1.The file C:\\WINDOWS\System32\wininet.dll is infected by the W32/Alemod.b.dll virus and cannot be cleaned.
2.C:\\WINDOWS\System32\OLDEAM.dll is infected by the Spy-Agent.h trojan and cannot be cleaned.
Here is my log:
Logfile of HijackThis v1.99.1
Scan saved at 12:48:32 AM, on 7/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\LiteStep\litestep.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\lexpps.exe
C:\Program Files\CursorXP\CursorXP.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://websearchnetwork.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drs...=132345732&id=5
.0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(
Default) = websearch.shopnav.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page_bak = http://gamefaqs.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04
FD64497} - (no file)
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 82.179.166.164 lender-search.com
O1 - Hosts: 82.179.166.165 hot-searches.com
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} -
(no file)
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} -
C:\WINDOWS\enhtb.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695
ECA05670} - C:\Program Files\Yahoo!
\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D
6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} -
(no file)
O2 - BHO: WHttpHelper Class - {9896231A-C487-43A5-8369-6EC9B0A
96CC0} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF
10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} -
C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-
94d91c6ae7f4} - C:\WINDOWS\pumba3.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-
0090271D4F88} - C:\Program Files\Yahoo!
\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Search Toolbar - {a19ef336-01d4-48e6-926a-fe7e1c
747aed} - C:\WINDOWS\pumba3.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-
905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [LogonStudio] "C:\Program
Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1
\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.
com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.
com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.
com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.
com\vso\mcmnhdlr.exe" /checktask
O4 - HKCU\..\Run: [CursorXP] "C:\Program
Files\CursorXP\CursorXP.exe" -s
O8 - Extra context menu item: &AOL Toolbar search - res://C:
\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C
:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Get Flash by &Arty Flash Ripper -
C:\Program Files\Softdigger\FlashRipper\IEMenu.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:
\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-
000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5
-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B
41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-
00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-
11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!
\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
- C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F
795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110
-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F
683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350
\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i
/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/
games/clients/y/pote_x.cab
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:
mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.
exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows
Genuine Advantage Validation Tool) - http://go.microsoft.com/
fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://
download.sidestep.com/get/k00719/sb028.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.
56.176.78/webplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan
Installer Class) - http://www.pandasoft...activescan/as5/
asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.
dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1
\WINDOW~1\fastload.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America
Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) -
America Online, Inc - C:\Program Files\Common
Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International,
Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C
:\Program Files\Common Files\Macromedia
Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner -
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.
exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee
.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (
MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1
\mcafee.com\vso\mcvsrte.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown
owner - C:\WINDOWS\system32\msCMTSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (
TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program
Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -
America Online, Inc. - C:\WINDOWS\wanmpsvc.exe