thankyou for your time to help me out here is the new log
Logfile of HijackThis v1.99.1
Scan saved at 11:44:25 PM, on 10/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\My Download Files\New Folder\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\system32\nzdd.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{38601471-64AE-4519-853A-FFCE890B52D3}: NameServer = 206.47.244.104 206.47.199.155
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ASE\ASEServ.exe (file missing)
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\wangfamily\Desktop\CWShredder.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
HERE THE RESULT OF ACTIVE SCAN
Incident Status Location
Adware:adware/ipinsight No disinfected C:\WINDOWS\INF\conscorr.inf
Spyware:spyware/localnrd No disinfected C:\WINDOWS\INF\localNrd.inf
Spyware:spyware/searchcentrix No disinfected Windows Registry
Dialer:dialer.yc No disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{c89bb48c-15d9-4f4f-803e-95d90f62be62}
Adware:adware/cleangetaway No disinfected Windows Registry
Dialer:dialer generic No disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
Adware:adware/alexa-toolbar No disinfected Windows Registry
Dialer:dialer.du No disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{7B55BB05-0B4D-44FD-81A6-B136188F5DEB}
Adware:adware/sidesearch No disinfected Windows Registry
Dialer:dialer.dk No disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{2048B51E-8D74-4762-82CE-B48CF545EEEA}
Adware:adware/xupiter No disinfected Windows Registry
Dialer:dialer.db No disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{03FBB191-FB50-4154-91D7-587D5E3C3C9A}
Adware:adware/lop No disinfected Windows Registry
Dialer:dialer.bb No disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{0191ABF4-9421-435E-9FFD-CD827A2A82D8}
Adware:adware/xplugin No disinfected Windows Registry
Dialer:dialer.b No disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{CEFB7B49-9652-464F-8AFD-A577C0500F39}
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\wangfamily\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6d048d26-4c4b9464.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\wangfamily\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6d048d26-4c4b9464.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\wangfamily\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6d048d26-4c4b9464.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\wangfamily\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6d048d26-4c4b9464.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\wangfamily\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-9275328-2ea24cd6.RB0[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\wangfamily\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-9275328-2ea24cd6.RB0[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\wangfamily\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-9275328-2ea24cd6.RB0[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\wangfamily\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-9275328-2ea24cd6.RB0[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\wangfamily\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-9275328-2ea24cd6.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\wangfamily\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-9275328-2ea24cd6.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\wangfamily\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-9275328-2ea24cd6.zip[Dummy.class]
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\conscorr.inf
Spyware:Spyware/LocalNRD No disinfected C:\WINDOWS\inf\localNrd.inf
Adware:Adware/IST.ISTBar No disinfected C:\WINDOWS\ounist.exe.tcf
Adware:Adware/IST.ISTBar No disinfected C:\WINDOWS\proxya.exe.tcf
Virus:Trj/Zapchast.D Disinfected C:\WINDOWS\system32\c.bat
Adware:Adware/StartPage.AIW No disinfected C:\WINDOWS\system32\jkhhf.dll
Adware:Adware/StartPage.AIW No disinfected C:\WINDOWS\system32\mljgd.dll
AND HERE THE VUNDOFIC TEXT
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Suspending PID 132 'smss.exe'
Threads [136][140][144]
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 732 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Error, Cannot find a process with an image name of rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 204 'winlogon.exe'
File Deleted sucessfully.
Files Deleted sucessfully.