Thank you very much. ^.^
The Panda scan is at the bottom, because I was typing this while it scanned.
Here's the new Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 9:08:47 PM, on 6/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\S24EvMon.exe
C:\WINNT\system32\ZCfgSvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\SETI@home\
[email protected]C:\WINNT\System32\ctfmon.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\System32\RegSrvc.exe
C:\WINNT\System32\RoamMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\Intel\Switching\User\RoamSvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Opera7\opera.exe
C:\WINNT\System32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\logs\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.gatewaybiz.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.gatewaybiz.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 24.34.241.9:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 24.34.241.9;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WinStat - {F007E221-018D-4baf-924A-B0E9092F3853} - C:\WINNT\System32\WinStat11.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\
[email protected] -min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....467&clcid=0x409O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1107099074856O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) -
http://racing.youbet...s/ybrequest.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) -
http://everquest2.st.../soesysinfo.cabO20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: Sebring - C:\WINNT\System32\LgNotify.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Avgrdsheuinic - GRISOFT, s.r.o. - (no file)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\System32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - C:\WINNT\System32\RoamMgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\System32\S24EvMon.exe
And the ewido log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 9:06:01 PM, 6/15/2005
+ Report-Checksum: F950A3EA
+ Date of database: 6/15/2005
+ Version of scan engine: v3.0
+ Duration: 90 min
+ Scanned Files: 120661
+ Speed: 22.29 Files/Second
+ Infected files: 47
+ Removed files: 47
+ Files put in quarantine: 47
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\SSK3_B5 Verticlick 8.exe -> TrojanDropper.Small.qn -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP1\A0000007.dll -> Spyware.SurfSide -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP21\A0001280.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP21\A0001281.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP21\A0001282.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP21\A0001284.dll -> Trojan.Agent.db -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP21\A0001285.exe -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP21\A0001286.dll -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP21\A0001296.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP21\A0001307.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP22\A0001337.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP22\A0001338.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP22\A0001354.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP22\A0001355.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP22\A0001376.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP22\A0001385.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP22\A0001408.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP22\A0001409.dll -> Trojan.Agent.db -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP22\A0001410.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP22\A0001540.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP22\A0001580.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP22\A0001581.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP22\A0001591.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP22\A0001592.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP22\A0001628.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP24\A0001728.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP24\A0001766.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP24\A0001777.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP24\A0001787.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP24\A0002798.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP24\A0002804.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP24\A0002813.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP24\A0002852.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP24\A0002870.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP24\A0002892.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP24\A0002909.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP24\A0002926.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP24\A0003107.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP24\A0003130.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP24\A0003163.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP24\A0003164.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{D7F59E68-F72A-418D-8724-BD50B2A19162}\RP24\A0003165.dll -> Trojan.Agent.db -> Cleaned with backup
C:\WINNT\system32\gpjjfw.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINNT\zzwkydsuh.exe -> Spyware.BetterInternet -> Cleaned with backup
::Report End
And finally the log from the virus scan:
Incident Status Location
Spyware:Spyware/SurfSideKick No disinfected Windows Registry
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Administrator\Application Data\Sskcwrd.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Administrator\Application Data\Sskknwrd.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Administrator\Application Data\Sskuknwrd.dll
Possible Virus. No disinfected C:\Program Files\Avi2Dvd\Programs\BeSweet\BeSweet.exe
Adware:Adware/Transponder No disinfected C:\WINNT\dgngkds.exe