All done! Here are the 2 logs:
Logfile of HijackThis v1.99.1
Scan saved at 8:23:18 AM, on 6/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\windows\system32\ddhtfq.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Mark.MARKANDKARLA\My Documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [gocoyfh] c:\windows\system32\ddhtfq.exe r
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HotSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\Msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\Msjava.dll
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Program Files\PartyPoker\IEExtension.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
http://usercenter.co.../cx_tgctlcm.jspO16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell....iler/SysPro.CABO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....467&clcid=0x409O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) -
http://download.akam...loadManager.ocxO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg...l_v1-0-3-17.cabO16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) -
http://www.kodakgall..._1/axofupld.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: FireDaemon Service: system (system) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 8:00:51 AM, 6/8/2005
+ Report-Checksum: 3F84A08E
+ Date of database: 6/8/2005
+ Version of scan engine: v3.0
+ Duration: 108 min
+ Scanned Files: 143866
+ Speed: 22.18 Files/Second
+ Infected files: 81
+ Removed files: 81
+ Files put in quarantine: 81
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
D:\
+ Scan result:
C:\Documents and Settings\Mark.MARKANDKARLA\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-616e9a67.class -> TrojanDownloader.Small.WV -> Cleaned with backup
C:\Documents and Settings\Mark.MARKANDKARLA\Cookies\mark@69028915[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mark.MARKANDKARLA\Cookies\mark@80503492[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mark.MARKANDKARLA\Cookies\mark@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mark.MARKANDKARLA\Cookies\mark@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mark.MARKANDKARLA\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mark.MARKANDKARLA\Mark\Cookies\mark@bfast[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mark.MARKANDKARLA\Mark\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mark.MARKANDKARLA\Mark\Cookies\mark@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mark.MARKANDKARLA\Mark\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mark.MARKANDKARLA\Mark\Cookies\mark@hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mark.MARKANDKARLA\Mark\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mark.MARKANDKARLA\Mark\Local Settings\Temp\comet_install.exe -> Spyware.Cometsystems -> Cleaned with backup
C:\Documents and Settings\Mark.MARKANDKARLA\Mark\Local Settings\Temp\msbb.exe -> Spyware.Zango -> Cleaned with backup
C:\Documents and Settings\Mark.MARKANDKARLA\Mark\Local Settings\Temp\ncmyb.dll -> Spyware.180solutions -> Cleaned with backup
C:\Documents and Settings\Mark.MARKANDKARLA\Mark\Local Settings\Temp\omnigate.exe -> Spyware.Omnigate -> Cleaned with backup
C:\Program Files\ACE Mega CoDecS Pack\Anti-Virus\clrav.com -> Worm.LovGate.a -> Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug.a -> Cleaned with backup
C:\Program Files\HijackThis\backups\backup-20050602-022612-117.dll -> Spyware.Winsta -> Cleaned with backup
C:\Program Files\SurfSideKick 3\Ssk.exe -> Spyware.SurfSide -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0071941.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0071951.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0071970.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0071972.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0071973.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0071979.dll -> Spyware.Winsta -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0071988.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0072003.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0072027.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0072029.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0072032.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0072052.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0072069.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0072482.dll -> Spyware.Winsta -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0072483.exe -> Backdoor.ServU-based -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0072484.exe -> Spyware.Sahat.h -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0072500.exe -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0072504.dll -> Trojan.Agent.db -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0072505.dll -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0072506.dll -> Spyware.Winsta -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0072509.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0072510.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\WINDOWS\bsx32\ADVC5.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ADVCTX2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIWS3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\BID1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\BingoRoom1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\CARD2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\CARS3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\EML1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\FINC3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\FLWR1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\INK1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\SPZ3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\XTFL2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bxxs5.dll -> Spyware.BookedSpace.c -> Cleaned with backup
C:\WINDOWS\dealhlpr.dll -> Spyware.DealHelper.c -> Cleaned with backup
C:\WINDOWS\DHP.dll -> Spyware.DealHelper.d -> Cleaned with backup
C:\WINDOWS\DHUpdt.exe -> Spyware.DealHelper.f -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\EPXActiveX.ocx -> Spyware.Winsta -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\SAHAgent_.exe -> Spyware.Sahat.f -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\SahHtml_.exe -> Spyware.Sahat.f -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\SAHUninstall_.exe -> Spyware.Sahat.f -> Cleaned with backup
C:\WINDOWS\itordnuqms.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\mmttil.exe -> Spyware.EZula.ac -> Cleaned with backup
C:\WINDOWS\mxTarget.dll -> Spyware.BiSpy.f -> Cleaned with backup
C:\WINDOWS\preInsMt.exe -> Spyware.BiSpy.q -> Cleaned with backup
C:\WINDOWS\preInsTT.exe -> Trojan.KeyHost.e -> Cleaned with backup
C:\WINDOWS\systb.dll -> Spyware.ImiBar.d -> Cleaned with backup
C:\WINDOWS\system32\clsobern.isc -> Worm.Sober.i -> Cleaned with backup
C:\WINDOWS\system32\CTF\ctfmon.dll -> Backdoor.VB.td -> Cleaned with backup
C:\WINDOWS\system32\epx30104.exe -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\system32\ide21201.vxd -> Spyware.MediaPass -> Cleaned with backup
C:\WINDOWS\system32\instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\msnimk.gif -> Spyware.Ipend -> Cleaned with backup
C:\WINDOWS\system32\nonzipsr.noz -> Worm.Sober.i -> Cleaned with backup
C:\WINDOWS\system32\SahAgent.exe -> Spyware.Sahat.f -> Cleaned with backup
C:\WINDOWS\system32\SahHtml.exe -> Spyware.Sahat.f -> Cleaned with backup
C:\WINDOWS\system32\silent.exe -> Spyware.WinFetch -> Cleaned with backup
C:\WINDOWS\system32\wsaupdater.exe -> Spyware.BlazeFind.a -> Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c -> Cleaned with backup
::Report End