[shgeca]

Hello. My dad's computer (which is my family's main computer) was hit by a really bad spyware/malware a while ago that is known as dialer sfonditalia. It's a browser hijacker and creates a program called "winmovieplugin" and a shortcut called "exsplorer" and they will not go away. It first appeared on this computer in July this year and we STILL have not been able to truly get rid of it. Spybot and ad-aware can't detect it. I tried to go to the SWI forums of spywareinfo.com and they never were able to get rid of it. And ever since then it looks like this computer has gotten worse and worse and has obtained other bad viruses and spyware. Anyway, I am coming here for help because on my own computer (not the one I have been talking about in this post) I had winfixer and you guys were able to get it removed and I am very grateful for that. So here's the log for this computer:

Logfile of HijackThis v1.99.1
Scan saved at 11:34:45 PM, on 12/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Miles\My Documents\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [WebRebates] wjview /cp:p "C:\Program Files\WebRebates\System\Code" Main lp: "C:\Program Files\WebRebates"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe (file missing)
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe (file missing)
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

I know you guys are really busy here so I won't rush you but thank you for your help. It is greatly appreciated.

[Advertisements]

Hi shgeca, Welcome to GTG !!
Sorry for the delay in reviewing your post

You may wish to print out a copy of these instructions to follow while you complete this procedure

Show Hidden Files :
Click Start
Open My Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading select Show hidden files and folders
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK

Since it has been so long, lets begin by downloading and running a few programs to help clean things up :

Download and Install CCleaner© by CCleaner.com

Run CCleaner
NOTE CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner

SETUP
Open CCleaner
DO NOT USE THE ISSUES FEATURE!!!!

On the Windows tab, under Internet Explorer, uncheck Cookies if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit)
If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla

Options, Advanced: Uncheck "Only delete files in Windows Temp folders older than 48 hours" (for cleaning malware files!)

Options, Settings: Check "Run CCleaner when system starts" (optional)
Options, Settings: Check "Add Run Cleaner option to Recycle Bin context menu" (optional)

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):
Options, CustomFolders, Add Folder, Navigate to these folders (click on bold folder once and hit OK) :
(Depending on Operating System and/or Browser, some of the following folders may not be present)

* C:\Windows\Prefetch
* C:\Program Files\Firefox\Profiles\<user>\<num>\Cache
* C:\Program Files\Opera\Cache4

Hit OK
In left pane, scroll down to Advanced, Custom Folders, put a check in Custom Folders
Then click on Run Cleaner
Put check in box to not show message again.
It will automatically clean.

Close out CCleaner.

Download and Install Ewido Security Suite© by Ewido Networks
When installing, under "Additional Options" uncheck :

"Install background guard"
"Install scan via menu"

Launch Ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update Ewido to the latest definition files.
On the left hand side of the main screen click Update
Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido Manual Updates
Close Ewido when updates finish

Run Ewido Security Suite
Click on scanner
Click on Complete System Scan and the scan will begin.
NOTE:During some scans with ewido it is finding cases of false positives.**See Below**

**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

You will need to step through the process of cleaning files one-by-one.
If ewido detects a file you KNOW to be legitimate, select none as the action.
DO NOT select "Perform action on all infections"
If you are unsure of any entry found select none for now.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report.txt file to your desktop.

Close Ewido Security Suite

Please run ONE of these Online Virus Scans :

TrendMicro Housecall
Note: you must use Internet Explorer, other browsers will not work.
Under "Scan your PC", please click Scan now. It's free!
Select your location and click the Go button.
Click the red magnifying glass button.
Select Complete Scan.
Please be patient while Housecall downloads.
Please allow the ActiveX Control and when prompted click install
Put a check next to My Computer
Leave the following checked:
Scan for Spyware
Check security vulnerabilities
Click the Next button.
It will download the latest scan engine and pattern files.
When the definitions have been downloaded, the scan will start.
After it's done scanning it will take you to the summary page.
Click the Next button.
Click the drop-down to choose delete or remove on each bad guy found, if you receive a prompt click OK.
Click the Next button to move onto the recovery (final) portion of the scan.
After everything has been removed, please click the show button on everything.
Highlight all the of text and press CTRL + C to copy the text.
Open Notepad, hit Ctrl + V to Paste

OR

Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases
Click OK

Now under select a target to scan:
Select My Computer

Then the program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.

Reboot, run HijackThis and post a fresh HijackThis Log, the Ewido Log, and the Virus Scan Log here

Thank You !!

[Linkmaster]

Hi shgeca, Welcome to GTG !!
Sorry for the delay in reviewing your post

You may wish to print out a copy of these instructions to follow while you complete this procedure

Show Hidden Files :
Click Start
Open My Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading select Show hidden files and folders
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK

Since it has been so long, lets begin by downloading and running a few programs to help clean things up :

Download and Install CCleaner© by CCleaner.com

Run CCleaner
NOTE CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner

SETUP
Open CCleaner
DO NOT USE THE ISSUES FEATURE!!!!

On the Windows tab, under Internet Explorer, uncheck Cookies if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit)
If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla

Options, Advanced: Uncheck "Only delete files in Windows Temp folders older than 48 hours" (for cleaning malware files!)

Options, Settings: Check "Run CCleaner when system starts" (optional)
Options, Settings: Check "Add Run Cleaner option to Recycle Bin context menu" (optional)

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):
Options, CustomFolders, Add Folder, Navigate to these folders (click on bold folder once and hit OK) :
(Depending on Operating System and/or Browser, some of the following folders may not be present)

* C:\Windows\Prefetch
* C:\Program Files\Firefox\Profiles\<user>\<num>\Cache
* C:\Program Files\Opera\Cache4

Hit OK
In left pane, scroll down to Advanced, Custom Folders, put a check in Custom Folders
Then click on Run Cleaner
Put check in box to not show message again.
It will automatically clean.

Close out CCleaner.

Download and Install Ewido Security Suite© by Ewido Networks
When installing, under "Additional Options" uncheck :

"Install background guard"
"Install scan via menu"

Launch Ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update Ewido to the latest definition files.
On the left hand side of the main screen click Update
Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido Manual Updates
Close Ewido when updates finish

Run Ewido Security Suite
Click on scanner
Click on Complete System Scan and the scan will begin.
NOTE:During some scans with ewido it is finding cases of false positives.**See Below**

**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

You will need to step through the process of cleaning files one-by-one.
If ewido detects a file you KNOW to be legitimate, select none as the action.
DO NOT select "Perform action on all infections"
If you are unsure of any entry found select none for now.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report.txt file to your desktop.

Close Ewido Security Suite

Please run ONE of these Online Virus Scans :

TrendMicro Housecall
Note: you must use Internet Explorer, other browsers will not work.
Under "Scan your PC", please click Scan now. It's free!
Select your location and click the Go button.
Click the red magnifying glass button.
Select Complete Scan.
Please be patient while Housecall downloads.
Please allow the ActiveX Control and when prompted click install
Put a check next to My Computer
Leave the following checked:
Scan for Spyware
Check security vulnerabilities
Click the Next button.
It will download the latest scan engine and pattern files.
When the definitions have been downloaded, the scan will start.
After it's done scanning it will take you to the summary page.
Click the Next button.
Click the drop-down to choose delete or remove on each bad guy found, if you receive a prompt click OK.
Click the Next button to move onto the recovery (final) portion of the scan.
After everything has been removed, please click the show button on everything.
Highlight all the of text and press CTRL + C to copy the text.
Open Notepad, hit Ctrl + V to Paste

OR

Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases
Click OK

Now under select a target to scan:
Select My Computer

Then the program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.

Reboot, run HijackThis and post a fresh HijackThis Log, the Ewido Log, and the Virus Scan Log here

Thank You !!

[shgeca]

Hi thank you very much for your response and help. Here are the logs.
There are like 7 users on this darn computer so this is pretty big.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:56:24 PM, 12/23/2005
+ Report-Checksum: 21A9FE58

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{04079851-5845-4dea-848C-3ECD647AA554} -> Spyware.MySearchBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Cydoor -> Spyware.Cydoor : Cleaned with backup
HKLM\SOFTWARE\DelFin -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\DelFin\PromulGate -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04079851-5845-4dea-848C-3ECD647AA554} -> Spyware.MySearchBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DelFin Media Viewer -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-2710790393-1955855776-3002183229-1029\Software\Cydoor -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2710790393-1955855776-3002183229-1029\Software\Cydoor\Adwr_336 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2710790393-1955855776-3002183229-1029\Software\Cydoor\Adwr_336\Loct_0 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2710790393-1955855776-3002183229-1029\Software\Cydoor Services -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2710790393-1955855776-3002183229-1029\Software\Cydoor Services\Queue -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2710790393-1955855776-3002183229-1029\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04079851-5845-4DEA-848C-3ECD647AA554} -> Spyware.MySearchBar : Cleaned with backup
[1280] C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL -> Spyware.MyWay : Error during cleaning
C:\Documents and Settings\Brad\Cookies\brad@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\brad@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\brad@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\brad@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\brad@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\brad@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\brad@estat[1].txt -> Spyware.Cookie.Estat : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\brad@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\brad@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\brad@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\brad@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\brad@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\brad@pro-market[1].txt -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\brad@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\brad@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\brad@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\brad@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\brad@trafic[1].txt -> Spyware.Cookie.Trafic : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\brad@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Brad\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\10293.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\10313.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\11937.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\13210.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\13519.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\15462.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\18339.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\18931.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\19205.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\21054.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\21823.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\2244.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\23629.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\26211.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\27649.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\28408.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\28812.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\28965.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\30778.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\31724.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\3372.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\7709.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\8229.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brad\Local Settings\Temp\9487.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Dani\Cookies\dani@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dani\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Dani\Cookies\dani@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Dani\Cookies\dani@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Dani\Cookies\dani@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Dani\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Dani\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Dani\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Dani\Cookies\dani@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Dani\Cookies\dani@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Dani\Cookies\dani@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Dani\Local Settings\Temp\25662.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\joey@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\joey@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\joey@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\joey@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\joey@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\joey@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\joey@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\joey@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\joey@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\joey@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\joey@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\joey@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\joey@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\joey@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\joey@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\joey@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\joey@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\joey@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Joey\Local Settings\Temp\30887.exe -> Not-A-Virus.Hoax.Win32.Renos.ad : Cleaned with backup
C:\Documents and Settings\Justin\Cookies\justin@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Justin\Cookies\justin@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Justin\Cookies\justin@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Justin\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Justin\Cookies\justin@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Justin\Cookies\justin@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Justin\Cookies\justin@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Justin\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Justin\Cookies\[email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Justin\Cookies\justin@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Justin\Cookies\justin@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Justin\Local Settings\Temp\11513.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Justin\Local Settings\Temp\9844.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\justin@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\justin@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\justin@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\justin@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\justin@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\justin@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\justin@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\justin@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\justin@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\justin@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\justin@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\justin@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\justin@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\justin@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\justin@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\justin@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][2].txt -> Spyware.Cookie.Realtracker : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\justin.PATAS\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Miles Fairweather\Cookies\miles fairweather@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Roxanne\Cookies\roxanne@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Roxanne\Cookies\roxanne@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Roxanne\Cookies\roxanne@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Roxanne\Cookies\[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Roxanne\Cookies\roxanne@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Roxanne\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Roxanne\Cookies\roxanne@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Roxanne\Cookies\roxanne@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Roxanne\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Roxanne\Cookies\[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Roxanne\Cookies\[email protected][2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Roxanne\Cookies\roxanne@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Roxanne\Cookies\roxanne@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\10000.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\10043.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\11173.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\12265.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\12440.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\13147.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\13163.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\14073.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\14609.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\15231.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\15603.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\16593.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\16906.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\18104.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\18404.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\19893.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\20138.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\20376.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\20657.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\21745.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\22404.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\22565.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\22815.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\22838.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\24191.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\24395.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\2552.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\25910.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\26128.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\26441.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\28049.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\30873.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\31201.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\31430.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\3758.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\4296.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\4903.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\5099.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\6405.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\6727.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\6748.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\762.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Roxanne\Local Settings\Temp\8303.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Ryan\Cookies\ryan@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ryan\Cookies\ryan@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Ryan\Cookies\[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Ryan\Cookies\ryan@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Ryan\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ryan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ryan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ryan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ryan\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Ryan\Cookies\ryan@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Ryan\Cookies\ryan@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Ryan\Local Settings\Temp\13485.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Ryan\Local Settings\Temp\14207.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Ryan\Local Settings\Temp\14515.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Ryan\Local Settings\Temp\19338.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Ryan\Local Settings\Temp\21003.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Ryan\Local Settings\Temp\21820.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Ryan\Local Settings\Temp\21951.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Ryan\Local Settings\Temp\23951.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Ryan\Local Settings\Temp\25552.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Ryan\Local Settings\Temp\26043.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Ryan\Local Settings\Temp\30355.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Ryan\Local Settings\Temp\31775.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Ryan\Local Settings\Temp\7620.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\shane@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\[email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\shane@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\shane@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\shane@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\shane@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\shane@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\shane@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\shane@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\[email protected][1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\shane@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\shane@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\shane@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Shane\Cookies\shane@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Shane\Local Settings\Temp\18625.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Shane\Local Settings\Temp\30792.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Shane\Local Settings\Temp\4838.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Shane\Local Settings\Temp\547.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Shane\Local Settings\Temp\6121.exe -> Dialer.Generic : Cleaned with backup
C:\morbo[1]\morbo[1].exe -> Dialer.Generic : Cleaned with backup
C:\Program Files\Common Files\fror\frord\frorc.dll -> Downloader.Small : Cleaned with backup
C:\Program Files\MediaLoads\v1\ML.exe -> Spyware.DownloadWare : Cleaned with backup
C:\Program Files\MyWay\SrchAstt\1.bin\__delete_on_reboot__MYSRCHAS.DLL -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP137\A0065794.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP137\A0065809.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP153\A0072334.exe -> Not-A-Virus.Hoax.Win32.Renos.ad : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP158\A0072679.exe -> Not-A-Virus.Hoax.Win32.Renos.ad : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP161\A0073826.exe -> Not-A-Virus.Hoax.Win32.Renos.ad : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP161\A0073828.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP76\A0035960.dll -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP76\A0035961.dll -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP76\A0035962.dll -> Spyware.Cydoor : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP76\A0035963.exe -> Spyware.HelpExpress : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP76\A0035964.DLL -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP76\A0035987.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP76\A0036002.dll -> Spyware.WildTangent : Cleaned with backup
C:\unzipped\Windows_XP_Home_Edition_Activation_Crack (www[1].crack.cd)\rgs.exe -> Downloader.INService.cx : Cleaned with backup
C:\WINDOWS\NDNuninstall4_50.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall4_80.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall5_20.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall5_40.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall5_64.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_10.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup


::Report End


The Kaspersky scan went to about 33% then it got cut off by something.... But here it is. Tell me if you want me to try again.

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, December 23, 2005 16:01:32
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 24/12/2005
Kaspersky Anti-Virus database records: 167104
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 63340
Number of viruses found: 4
Number of infected objects: 7
Number of suspicious objects: 4
Duration of the scan process: 2474 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS.zip/9313984temp.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS1.zip/109110.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS1.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\Joey\My Documents\Bearshare.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\Documents and Settings\Joey\My Documents\Bearshare.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\Documents and Settings\Ryan\My Documents\kf141.zip/keyfinder.exe/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a
C:\Documents and Settings\Ryan\My Documents\kf141.zip/keyfinder.exe/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a
C:\Documents and Settings\Ryan\My Documents\kf141.zip/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a
C:\Documents and Settings\Ryan\My Documents\kf141.zip Infected: not-a-virus:PSWTool.Win32.RAS.a
C:\Program Files\Daily Weather Forecast\weather.exe Infected: Trojan-Downloader.Win32.Centim.an

Scan was interrupted by user!

Logfile of HijackThis v1.99.1
Scan saved at 4:33:00 PM, on 12/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Miles\My Documents\hijackthis\HijackThis.exe
C:\WINDOWS\system32\cidaemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [WebRebates] wjview /cp:p "C:\Program Files\WebRebates\System\Code" Main lp: "C:\Program Files\WebRebates"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe (file missing)
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe (file missing)
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

I know this is a lot of stuff so thank you very much for your help.

[Linkmaster]

Go to Start, Control Panel, Add/Remove Programs and Uninstall the following : (if present)

Daily Weather Forecast
MyWay Search
WebRebates
SaveNow
WebHancer
MediaLoads
NewDotNet
DelFin Media Viewer
winmovieplugin (do not reboot until all are uninstalled)

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put a check mark in the boxes, only next to these following items : (if present)

O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe

Click Fix Checked

Log into each account and Run CCleaner again (all the temp folders need to be emptied as well as the cookies need to be removed)

Reboot to Safe mode
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter

Open Windows Explorer, locate and Delete the following folders in BOLD : (if present)

C:\Program Files\Daily Weather Forecast
C:\Program Files\MyWay Search
C:\Program Files\WebRebates
C:\Program Files\DelFin Media Viewer
C:\Program Files\SaveNow
C:\Program Files\WebHancer
C:\Program Files\MediaLoads
C:\Program Files\NewDotNet
C:\unzipped\Windows_XP_Home_Edition_Activation_Crack (www[1].crack.cd)
C:\morbo[1]

While Windows Explorer is still open, locate and Delete the following files in BOLD : (if present)

C:\Documents and Settings\Ryan\My Documents\kf141.zip
C:\Program Files\Common Files\fror

Go to Start, Search
Click on "All Files and Folders"
In the "All or part of the file name" box type :

exsplorer
winmovieplugin

In the "Look in" box make sure it is pointing to "Local Hard Drives (C:, etc.)"
Click on Search
Look in the right pane, Highlight and Delete the file

Delete the exsplorer shortcut if it is present

Go into Spybot and click on the Recovery button. Check all those boxes and click on the button to purge them

Run Ewido Anti-Malware again .

Reboot to Normal Mode

**Turn off System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
Check "Turn off System Restore"
Click Apply, then click OK and Reboot

**Turn ON System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
UN-Check "Turn off System Restore"
Click Apply, then click OK

Run Kaspersky WebScanner again or run the TrendMicro Housecall scan

Reboot and post a fresh HijackThis log, the fresh Ewido log and the virus scan log here
Let me know if dialer sfonditalia, winmovieplugin, and exsplorer are still there

Edited by Linkmaster, 28 December 2005 - 02:18 PM.

[shgeca]

Sorry I haven't been able to respond with the results. I got as far as this point:

Log into each account and Run CCleaner again (all the temp folders need to be emptied as well as the cookies need to be removed)

But the computer's fan has suddenly gone out and when I tried to get into safe mode after rebooting I get: "Alert! Previous fan error". I can only enter the setup or continue to windows regularly, so I haven't been able to complete the rest of the instructions.

But as soon as I get the fan working I will try to finish up.
-Ryan

[Linkmaster]

OK no problem !!

[shgeca]

I am so sorry I have not replied in so long. My internet has been down for almost 2 weeks due to modem trouble after a power surge in my area and verizon had to send a tech out today to fix things up. Anyway, my family and I went on a trip around a few days after my last post and since I didn't have a replacement fan before it was time to leave, I wasn't able to complete all those instructions like I wanted too. It's also because my dad chose to drop the computer off at Best Buy to get it fixed up while we were on the trip. But with the internet out I couldn't respond to you from my comp.

So anyway thank you for your help I'm sorry I wasn't able to go through with everything I wanted really badly to see if I could get rid of this thing using your help instead of taking it somewhere but I guess I ran into some bad luck (the fan).