Sam~
Hi and thanks for your helpful information! I have followed your instructions to the letter and I think I have experienced a little progress!
I did run into one little problem while I was running the Panda ActiveScan, however, which was that I never found the AutoClean box. Suffice it to say, not one of the five infections that were located by Panda ActiveScan were disinfected.
The good news, though, is that I have finally regained control over my desktop themes again. I'm not sure if it's just me or not, but the preloaded Windows images seem to be slightly distorted when placed in the background (almost as though there aren't enough pixels to cover the full size of the screen adequately). This isn't really all that big of a deal, just more of an annoyance.
My only concern now is how to take care of some of the infections I located through the various system scans. I will post the logs, as you requested, and I will wait to hear back from you before proceeding with any other "treatment".
Again, thanks so much for your help!
**** Logs to follow****
__________________________________________________________
Panda Scan:
Incident Status Location
Spyware:spyware/petro-line No disinfected C:\Documents and Settings\default\Favorites\SITES ABOUT\Credit counseling.url
Adware:Adware/WindowEnhancer No disinfected C:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll
Virus:Eicar.Mod No disinfected C:\Program Files\PestPatrol\Help.chm[HowCanITestDetection.html]
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\default\My Documents\My Applications\backups\backup-20051004-153344-338.inf
Adware:Adware/SearchAid No disinfected C:\System Volume Information\_restore{3BF730E8-581A-4B75-8FF3-430BB54D0354}\RP274\A0059018.exe
Adware:Adware/SearchAid No disinfected C:\System Volume Information\_restore{3BF730E8-581A-4B75-8FF3-430BB54D0354}\RP274\A0059019.exe
_____________________________________________________
HTJ Log:
Logfile of HijackThis v1.99.1
Scan saved at 7:52:54 PM, on 10/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Screen Calendar\scrcal.exe
C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony Handheld\Hotsync.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\default\My Documents\My Applications\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Screen Calendar] "C:\Program Files\Screen Calendar\scrcal.exe" -m
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\Hotsync.exe
O4 - Global Startup: Configuration & Monitor Utility.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
____________________________________________________________
Ewido Log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 6:18:55 PM, 10/8/2005
+ Report-Checksum: FD1C5DB7
+ Scan result:
C:\WINDOWS\SYSTEM32\ntfu.exe -> Trojan.Agent.bi : Cleaned without backup
C:\WINDOWS\SYSTEM32\ipbj32.exe -> Trojan.Agent.bi : Cleaned without backup
C:\WINDOWS\fjinml.dat -> TrojanDownloader.Agent.bc : Cleaned without backup
C:\WINDOWS\systh32.exe -> TrojanDownloader.Agent.bq : Cleaned without backup
C:\WINDOWS\ldddjr.dat -> TrojanDownloader.Agent.bc : Cleaned without backup
C:\WINDOWS\hcuqbi.dat -> TrojanDownloader.Agent.bq : Cleaned without backup
C:\WINDOWS\fxgvsl.dat -> Trojan.Agent.bi : Cleaned without backup
C:\WINDOWS\wnlhyl.log -> Trojan.Agent.bi : Cleaned without backup
C:\WINDOWS\gubjzr.dat -> TrojanDownloader.Agent.bq : Cleaned without backup
C:\WINDOWS\psjntg.dat -> TrojanDownloader.Agent.bc : Cleaned without backup
C:\WINDOWS\onwnav.log -> TrojanDownloader.Agent.bq : Cleaned without backup
C:\WINDOWS\zhhxwi.log -> TrojanDownloader.Agent.bq : Cleaned without backup
C:\WINDOWS\lamitd.txt -> Trojan.Agent.bi : Cleaned without backup
C:\WINDOWS\hgosuy.log -> Trojan.Agent.bi : Cleaned without backup
C:\WINDOWS\eawonf.txt -> TrojanDownloader.Agent.bq : Cleaned without backup
C:\Documents and Settings\default\Cookies\default@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned without backup
C:\Documents and Settings\default\Cookies\
[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned without backup
C:\Documents and Settings\default\Cookies\
[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.9:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned without backup
:mozilla.16:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned without backup
:mozilla.18:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned without backup
:mozilla.26:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned without backup
:mozilla.27:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned without backup
:mozilla.28:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.29:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned without backup
:mozilla.30:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.31:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned without backup
:mozilla.32:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned without backup
:mozilla.33:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.34:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned without backup
:mozilla.35:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.36:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned without backup
:mozilla.37:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned without backup
:mozilla.38:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.40:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
:mozilla.41:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
:mozilla.42:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
:mozilla.43:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.44:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.46:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned without backup
:mozilla.47:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\m79fts79.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned without backup
C:\System Volume Information\_restore{3BF730E8-581A-4B75-8FF3-430BB54D0354}\RP274\A0059017.dll -> Spyware.SearchPage : Cleaned without backup
::Report End
__________________________________________________________
I hope this was everything you were looking for. Please let me know which direction I should take next.
Thanks again!