adware:Adware/NewDotNet.A No disinfected C:\WINDOWS\NDNuninstall4_50.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\newdotnet3_36.dll
Adware:Adware/Popup.pop No disinfected C:\WINDOWS\winsx.inf
Adware:Adware/Ucmore No disinfected C:\WINDOWS\ucmoreiex.exe
Adware:Adware/Puper No disinfected C:\Internet Tools\HijackThis\backups\backup-20050520-212000-239.dll
Spyware:Spyware/ISTbar No disinfected C:\Internet Tools\HijackThis\backups\backup-20050520-212004-832.dll
Adware:Adware/Startpage.ABR No disinfected C:\Internet Tools\HijackThis\backups\backup-20050527-185151-868.dll
Adware:Adware/Spywad No disinfected C:\Program Files\Common Files\SYSTEM\Mapi\1033\NT\c.exe
Adware:Adware/ISearch No disinfected C:\Program Files\Common Files\SYSTEM\Mapi\1033\NT\down.exe
Adware:Adware/SpywareNo No disinfected C:\Program Files\Common Files\SYSTEM\Mapi\1033\NT\sefe.exe
Virus:Trj/Downloader.ANZ Disinfected C:\Program Files\Internet Explorer\vroyhjyu.exe
Adware:Adware/MyWay No disinfected C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
Virus:Trj/Downloader.CNQ Disinfected C:\Program Files\BinaryBiz\VirtualLab Client\start.exe
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\AdultGambling.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Play Adult-Poker.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Online Sex Poker Rooms.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Kill Annoying Popups.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Spyware Uninstall.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Remove Toolbars.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Free Online Dating.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\XXX personal photos.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\[bleep] Real Girls.url
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\frogger\Local Settings\Temp\iinstall.exe
Virus:Trj/Downloader.CNQ Disinfected C:\Documents and Settings\frogger\My Documents\j-gmvl2a.zip[start.exe]
Virus:Trj/Downloader.CNQ Disinfected C:\Documents and Settings\frogger\My Documents\vrlmt0ia.zip[start.exe]
Adware:Adware/Pacimedia No disinfected C:\Documents and Settings\frogger\Favorites\1111\1111.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\frogger\Favorites\AdultGambling.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\frogger\Favorites\Play Adult-Poker.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\frogger\Favorites\Online Sex Poker Rooms.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\frogger\Favorites\Kill Annoying Popups.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\frogger\Favorites\Spyware Uninstall.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\frogger\Favorites\Remove Toolbars.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\frogger\Favorites\Free Online Dating.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\frogger\Favorites\XXX personal photos.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\frogger\Favorites\[bleep] Real Girls.url
Adware:Adware/SpywareNo No disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\Documents and Settings\frogger\sefe(01C55FCFDC421054).exe
Adware:Adware/ISearch No disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\Documents and Settings\frogger\down(01C563A0A9350018).exe
Adware:Adware/SpywareNo No disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\Documents and Settings\frogger\sefe(01C563A0AB71001C).exe
Spyware:Spyware/WareOut No disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\Program Files\WareOut\WareOut(01C5609FE6B60007).exe
Spyware:Spyware/WareOut No disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\Program Files\WareOut\WareOutUpdate(01C5609FE6B60008).exe
Virus:Trj/Downloader.CQM Disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\WINDOWS\System32\ms_djki(01C55FC4C8980002).exe
Virus:Trj/Downloader.CQM Disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\WINDOWS\System32\ms_dfoc(01C55FC5E0E20002).exe
Virus:Trj/Multidropper.AJT Disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\WINDOWS\System32\agjmvsdl(01C55FD00E6D1055).exe
Virus:W32/Bagz.V.worm Disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\WINDOWS\System32\scombo(01C55FD011021057).exe
Adware:Adware/Searcher No disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\WINDOWS\System32\scombopp(01C55FD011BC1058).exe
Virus:Trj/Downloader.CQM Disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\WINDOWS\System32\ms_dstg(01C55FE2AA810002).exe
Virus:Trj/Downloader.CQM Disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\WINDOWS\System32\ms_dqlw(01C56031CEE10002).exe
Spyware:Spyware/AdClicker No disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\WINDOWS\System32\dmsadmins(01C56031ED790008).exe
Virus:Trj/Downloader.CCZ Disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\WINDOWS\System32\sesmgr(01C56031EDA1000A).exe
Virus:Trj/Downloader.CQM Disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\WINDOWS\System32\ms_dmid(01C56060A8B40002).exe
Spyware:Spyware/AdClicker No disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\WINDOWS\System32\dmsadmins(01C560643C8E000E).exe
Virus:Trj/Downloader.CCZ Disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\WINDOWS\System32\sesmgr(01C560643CB70010).exe
Virus:Trj/Downloader.CQM Disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\WINDOWS\System32\ms_dkth(01C5609A51130002).exe
Spyware:Spyware/AdClicker No disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\WINDOWS\System32\dmsadmins(01C5609A70970007).exe
Virus:Trj/Downloader.CCZ Disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\WINDOWS\System32\sesmgr(01C5609A70C7000A).exe
Virus:Trj/Downloader.CQM Disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\WINDOWS\System32\ms_dera(01C5609BF7A70002).exe
Virus:Trj/Downloader.CQM Disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\WINDOWS\System32\ms_dgom(01C5611C9BDD0002).exe
Virus:Trj/Downloader.CQM Disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\WINDOWS\System32\ms_drlh(01C5611CC8A40006).exe
Virus:Trj/Downloader.CWZ Disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\WINDOWS\Downloaded Program Files\open(01C566DE037700D7).exe
Adware:Adware/SAHAgent No disinfected C:\RecoveryBin\Volume-5cc68ec1-8410-11d9-ad7d-806d6172696f\WINDOWS\shop1004(01C563996E50086C).exe
Logfile of HijackThis v1.99.1
Scan saved at 8:04:15 PM, on 01/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Vet\VetTray.exe
C:\WINDOWS\System32\keyhook.exe
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\SYSTEM32\sistray.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Vet\isafe.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Executive Software\Undelete\UdServe.exe
C:\Vet\VetMsg.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Internet Tools\HijackThis\HijackThis.exe
N1 - Netscape 4: user_pref("browser.startup.homepage", "C:\\Program Files\\Netscape\\Communicator\\Program\\blank.htm"); (C:\Program Files\Netscape\Users\jason\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [VetTray] C:\Vet\VetTray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\SYSTEM32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE /P30 "EPSON Stylus Photo R310 Series" /O6 "USB001" /M "Stylus Photo R310"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [Handy Backup 4.1] C:\Program Files\Novosoft\Handy Backup\hbagent.exe -logon
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\WINDOWS\stubinstaller5356.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Undelete 4 Professional Edition Registration.lnk = C:\Program Files\Executive Software\Undelete\ESIRegister.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM32\sistray.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\INTERN~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: vWebServer Script Debugger - {B478FE8F-57ED-4e12-BB32-6B6D6635872C} - C:\WINDOWS\SYSTEM32\vDebugBand.dll
O9 - Extra 'Tools' menuitem: vWebServer Script Debugger - {B478FE8F-57ED-4e12-BB32-6B6D6635872C} - C:\WINDOWS\SYSTEM32\vDebugBand.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .png: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .tif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .vbs: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1117441058203O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) -
http://www.seagate.c.../npseatools.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{ADA6880F-43F6-42F0-9F05-2FD2849C5864}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{D229C121-B898-474B-8887-E9C73B0E6F09}: NameServer = 69.50.176.156,195.225.176.31
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Vet\isafe.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Executive Software Undelete (UndeleteService) - Executive Software International - C:\Program Files\Executive Software\Undelete\UdServe.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Vet\VetMsg.exe