Strange thing is that I'm now automatically updating my computer with the XP auto updates...never used to do that before...Anyways, here ya go! Thanks a million!
Logfile of HijackThis v1.99.1
Scan saved at 3:23:16 AM, on 6/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\palmOne\Hotsync.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\e9b0377463edd4b6480f6148a1f88bac\update\update.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ElliotChi\Desktop\HiJack\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O5 "LPT1:" /M "Stylus C82"
O4 - HKLM\..\Run: [CASpeed] "C:\Program Files\Cable e ADSL Speed\NtwCA.exe" /HIDE
O4 - HKLM\..\Run: [DXDllRegExe] C:\WINDOWS\System32\dxdllreg.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBC Self Support Tool\SmartBridge\MotiveSB.exe
O4 - HKLM\..\Run: [TangoManager] C:\Program Files\Covad\Covad DSL\app\TangoManager.exe
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [Tweak-XP] C:\Program Files\Tweak-XP\Tweak-xp.exe -ex
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\RunOnce: [BullguardoptIn] C:\WINDOWS\Temp\BullGuard\bulldownload.exe
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - HKCU\..\RunOnce: [RunPalmPIL] "C:\Program Files\palmOne\pil.exe"
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
http://files.member....c/yinsthdlk.cabO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akama...meInstaller.exeO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Here's the ewido
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 3:18:28 AM, 6/13/2005
+ Report-Checksum: 7FC834F2
+ Date of database: 6/7/2005
+ Version of scan engine: v3.0
+ Duration: 46 min
+ Scanned Files: 71923
+ Speed: 25.83 Files/Second
+ Infected files: 38
+ Removed files: 38
+ Files put in quarantine: 38
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069543.exe -> TrojanDownloader.Apropo.ab -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069544.DLL -> Spyware.ClearSearch.d -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069545.exe/re11.REG -> Trojan.LowZones.a -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069546.exe -> Spyware.WinFetcher.b -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069547.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069548.exe -> Backdoor.SdBot.xd -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069549.exe -> TrojanDownloader.Apropo.ab -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069550.exe -> Backdoor.SdBot.xd -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069551.dll -> Trojan.Delf.cf -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069552.exe -> Spyware.Adtomi.e -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069553.dll -> Spyware.VirtualBouncer.d -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069554.scr -> TrojanDownloader.NSIS.gen -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069555.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069556.exe -> Trojan.AproposAd -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069557.exe -> Backdoor.SdBot.xd -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069558.exe -> Backdoor.SdBot.xd -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069559.exe -> Backdoor.SdBot.xd -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069560.exe -> Trojan.Delf.cf -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069561.exe -> Trojan.Delf.cf -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069562.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069563.exe -> Backdoor.Rbot -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069564.exe -> Spyware.WinFetcher.b -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069565.dll -> TrojanDownloader.Dyfuca.eg -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069566.exe -> Backdoor.SdBot.xd -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP301\A0069578.exe -> Backdoor.SdBot.xd -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP303\A0070863.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP303\A0070868.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP303\A0070874.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP303\A0070880.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP304\A0070885.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP304\A0070893.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP304\A0071003.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP304\A0071013.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP304\A0072013.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP304\A0072015.exe -> Backdoor.SdBot.xd -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP304\A0072058.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{01787B9C-9954-4113-BF2C-7D16B6C755BE}\RP304\A0072070.exe -> Backdoor.SdBot.xd -> Cleaned with backup
C:\WINDOWS\Temp\__delete_on_reboot__~168099.tmp -> Spyware.Wintol.p -> Cleaned with backup
::Report End