[Wolfvering]

Logfile of HijackThis v1.99.1
Scan saved at 8:05:17 PM, on 12/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\EXSHOW95.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\WINDOWS\system32\EXSHOW.EXE
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\altpayV2\altpayV2.exe
C:\WINDOWS\sysgq32.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Kazaa\kazaa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\javaxg32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\Documents and Settings\Administrator\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bkdxv.dll/sp.html#77035%
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bkdxv.dll/sp.html#77035%
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\bkdxv.dll/sp.html#77035%
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bkdxv.dll/sp.html#77035%
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bkdxv.dll/sp.html#77035%
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\bkdxv.dll/sp.html#77035%
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\bkdxv.dll/sp.html#77035%
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {0B540EFA-2AC6-5866-AF53-D93A51569CDC} - C:\WINDOWS\system32\mspg.dll
O2 - BHO: Class - {1F6B2AC9-8A18-97CC-C47B-CBBFB1EDBEF1} - C:\WINDOWS\ieti32.dll (file missing)
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Class - {5F4CF23D-5370-7E4F-F006-FB29CBB4A970} - C:\WINDOWS\mfctt32.dll (file missing)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {B856C014-733A-E7C2-BA3A-B880A9541D36} - C:\WINDOWS\ntvc.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: Class - {FE13BDB7-4403-0563-A91B-7E8970E72CF7} - C:\WINDOWS\system32\iprn32.dll (file missing)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Need2Find Bar - {4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\altpayV2\altpayV2.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [alij] C:\WINDOWS\system32\run320.exe dummy
O4 - HKLM\..\Run: [sysgq32.exe] C:\WINDOWS\sysgq32.exe
O4 - HKLM\..\Run: [22C8.tmp] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\22C8.tmp.exe
O4 - HKLM\..\Run: [22C9.tmp] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\22C9.tmp.exe
O4 - HKLM\..\Run: [22C9.tmp.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\22C9.tmp.exe
O4 - HKLM\..\Run: [22C8.tmp.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\22C8.tmp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Program Files\Yahoo!\YPSR\ppclean.exe" "clean" "smartfinder" "2"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125803128183
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://F:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

[Advertisements]

Hi Wolfvering and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.


Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

1. Prepare CWShredder for use:

• Download CWShredder.
• Save CWShredder.exe to a convenient location.
• Please do not do anything with it yet.

2. Prepare AboutBuster for use:

• Download AboutBuster.Zip to your Desktop
  
• Right click in any open space on your desktop
  • From the menu that appears, choose NEW>>Folder
  • Name the new folder About Buster
• Doubleclick the AboutBuster.zip file on your desktop to open the file:
  • From the main ZIP toolbar, choose "Extract"
  • A window will apppear. Make sure that the "All Files/Folders in archive" option is selected.
  • Choose the newly-created AboutBuster folder on your desktop as the destination.
• Open the About Buster folder
  • Double-click on AboutBuster.exe file.
  • Now, click on "Update"
  • Do Not Run the Program Yet

3. Boot into Safe Mode:
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.


4. Run AboutBuster and save the log:

• Open the AboutBuster folder
• Double-click on the AboutBuster.exe file
• Then click on "Begin Removal"
• Please wait while AboutBuster scans your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
• When it has finished, click OK, then EXIT, then OK again
• The log required can be found in the AboutBuster folder under the name Ab LogFile.txt

5. Run CWShredder:

• Double-click on CWShredder.exe.
• Click "Fix ->" and click "OK" at the prompt.
• CWShredder will scan and clean your system of CWS files.
• Click "Next->" and then "Exit".

6. Reboot into Normal Mode.

7. Clean out temporary files:

• Start | Run | type cleanmgr | OK
• Let it scan your system for files to remove.
• Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
• Click "OK" to remove them.
• Click "Yes" to confirm the deletion.

8. TrendMicro™ HouseCall ActiveX Scan

• Please go HERE to run the Trend Micro™ HouseCall Scan.
• Click Scan now. It's free!
• Read and put a Check next to Yes I accept the terms of use.
• Click the Launching HouseCall>> button.
• Under "Browser plug-in" Installing and using Housecall kernel, click the Starting HouseCall>> button.
• You may receive a prompt to install the ActiveX, click install.
• If you are taken back to the main page, click Launching HouseCall>> button again.
• Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
• Please be patient while it installs, updates, and scans your system.
• Once the scan is complete, it will take you to the summary page.
• Under Cleanup options, choose clean all detected infections automatically.
• Click the Clean now>> button.
• If anything was found you may be prompted to run the scan again, you can just close the browser window.

9. Prepare your reply:

• Please post a fresh HijackThis log
• Please post the Ab LogFile.txt.
• Please note any complications you had.

Regards,

Trevuren

[Trevuren]

Hi Wolfvering and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.


Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

1. Prepare CWShredder for use:

• Download CWShredder.
• Save CWShredder.exe to a convenient location.
• Please do not do anything with it yet.

2. Prepare AboutBuster for use:

• Download AboutBuster.Zip to your Desktop
  
• Right click in any open space on your desktop
  • From the menu that appears, choose NEW>>Folder
  • Name the new folder About Buster
• Doubleclick the AboutBuster.zip file on your desktop to open the file:
  • From the main ZIP toolbar, choose "Extract"
  • A window will apppear. Make sure that the "All Files/Folders in archive" option is selected.
  • Choose the newly-created AboutBuster folder on your desktop as the destination.
• Open the About Buster folder
  • Double-click on AboutBuster.exe file.
  • Now, click on "Update"
  • Do Not Run the Program Yet

3. Boot into Safe Mode:
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.


4. Run AboutBuster and save the log:

• Open the AboutBuster folder
• Double-click on the AboutBuster.exe file
• Then click on "Begin Removal"
• Please wait while AboutBuster scans your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
• When it has finished, click OK, then EXIT, then OK again
• The log required can be found in the AboutBuster folder under the name Ab LogFile.txt

5. Run CWShredder:

• Double-click on CWShredder.exe.
• Click "Fix ->" and click "OK" at the prompt.
• CWShredder will scan and clean your system of CWS files.
• Click "Next->" and then "Exit".

6. Reboot into Normal Mode.

7. Clean out temporary files:

• Start | Run | type cleanmgr | OK
• Let it scan your system for files to remove.
• Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
• Click "OK" to remove them.
• Click "Yes" to confirm the deletion.

8. TrendMicro™ HouseCall ActiveX Scan

• Please go HERE to run the Trend Micro™ HouseCall Scan.
• Click Scan now. It's free!
• Read and put a Check next to Yes I accept the terms of use.
• Click the Launching HouseCall>> button.
• Under "Browser plug-in" Installing and using Housecall kernel, click the Starting HouseCall>> button.
• You may receive a prompt to install the ActiveX, click install.
• If you are taken back to the main page, click Launching HouseCall>> button again.
• Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
• Please be patient while it installs, updates, and scans your system.
• Once the scan is complete, it will take you to the summary page.
• Under Cleanup options, choose clean all detected infections automatically.
• Click the Clean now>> button.
• If anything was found you may be prompted to run the scan again, you can just close the browser window.

9. Prepare your reply:

• Please post a fresh HijackThis log
• Please post the Ab LogFile.txt.
• Please note any complications you had.

Regards,

Trevuren

[Wolfvering]

Hey thanks for the help
My home page it's back to normal
but in my Anti-spy from Sbc still tell's me is there but not hijack my homepage.
thankyou for all the help and MERRY CHRISTMAS

[Trevuren]

Please provide the following logs/texts/reports as requested in my previous post:

Prepare your reply:

* Please post a fresh HijackThis log
* Please post the Ab LogFile.txt.
* Please note any complications you had

Trevuren

[Wolfvering]

Logfile of HijackThis v1.99.1
Scan saved at 10:47:21 PM, on 12/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\EXSHOW95.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\WINDOWS\system32\EXSHOW.EXE
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\altpayV2\altpayV2.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
c:\windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {0B540EFA-2AC6-5866-AF53-D93A51569CDC} - C:\WINDOWS\system32\mspg.dll (file missing)
O2 - BHO: Class - {1F6B2AC9-8A18-97CC-C47B-CBBFB1EDBEF1} - C:\WINDOWS\ieti32.dll (file missing)
O2 - BHO: Class - {270C3A3B-B351-AA26-34A9-592904CBFC5F} - C:\WINDOWS\system32\netza32.dll (file missing)
O2 - BHO: Class - {279FD406-3E66-6632-B92E-52FA0C47B825} - C:\WINDOWS\system32\addvo.dll (file missing)
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Class - {5F4CF23D-5370-7E4F-F006-FB29CBB4A970} - C:\WINDOWS\mfctt32.dll (file missing)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {B0FD6320-27E9-F236-D46C-1DBD5BB05BC1} - C:\WINDOWS\system32\apisq.dll (file missing)
O2 - BHO: Class - {B856C014-733A-E7C2-BA3A-B880A9541D36} - C:\WINDOWS\ntvc.dll (file missing)
O2 - BHO: Class - {C7063EDD-A232-E7DB-ECDC-E4249B594117} - C:\WINDOWS\mfcsb.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: Class - {F75E72A9-3C6C-F756-D77B-5683929F8E8D} - C:\WINDOWS\iekj.dll (file missing)
O2 - BHO: Class - {FE13BDB7-4403-0563-A91B-7E8970E72CF7} - C:\WINDOWS\system32\iprn32.dll (file missing)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Need2Find Bar - {4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\altpayV2\altpayV2.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [alij] C:\WINDOWS\system32\run320.exe dummy
O4 - HKLM\..\Run: [22C8.tmp] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\22C8.tmp.exe
O4 - HKLM\..\Run: [22C9.tmp] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\22C9.tmp.exe
O4 - HKLM\..\Run: [22C8.tmp.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\22C8.tmp.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125803128183
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall....ivex/hcImpl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://F:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

AboutBuster 6.0
Scan started on [12/26/2005] at [3:00:31 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Removed Stream! C:\WINDOWS\aolback.exe.lnk:wxqxl
Removed Stream! C:\WINDOWS\AuHCcup1.ini:jsday
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:kgivwu
Removed Stream! C:\WINDOWS\Coffee Bean.bmp:uthlv
Removed Stream! C:\WINDOWS\comsetup.log:vatntp
Removed Stream! C:\WINDOWS\DHCPUPG.LOG:nbltnr
Removed Stream! C:\WINDOWS\diqyk.dat:sdclhe
Removed Stream! C:\WINDOWS\DVDFabGold.INI:gbwypc
Removed Stream! C:\WINDOWS\explorer.scf:tmjswv
Removed Stream! C:\WINDOWS\FaxSetup.log:dpckbx
Removed Stream! C:\WINDOWS\FaxSetup.log:ycoljm
Removed Stream! C:\WINDOWS\gcmoa.log:hmogjq
Removed Stream! C:\WINDOWS\gcmoa.log:vqnpei
Removed Stream! C:\WINDOWS\GetServer.ini:xtzhbp
Removed Stream! C:\WINDOWS\Gone Fishing.bmp:znhmla
Removed Stream! C:\WINDOWS\Hmplayer.INI:domlsi
Removed Stream! C:\WINDOWS\hpdins01.dat:xolafi
Removed Stream! C:\WINDOWS\hpoins01.dat:iucaxk
Removed Stream! C:\WINDOWS\hpoins01.dat:qpefal
Removed Stream! C:\WINDOWS\hzhzg.dat:jlufrs
Removed Stream! C:\WINDOWS\KB824920.log:ekdomd
Removed Stream! C:\WINDOWS\KB885492.log:lorjuh
Removed Stream! C:\WINDOWS\KB886185.log:epjooj
Removed Stream! C:\WINDOWS\KB887472.log:miouid
Removed Stream! C:\WINDOWS\KB887742.log:ynscs
Removed Stream! C:\WINDOWS\KB887797.log:wquurt
Removed Stream! C:\WINDOWS\KB887998.log:eizzkf
Removed Stream! C:\WINDOWS\KB888795.log:prnzle
Removed Stream! C:\WINDOWS\KB890923-IE6SP1-20050225.103456.log:mihaup
Removed Stream! C:\WINDOWS\KB896422.log:dfqvza
Removed Stream! C:\WINDOWS\KB896688.log:teorhh
Removed Stream! C:\WINDOWS\qlmuv.log:vgowoy
Removed Stream! C:\WINDOWS\setupapi.log.5.old:iinbiz
Removed Stream! C:\WINDOWS\ulfit.txt:sgiquh
Removed Stream! C:\WINDOWS\usb_id.kmw:kgavor
Removed Stream! C:\WINDOWS\_default.pif:cqibiz
Removed Stream! C:\WINDOWS\_default.pif:eodgrg
Removed Stream! C:\WINDOWS\_default.pif:irxnw
Removed Stream! C:\WINDOWS\_default.pif:kgtcml
Removed Stream! C:\WINDOWS\_default.pif:kypwnp
Removed Stream! C:\WINDOWS\_default.pif:lvnep
Removed Stream! C:\WINDOWS\_default.pif:mnttpd
Removed Stream! C:\WINDOWS\_default.pif:pporfa
Removed Stream! C:\WINDOWS\_default.pif:shxkhi
Removed Stream! C:\WINDOWS\_default.pif:wpwllq
Removed Stream! C:\WINDOWS\_default.pif:ydwbua
-------------------------------------------------------------
Removed File! : C:\WINDOWS\addkn32.dll
Removed File! : C:\WINDOWS\addlp.exe
Removed File! : C:\WINDOWS\addrp.exe
Removed File! : C:\WINDOWS\addrv.exe
Removed File! : C:\WINDOWS\advdn.log
Removed File! : C:\WINDOWS\appiy32.exe
Removed File! : C:\WINDOWS\appvh.exe
Removed File! : C:\WINDOWS\appvn32.exe
Removed File! : C:\WINDOWS\appvv32.exe
Removed File! : C:\WINDOWS\atlcy.exe
Removed File! : C:\WINDOWS\atldy32.exe
Removed File! : C:\WINDOWS\atlsv.exe
Removed File! : C:\WINDOWS\atlyu.exe
Removed File! : C:\WINDOWS\atlzf32.exe
Removed File! : C:\WINDOWS\bkdxv.dll
Removed File! : C:\WINDOWS\covju.txt
Removed File! : C:\WINDOWS\d3ew.dll
Removed File! : C:\WINDOWS\d3ic.exe
Removed File! : C:\WINDOWS\d3iw32.exe
Removed File! : C:\WINDOWS\d3md32.exe
Removed File! : C:\WINDOWS\d3ns.exe
Removed File! : C:\WINDOWS\d3wr32.exe
Removed File! : C:\WINDOWS\d3wx.exe
Removed File! : C:\WINDOWS\diqyk.dat
Removed File! : C:\WINDOWS\ensky.dll
Removed File! : C:\WINDOWS\fjzoo.dat
Removed File! : C:\WINDOWS\gcmoa.log
Removed File! : C:\WINDOWS\girhk.dat
Removed File! : C:\WINDOWS\iekj.dll
Removed File! : C:\WINDOWS\ieoy.exe
Removed File! : C:\WINDOWS\iepc.exe
Removed File! : C:\WINDOWS\ieuu.exe
Removed File! : C:\WINDOWS\ipah.exe
Removed File! : C:\WINDOWS\ipbu.exe
Removed File! : C:\WINDOWS\ipcs32.exe
Removed File! : C:\WINDOWS\ipmb32.exe
Removed File! : C:\WINDOWS\ipzj32.dll
Removed File! : C:\WINDOWS\ipzk.exe
Removed File! : C:\WINDOWS\javaah.exe
Removed File! : C:\WINDOWS\javajd32.exe
Removed File! : C:\WINDOWS\javala.exe
Removed File! : C:\WINDOWS\javams.exe
Removed File! : C:\WINDOWS\javaph32.exe
Removed File! : C:\WINDOWS\javapr.exe
Removed File! : C:\WINDOWS\kjnuf.dll
Removed File! : C:\WINDOWS\kokeh.log
Removed File! : C:\WINDOWS\mfcbe.exe
Removed File! : C:\WINDOWS\mfcsb.dll
Removed File! : C:\WINDOWS\mssg32.exe
Removed File! : C:\WINDOWS\neteo.exe
Removed File! : C:\WINDOWS\netqn32.exe
Removed File! : C:\WINDOWS\ntat.exe
Removed File! : C:\WINDOWS\ntep32.exe
Removed File! : C:\WINDOWS\ntit32.exe
Removed File! : C:\WINDOWS\ntvc.dll
Removed File! : C:\WINDOWS\ntvr.exe
Removed File! : C:\WINDOWS\n_hmogjq.log
Removed File! : C:\WINDOWS\n_wquurt.log
Removed File! : C:\WINDOWS\psncg.txt
Removed File! : C:\WINDOWS\rqwdw.dll
Removed File! : C:\WINDOWS\sdkhc.exe
Removed File! : C:\WINDOWS\sdkpo.exe
Removed File! : C:\WINDOWS\sdkuw32.exe
Removed File! : C:\WINDOWS\shxkh.txt
Removed File! : C:\WINDOWS\sysgq32.exe
Removed File! : C:\WINDOWS\sysic32.exe
Removed File! : C:\WINDOWS\sysqy32.exe
Removed File! : C:\WINDOWS\sysxf.exe
Removed File! : C:\WINDOWS\umtqr.dll
Removed File! : C:\WINDOWS\winhc.exe
Removed File! : C:\WINDOWS\winrz.exe
Removed File! : C:\WINDOWS\wrlst.dll
Removed File! : C:\WINDOWS\system32\addjg.exe
Removed File! : C:\WINDOWS\system32\addkx.exe
Removed File! : C:\WINDOWS\system32\addtd32.exe
Removed File! : C:\WINDOWS\system32\addvo.dll
Removed File! : C:\WINDOWS\system32\apihb.exe
Removed File! : C:\WINDOWS\system32\apijt32.exe
Removed File! : C:\WINDOWS\system32\apisq.dll
Removed File! : C:\WINDOWS\system32\apitg32.exe
Removed File! : C:\WINDOWS\system32\apitj32.exe
Removed File! : C:\WINDOWS\system32\appdk32.exe
Removed File! : C:\WINDOWS\system32\appsf32.exe
Removed File! : C:\WINDOWS\system32\atlml.exe
Removed File! : C:\WINDOWS\system32\atlrr.exe
Removed File! : C:\WINDOWS\system32\atlru32.exe
Removed File! : C:\WINDOWS\system32\atlup.exe
Removed File! : C:\WINDOWS\system32\crfw.exe
Removed File! : C:\WINDOWS\system32\crxg.exe
Removed File! : C:\WINDOWS\system32\dghte.dll
Removed File! : C:\WINDOWS\system32\eizzk.txt
Removed File! : C:\WINDOWS\system32\hfafp.dll
Removed File! : C:\WINDOWS\system32\hfhnd.dll
Removed File! : C:\WINDOWS\system32\ieha32.exe
Removed File! : C:\WINDOWS\system32\iett.exe
Removed File! : C:\WINDOWS\system32\ietw.exe
Removed File! : C:\WINDOWS\system32\ievo.exe
Removed File! : C:\WINDOWS\system32\ipae.exe
Removed File! : C:\WINDOWS\system32\ipkk.exe
Removed File! : C:\WINDOWS\system32\ipmb32.exe
Removed File! : C:\WINDOWS\system32\jatyd.dll
Removed File! : C:\WINDOWS\system32\javada32.exe
Removed File! : C:\WINDOWS\system32\javaec.exe
Removed File! : C:\WINDOWS\system32\javauo.exe
Removed File! : C:\WINDOWS\system32\jkmev.dll
Removed File! : C:\WINDOWS\system32\kgtcm.log
Removed File! : C:\WINDOWS\system32\mfciu32.exe
Removed File! : C:\WINDOWS\system32\mfcwx.exe
Removed File! : C:\WINDOWS\system32\mskm.exe
Removed File! : C:\WINDOWS\system32\mspg.dll
Removed File! : C:\WINDOWS\system32\mssg32.exe
Removed File! : C:\WINDOWS\system32\mstt.exe
Removed File! : C:\WINDOWS\system32\mswo.exe
Removed File! : C:\WINDOWS\system32\netga32.exe
Removed File! : C:\WINDOWS\system32\netiw32.exe
Removed File! : C:\WINDOWS\system32\netvl32.exe
Removed File! : C:\WINDOWS\system32\netza32.dll
Removed File! : C:\WINDOWS\system32\ntdj32.exe
Removed File! : C:\WINDOWS\system32\ntea.exe
Removed File! : C:\WINDOWS\system32\ntee.exe
Removed File! : C:\WINDOWS\system32\ntlr32.exe
Removed File! : C:\WINDOWS\system32\ntzk.exe
Removed File! : C:\WINDOWS\system32\sdkcx32.exe
Removed File! : C:\WINDOWS\system32\sdkek.exe
Removed File! : C:\WINDOWS\system32\sdkfa.exe
Removed File! : C:\WINDOWS\system32\sdkvy32.exe
Removed File! : C:\WINDOWS\system32\vgowo.dat
Removed File! : C:\WINDOWS\system32\vqnpe.txt
Removed File! : C:\WINDOWS\system32\wincl32.exe
Removed File! : C:\WINDOWS\system32\wingj32.exe
Removed File! : C:\WINDOWS\system32\winlu.exe
Removed File! : C:\WINDOWS\system32\winwn32.exe
Removed File! : C:\WINDOWS\system32\xlvbp.log
Removed File! : C:\WINDOWS\system32\xnbhr.dll
-------------------------------------------------------------
Removed Temp Files
Internet Explorer Settings Reset!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 3:21:20 PM


Aboutbuster did not find any spyware a window say "your system is not Infected"
and My Home page it's back to normal...
I have problems with my dvd drive it can't read or write or see any disk

[Wolfvering]

I have a question.
I use to have well not any more Kazaa program and a shared folder of kazaa with music and all the music was deleted with all this Spyware clean up. can i get it back??
thank for your time and Help

[Trevuren]

There is a file in your log of which I am unsure and of which there exists very little informatiion. For that reason, I need you to submit it to Jotti's for analysis.

1. Click HERE to get to Jotti's site.

2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

C:\Program Files\altpayV2\altpayV2.exe

3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.


As far as the other matter is concerned, your music may be lost. We will see what we can do after all the bugs are gone. P2P programs permit these types of infections to flourish

Regards,

Trevuren

[Wolfvering]

Service load: 0% 100%

File: altpayV2.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 a102657fde87f7edff56f0a6046ac753
Packers detected: -
Scanner results
AntiVir Found Adware-Spyware/WeirWeb.A.1 adware
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Generic.IGY
BitDefender Found BehavesLike:Trojan.Downloader (probable variant)
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.WeirWeb.a
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found AdWare.Win3

[Trevuren]

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

• First we need to make all files and folders VISIBLE:
  
  • Go to start>control panel>folder options>view (tab)
  • Choose to "show hidden files and folders,"
  • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
  • Close the window with ok
• Please RUN HijackThis.
  . Click the SCAN button to produce a log.
  
  
• Place a check mark beside each one of the following items:
  
  R3 - Default URLSearchHook is missing
  O2 - BHO: Class - {0B540EFA-2AC6-5866-AF53-D93A51569CDC} - C:\WINDOWS\system32\mspg.dll (file missing)
  O2 - BHO: Class - {1F6B2AC9-8A18-97CC-C47B-CBBFB1EDBEF1} - C:\WINDOWS\ieti32.dll (file missing)
  O2 - BHO: Class - {270C3A3B-B351-AA26-34A9-592904CBFC5F} - C:\WINDOWS\system32\netza32.dll (file missing)
  O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
  O2 - BHO: Class - {5F4CF23D-5370-7E4F-F006-FB29CBB4A970} - C:\WINDOWS\mfctt32.dll (file missing)
  O2 - BHO: Class - {B0FD6320-27E9-F236-D46C-1DBD5BB05BC1} - C:\WINDOWS\system32\apisq.dll (file missing)
  O2 - BHO: Class - {B856C014-733A-E7C2-BA3A-B880A9541D36} - C:\WINDOWS\ntvc.dll (file missing)
  O2 - BHO: Class - {C7063EDD-A232-E7DB-ECDC-E4249B594117} - C:\WINDOWS\mfcsb.dll (file missing)
  O2 - BHO: Class - {F75E72A9-3C6C-F756-D77B-5683929F8E8D} - C:\WINDOWS\iekj.dll (file missing)
  O2 - BHO: Class - {FE13BDB7-4403-0563-A91B-7E8970E72CF7} - C:\WINDOWS\system32\iprn32.dll (file missing)
  O3 - Toolbar: Need2Find Bar - {4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
  O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
  O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
  O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
  O4 - HKLM\..\Run: [alij] C:\WINDOWS\system32\run320.exe dummy
  O4 - HKLM\..\Run: [22C8.tmp] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\22C8.tmp.exe
  O4 - HKLM\..\Run: [22C9.tmp] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\22C9.tmp.exe
  O4 - HKLM\..\Run: [22C8.tmp.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\22C8.tmp.exe
  O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
  
  
  
• Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.
  
  
• Reboot Your System in Safe Mode
  
  How to use the F8 method to Start Your Computer in Safe Mode
  
  
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe mode menu item
  • Press Enter.
• Using Windows Explorer, locate the following files/folders, and DELETE them (if they are present):
  
  C:\Program Files\altpayV2<==Folder
  C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
  ALCXMNTR.EXE<==you may have to search for this one
  C:\Program Files\p2pnetworks<===Folder
  C:\WINDOWS\system32\run320.exe
  C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\22C8.tmp.exe
  C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\22C9.tmp.exe
  
  
• Exit Explorer, and REBOOT BACK INTO NORMAL MODE
  
  
• Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.

Regards,

Trevuren

[Wolfvering]

Logfile of HijackThis v1.99.1
Scan saved at 7:20:51 PM, on 12/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\EXSHOW95.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\EXSHOW.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\Documents and Settings\Administrator\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINDOWS\system\ctldlg32.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {279FD406-3E66-6632-B92E-52FA0C47B825} - C:\WINDOWS\system32\addvo.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\altpayV2\altpayV2.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125803128183
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall....ivex/hcImpl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://F:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

[Trevuren]

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

• First we need to make all files and folders VISIBLE:
  
  • Go to start>control panel>folder options>view (tab)
  • Choose to "show hidden files and folders,"
  • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
  • Close the window with ok
• Please RUN HijackThis.
  . Click the SCAN button to produce a log.
  
  
• Place a check mark beside each one of the following items:
  
  O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINDOWS\system\ctldlg32.dll
  O2 - BHO: Class - {279FD406-3E66-6632-B92E-52FA0C47B825} - C:\WINDOWS\system32\addvo.dll (file missing)
  O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\altpayV2\altpayV2.exe"
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  
  
  
• Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.
  
  
• Reboot Your System in Safe Mode
  
  How to use the F8 method to Start Your Computer in Safe Mode
  
  
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe mode menu item
  • Press Enter.
• Using Windows Explorer, locate the following files/folders, and DELETE them (if they are present):
  
  C:\WINDOWS\system\ctldlg32.dll
  C:\Program Files\altpayV2<==Folder
  
  
• Exit Explorer, and REBOOT BACK INTO NORMAL MODE
  
  
• Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.

Regards,

Trevuren

[Wolfvering]

Logfile of HijackThis v1.99.1
Scan saved at 3:09:26 PM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\EXSHOW95.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\WINDOWS\system32\EXSHOW.EXE
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\Documents and Settings\Administrator\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125803128183
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall....ivex/hcImpl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://F:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

I find the altpayv2.exe in a different folder MediaPipe and i deleted all the Folder

[Trevuren]

A. Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

• Please download ewido security suite it is a trial version of the program.
  
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
  • The update will start and a progress bar will show the updates being installed.
• Once the updates are installed do the following:
  • REBOOT into Safe Mode
  • Run EWIDO
  • Click on scanner
  • Click on Start Scan
  • Let the program scan the machine
  • While the scan is in progress you will be prompted to clean files, click OK
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
• Reboot your machine

B. Please do an online scan with Kaspersky Online Virus Scanner

Next Click on Free Virus Scanner, then Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Standard
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information into your next post.

Your log is now clean. I would like to check the rest of your system bue to the extent of infection that was originally present.


C. Please post s fresh HJT log, the Ewido log and the Kaspersky report


Regards,

Trevuren

[Wolfvering]

Logfile of HijackThis v1.99.1
Scan saved at 10:19:56 PM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\EXSHOW95.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\WINDOWS\system32\EXSHOW.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125803128183
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall....ivex/hcImpl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://F:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:20:50 PM, 1/2/2006
+ Report-Checksum: A48F5030

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{109FCEAD-8C5C-5B76-3BB3-A646D2B52C93} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4A5DA6C7-CAFA-ADBE-1CBD-9DB325C4EB88} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{53741D3E-19CE-5959-0908-3BB13C3C3990} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{61682029-A490-5C49-D9FD-682FB2DA97AF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67D02480-710B-80D7-0624-27BB57B32CDE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C54510FE-72AA-27FF-1198-0CC47906F451} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DCF499B3-5BE2-6F3F-B6C8-FB0597F0FF79} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E404F826-ABE4-D856-61BA-BCBD539933F8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F1B10CDC-1975-EC0C-C522-2571525E92CF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F99D5FC9-1F47-B6F5-F1D5-55AFEAD2853A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject -> Spyware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CLSID -> Spyware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CurVer -> Spyware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-3488955084-2398261790-997015700-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-3488955084-2398261790-997015700-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-3488955084-2398261790-997015700-500\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-3488955084-2398261790-997015700-500\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@paycounter[2].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\ajdnjhfo10.exe -> Logger.Agent.io : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@sexlist[1].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@weborama[1].txt -> Spyware.Cookie.Weborama : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@xxxcounter[1].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\91E0GJH8\052[1].htm -> Downloader.Phel.d : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QOPTOAZ0\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Administrator\My Documents\hijackthis\backups\backup-20051229-144718-234.dll -> Logger.Agent.io : Cleaned with backup
C:\Program Files\Common Files\lptncncb\arfrbclp\dddjrche.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\lptncncb\ljarppldnd\lbdhrdnrp.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\kazaa\TopSearch.dll -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C4345766-6B66-40AC-99D2-087F88\081DF045-FAF8-47D6-8CA1-217FF8 -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F0B66022-C273-4074-B363-DA94B3\F460A1BC-1531-49EB-A623-EDC34D -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1058.tmp -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1082.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10AB.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10AF.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10B0.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10B1.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10B4.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10B6.tmp -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10B7.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10B8.tmp -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10B9.tmp -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13F3.tmp\dmfiles.cab/AltnetUninstall.exe -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13F3.tmp\dmfiles.cab/asmend.exe -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13F3.tmp\mysearch.cab/mySetp.exe -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13F3.tmp\pmexe.cab/Points Manager.exe -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13F3.tmp\pmfiles.cab/setup.cab/PMuninstall.bde -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13F3.tmp\pmfiles.cab/sysdetect.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15AA.tmp\bar\1.bin\N2PLUGIN.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15AA.tmp\bar\1.bin\ND2FNBAR.DLL -> Spyware.MySearch : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15AA.tmp\bar\1.bin\NPND2FN.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1804.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B3A.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B3B.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B3C.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B3D.tmp -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B3F.tmp -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B40.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B42.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B44.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B46.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B47.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1E25.tmp -> Spyware.Cookie.Gator : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1E3D.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22FC.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22FD.tmp -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2F79.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq349.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34C.tmp -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34D.tmp -> Spyware.Cookie.Bluemountain : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34F.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq350.tmp -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq351.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq352.tmp -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq353.tmp -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq354.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq355.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq356.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq357.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq358.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35A.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35B.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35D.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35E.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35F.tmp -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq360.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq361.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq362.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq363.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq364.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq365.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq366.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq367.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq368.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq369.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36A.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36B.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36C.tmp -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36D.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36E.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36F.tmp -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq371.tmp -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq372.tmp -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq441.tmp -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq442.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq443.tmp -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq445.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq446.tmp -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq448.tmp -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq449.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44A.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44B.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44C.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44D.tmp -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44E.tmp -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44F.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq450.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq451.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B1.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B2.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B3.tmp -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B4.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B5.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B6.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B7.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B8.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B9.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4BA.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4BE.tmp -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4BF.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C0.tmp -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C1.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C2.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C3.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C4.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C5.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C6.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C7.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C8.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C9.tmp -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7AE.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7AF.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B0.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B1.tmp -> Spyware.Cookie.Com : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B2.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B3.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B4.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B5.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7F3.tmp -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7F4.tmp -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7F5.tmp -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7F7.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7F8.tmp -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7F9.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7FA.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7FC.tmp -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7FE.tmp -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq800.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq801.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq802.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq803.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq804.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq806.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq807.tmp -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\RECYCLER\S-1-5-21-3488955084-2398261790-997015700-500\Dc13\altpayV2.exe -> Adware.WeirWeb : Cleaned with backup
C:\RECYCLER\S-1-5-21-3488955084-2398261790-997015700-500\Dc13\insdl.dll -> Spyware.MetaDirect : Cleaned with backup
C:\RECYCLER\S-1-5-21-3488955084-2398261790-997015700-500\Dc13\register.dll -> Spyware.MetaDirect : Cleaned with backup
C:\RECYCLER\S-1-5-21-3488955084-2398261790-997015700-500\Dc14.dll -> Logger.Agent.io : Cleaned with backup
C:\WINDOWS\csvhost.exe -> Downloader.Agent.xq : Cleaned with backup
C:\WINDOWS\system32\upd184.exe -> Downloader.Agent.abs : Cleaned with backup
C:\WINDOWS\system32\upd509.exe -> Downloader.Small.bpz : Cleaned with backup
C:\WINDOWS\system32\upd641.exe -> Downloader.Small.bpz : Cleaned with backup
C:\WINDOWS\system32\Z.dll -> Downloader.Small.byi : Cleaned with backup


::Report End

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, January 02, 2006 20:26:29
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 3/01/2006
Kaspersky Anti-Virus database records: 158496
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 124115
Number of viruses found: 13
Number of infected objects: 212
Number of suspicious objects: 0
Duration of the scan process: 5592 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr140.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr150.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr194.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr27.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr301.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr303.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr304.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr322.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr406.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr418.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr426.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr521.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr569.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr579.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr638.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr68.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr723.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr733.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr744.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr772.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr81.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr908.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr958.dll.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\run320.exe.bac_a03876 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\count.jar-c2b9e19-32631485.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\count.jar-c2b9e19-32631485.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\count.jar-c2b9e19-32631485.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\count.jar-c2b9e19-32631485.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Administrator\Local Settings\Temp\00.exe Infected: Trojan-Spy.Win32.Small.dg
C:\Documents and Settings\Administrator\Local Settings\Temp\a.exe Infected: Trojan-Dropper.Win32.Small.ajn
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll Infected: Trojan-Spy.Win32.Small.dg
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll Infected: Trojan-Spy.Win32.Small.dg
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP1\A0000005.pif:irxnw:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP1\A0000005.pif:kgtcml:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP1\A0000031.pif:irxnw:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP1\A0000031.pif:kgtcml:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP1\A0000051.pif:irxnw:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP1\A0000051.pif:kgtcml:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP10\A0001082.exe Infected: Trojan-Downloader.Win32.Zlob.bv
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP10\A0001087.dll Infected: Trojan-Spy.Win32.Small.dg
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP10\A0001088.dll Infected: Trojan-Spy.Win32.Small.dg
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP10\A0001089.dll Infected: Trojan-Downloader.Win32.Small.byi
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP10\A0001092.dll Infected: Trojan-Spy.Win32.Agent.io
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP10\A0001094.exe Infected: Trojan-Downloader.Win32.Agent.xq
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP11\A0001190.exe Infected: Trojan-Downloader.Win32.Zlob.bv
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP11\A0001195.dll Infected: Trojan-Spy.Win32.Small.dg
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP11\A0001196.dll Infected: Trojan-Spy.Win32.Small.dg
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP11\A0001197.dll Infected: Trojan-Downloader.Win32.Small.byi
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP11\A0001200.dll Infected: Trojan-Spy.Win32.Agent.io
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP11\A0001202.exe Infected: Trojan-Downloader.Win32.Agent.xq
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP16\A0001665.dll Infected: Trojan-Spy.Win32.Agent.io
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP16\A0001666.exe Infected: Trojan-Downloader.Win32.Agent.xq
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP16\A0001667.exe Infected: Trojan-Downloader.Win32.Agent.abs
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP16\A0001668.exe Infected: Trojan-Downloader.Win32.Small.bpz
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP16\A0001669.exe Infected: Trojan-Downloader.Win32.Small.bpz
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP16\A0001670.dll Infected: Trojan-Downloader.Win32.Small.byi
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP2\A0000060.pif:irxnw:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP2\A0000060.pif:kgtcml:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP2\A0000081.pif:irxnw:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP2\A0000081.pif:kgtcml:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP2\A0000103.pif:irxnw:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP2\A0000103.pif:kgtcml:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP3\A0000122.pif:irxnw:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP3\A0000122.pif:kgtcml:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP3\A0000122.pif:shxkhi:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP3\A0000138.pif:irxnw:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP3\A0000138.pif:kgtcml:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP3\A0000138.pif:shxkhi:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP3\A0000167.pif:irxnw:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP3\A0000167.pif:kgtcml:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP3\A0000167.pif:shxkhi:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP4\A0000188.pif:irxnw:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP4\A0000188.pif:kgtcml:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP4\A0000188.pif:shxkhi:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP4\A0000220.pif:irxnw:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP4\A0000220.pif:kgtcml:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP4\A0000220.pif:shxkhi:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP4\A0000450.pif:irxnw:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP4\A0000450.pif:kgtcml:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP4\A0000450.pif:shxkhi:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP4\A0000451.lnk:wxqxl:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP5\A0000462.pif:irxnw:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP5\A0000462.pif:kgtcml:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP5\A0000462.pif:shxkhi:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP5\A0000463.lnk:wxqxl:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP5\A0000475.lnk:wxqxl:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP5\A0000478.pif:irxnw:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP5\A0000478.pif:kgtcml:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP5\A0000478.pif:shxkhi:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP5\A0000497.lnk:wxqxl:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP5\A0000500.pif:irxnw:$DATA Infected: Trojan-Downloader.Win32.Agent.td

[Trevuren]

A. Please download the Killbox by Option^Explicit.

Note:In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.
  
• Please double-click Killbox.exe to run it.
  
• Select
  • "Delete on Reboot
  • Then click on either the "Single File" button if there is but 1 item to Delete or on the "All Files" button if you are being instructed to Delete more than 1 file.
• Please copy the file path(s) below to the clipboard by highlighting ALL of them and pressing CTRL + C
  
  C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
  C:\Documents and Settings\Administrator\.housecall
  C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0
  C:\Documents and Settings\Administrator\Local Settings\Temp\00.exe
  C:\Documents and Settings\Administrator\Local Settings\Temp\a.exe
  C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll
  
  
  
  
• Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  
• Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.


B. Download System Security Suite.Zip file to your Desktop

• Click on 3ssetup104.zip and a window will open.
• Click on EXTRACT and choose your Desktop as the destination.
• Click on setup.exe on your Desktop to install the program.
• Follow the prompts to complete the installation.
• Open the program.
• Check all the boxes under the 'Items to Clear' tab
• Click 'Clear Selected Items'
• Reboot your system

C. After all this is done, please tell me if everything appears to be OK so we can finish up.

Regards,

Trevuren