Ok, so here I am. Hopefully I have everything that you requested. Pandascan was brutal
HJT:
Logfile of HijackThis v1.99.1
Scan saved at 11:23:53 PM, on 10/22/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\mstray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\InstallShield Software Corporation\802.11b Wireless Lan Utility\RtlWake.exe
C:\Program Files\Wireless LAN Utility\WlanUtility.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\COMMON~1\AOL\112735~1\EE\AOLHOS~1.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\AOL\112735~1\EE\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://us.rd.yahoo.c...//www.yahoo.comO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127352231\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [mstray] C:\WINDOWS\mstray.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\System32\mstask.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe"
O4 - HKCU\..\Run: [mstray] C:\WINDOWS\mstray.exe
O4 - Global Startup: RtlWake.lnk = ?
O4 - Global Startup: Wireless Lan Utility.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1128038425202O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1128985411355O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) -
http://us.dl1.yimg.c...ropper1_4us.cabO23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
startup:
Start
Incident Status Location
Adware:adware/cws.searchmeup Reported C:\WINDOWS\SYSTEM32\bose.ico
Spyware:spyware/safesurf Reported C:\WINDOWS\SYSTEM32\InstallerV3.exe
Adware:adware/afaenhance Reported C:\WINDOWS\SYSTEM\QBUninstaller.exe
Adware:adware/bookedspace Reported C:\WINDOWS\cfgmgr52.ini
Adware:adware program Reported C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Adware:adware/wintools Reported Windows Registry
Spyware:Cookie/Allthatsearch Reported C:\Documents and Settings\Admin\Cookies\admin@10102[1].txt
Spyware:Cookie/YieldManager Reported C:\Documents and Settings\Admin\Cookies\
[email protected][2].txt
Spyware:Cookie/Hbmediapro Reported C:\Documents and Settings\Admin\Cookies\
[email protected][2].txt
Spyware:Cookie/adultfriendfinderReported C:\Documents and Settings\Admin\Cookies\admin@adultfriendfinder[1].txt
Spyware:Cookie/SearchingBooth Reported C:\Documents and Settings\Admin\Cookies\admin@aycm5[2].txt
Spyware:Cookie/nCase Reported C:\Documents and Settings\Admin\Cookies\admin@BassMan[2].txt
Spyware:Cookie/Allthatsearch Reported C:\Documents and Settings\Admin\Cookies\admin@BigBlue[1].txt
Spyware:Cookie/nCase Reported C:\Documents and Settings\Admin\Cookies\admin@Kiddo[1].txt
Spyware:Cookie/DomainSponsor Reported C:\Documents and Settings\Admin\Cookies\
[email protected][1].txt
Virus:Exploit/ByteVerify Reported C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-22be6520-75cfc68e.RB0[a.class]
Virus:Exploit/ByteVerify Reported C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-22be6520-75cfc68e.RB0[Dummy.class]
Virus:Exploit/ByteVerify Reported C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-22be6520-75cfc68e.RB0[VerifierBug.class]
Virus:Trj/Classloader.I Reported C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-65695b65-14756821.RB0[b.class]
Virus:Exploit/BytVerify Reported C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-65695b65-14756821.RB0[c.class]
Virus:Exploit/BytVerify Reported C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-65695b65-14756821.RB0[a.class]
Virus:Trj/Downloader.DIS Reported C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-65695b65-14756821.RB0[d.class]
Virus:Exploit/BytVerify Reported C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-65695b65-14756821.zip[a.class]
Virus:Trj/Downloader.EGM Reported C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-333fe01c-6328504c.RB0[web.exe]
Spyware:Cookie/Allthatsearch Reported C:\Documents and Settings\Admin\Cookies\admin@10102[1].txt
Spyware:Cookie/YieldManager Reported C:\Documents and Settings\Admin\Cookies\
[email protected][2].txt
Spyware:Cookie/Hbmediapro Reported C:\Documents and Settings\Admin\Cookies\
[email protected][2].txt
Spyware:Cookie/adultfriendfinderReported C:\Documents and Settings\Admin\Cookies\admin@adultfriendfinder[1].txt
Spyware:Cookie/SearchingBooth Reported C:\Documents and Settings\Admin\Cookies\admin@aycm5[2].txt
Spyware:Cookie/nCase Reported C:\Documents and Settings\Admin\Cookies\admin@BassMan[2].txt
Spyware:Cookie/Allthatsearch Reported C:\Documents and Settings\Admin\Cookies\admin@BigBlue[1].txt
Spyware:Cookie/nCase Reported C:\Documents and Settings\Admin\Cookies\admin@Kiddo[1].txt
Spyware:Cookie/DomainSponsor Reported C:\Documents and Settings\Admin\Cookies\
[email protected][1].txt
Virus:Trj/Downloader.BYN Reported C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\4HI7KHE7\trk_0031[1].exe
Adware:Adware/Popuper Reported C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\OPQRSPQR\mstray[1].exe
Adware:Adware/Pacimedia Reported C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\SXEVWHYN\pcs_0031[1].exe
Virus:VBS/Psyme.C Reported C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\SXEVWHYN\TRACK31[1].CHM[track31.htm]
Adware:Adware/PopupSearches Reported C:\Program Files\Yahoo!\YPSR\Quarantine\ppq33.tmp
Spyware:Cookie/Zedo Reported C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp
Adware:Adware/Popuper Reported C:\WINDOWS\mstray.exe
Spyware:Spyware/BetterInet Reported C:\WINDOWS\system\QBUninstaller.exe
Spyware:Spyware/SafeSurf Reported C:\WINDOWS\system32\InstallerV3.exe
Spyware:Spyware/SafeSurf Reported C:\WINDOWS\system32\richedtr.dll
panda:
Incident Status Location
Adware:adware/cws.searchmeup Reported C:\WINDOWS\SYSTEM32\bose.ico
Spyware:spyware/safesurf Reported C:\WINDOWS\SYSTEM32\InstallerV3.exe
Adware:adware/afaenhance Reported C:\WINDOWS\SYSTEM\QBUninstaller.exe
Adware:adware/bookedspace Reported C:\WINDOWS\cfgmgr52.ini
Adware:adware program Reported C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Adware:adware/wintools Reported Windows Registry
Spyware:Cookie/Allthatsearch Reported C:\Documents and Settings\Admin\Cookies\admin@10102[1].txt
Spyware:Cookie/YieldManager Reported C:\Documents and Settings\Admin\Cookies\
[email protected][2].txt
Spyware:Cookie/Hbmediapro Reported C:\Documents and Settings\Admin\Cookies\
[email protected][2].txt
Spyware:Cookie/adultfriendfinderReported C:\Documents and Settings\Admin\Cookies\admin@adultfriendfinder[1].txt
Spyware:Cookie/SearchingBooth Reported C:\Documents and Settings\Admin\Cookies\admin@aycm5[2].txt
Spyware:Cookie/nCase Reported C:\Documents and Settings\Admin\Cookies\admin@BassMan[2].txt
Spyware:Cookie/Allthatsearch Reported C:\Documents and Settings\Admin\Cookies\admin@BigBlue[1].txt
Spyware:Cookie/nCase Reported C:\Documents and Settings\Admin\Cookies\admin@Kiddo[1].txt
Spyware:Cookie/DomainSponsor Reported C:\Documents and Settings\Admin\Cookies\
[email protected][1].txt
Virus:Exploit/ByteVerify Reported C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-22be6520-75cfc68e.RB0[a.class]
Virus:Exploit/ByteVerify Reported C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-22be6520-75cfc68e.RB0[Dummy.class]
Virus:Exploit/ByteVerify Reported C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-22be6520-75cfc68e.RB0[VerifierBug.class]
Virus:Trj/Classloader.I Reported C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-65695b65-14756821.RB0[b.class]
Virus:Exploit/BytVerify Reported C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-65695b65-14756821.RB0[c.class]
Virus:Exploit/BytVerify Reported C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-65695b65-14756821.RB0[a.class]
Virus:Trj/Downloader.DIS Reported C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-65695b65-14756821.RB0[d.class]
Virus:Exploit/BytVerify Reported C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-65695b65-14756821.zip[a.class]
Virus:Trj/Downloader.EGM Reported C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-333fe01c-6328504c.RB0[web.exe]
Spyware:Cookie/Allthatsearch Reported C:\Documents and Settings\Admin\Cookies\admin@10102[1].txt
Spyware:Cookie/YieldManager Reported C:\Documents and Settings\Admin\Cookies\
[email protected][2].txt
Spyware:Cookie/Hbmediapro Reported C:\Documents and Settings\Admin\Cookies\
[email protected][2].txt
Spyware:Cookie/adultfriendfinderReported C:\Documents and Settings\Admin\Cookies\admin@adultfriendfinder[1].txt
Spyware:Cookie/SearchingBooth Reported C:\Documents and Settings\Admin\Cookies\admin@aycm5[2].txt
Spyware:Cookie/nCase Reported C:\Documents and Settings\Admin\Cookies\admin@BassMan[2].txt
Spyware:Cookie/Allthatsearch Reported C:\Documents and Settings\Admin\Cookies\admin@BigBlue[1].txt
Spyware:Cookie/nCase Reported C:\Documents and Settings\Admin\Cookies\admin@Kiddo[1].txt
Spyware:Cookie/DomainSponsor Reported C:\Documents and Settings\Admin\Cookies\
[email protected][1].txt
Virus:Trj/Downloader.BYN Reported C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\4HI7KHE7\trk_0031[1].exe
Adware:Adware/Popuper Reported C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\OPQRSPQR\mstray[1].exe
Adware:Adware/Pacimedia Reported C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\SXEVWHYN\pcs_0031[1].exe
Virus:VBS/Psyme.C Reported C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\SXEVWHYN\TRACK31[1].CHM[track31.htm]
Adware:Adware/PopupSearches Reported C:\Program Files\Yahoo!\YPSR\Quarantine\ppq33.tmp
Spyware:Cookie/Zedo Reported C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp
Adware:Adware/Popuper Reported C:\WINDOWS\mstray.exe
Spyware:Spyware/BetterInet Reported C:\WINDOWS\system\QBUninstaller.exe
Spyware:Spyware/SafeSurf Reported C:\WINDOWS\system32\InstallerV3.exe
Spyware:Spyware/SafeSurf Reported C:\WINDOWS\system32\richedtr.dll