Help! Computer still down, checking back in... anything new?

Unknown

Hi all...
Was on here about three months (?) ago looking for help with a serious spyware/virus problem. Tried Kaspersky, but it ended up not being able to help b/c explorer.exe is infected and it couldn't clean it. I still haven't done anything with the computer, just been running in safe mode and I finally have some time to do what it takes to clean everything up. Anyway, just wondering if a fix has been found for whatever it is that's ailing my comp., last I knew, I was going to have to wipe my drive and reinstall everything. I really really don't want to do that! I ran adaware and spybot about an hour ago and here's my HJT log:

Thanks for any help, I REALLY appreciate it!!

--Heidi

Logfile of HijackThis v1.99.0
Scan saved at 8:59:40 PM, on 05/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {2A6CD7EC-2DAA-0422-BCF0-60604DFD11ED} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9FD6BB69-11FB-7A53-4AA5-4E7E9599AEE3} - (no file)
O2 - BHO: (no name) - {E4E04B1D-2E74-CC37-EBC9-81617958A32D} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [Internet Explorer] c:\Program Files\Internet Explorer\shttps\http.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [HBrpRgJ7e] inshpast.exe
O4 - HKCU\..\Run: [xset] C:\WINDOWS\System32\xset\wubegefg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2****ed.biz
O15 - Trusted Zone: *.traffic2cash.biz
O15 - Trusted Zone: *.windupdates.com
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Buckeye_Sam

The bottom line is this - while we may be able to get rid of the infection that you've been dealing with for 3 months, if your explorer.exe file is corrupted your best option is to perform a repair installation of Windows right over top of your current OS. You won't lose anything by doing this if you do it correctly. On the other hand you may wish to consider a complete format off your hard drive and then reinstall Windows. This way you would be completely certain that the virus is completely gone. The only other way I know to restore your explorer file is to contact Microsoft at...

1-866-PCSAFETY
or
1-866-727-2338

Explain to them that you lost your explorer.exe file because of the Bube.D virus(they are well aware of it) and they will help you with a replacement CD and instructions.


All of that being said, if you are willing to go to battle with this again, I am certainly willing to do that. Just let me know how you want to proceed.

TiltheWorldEnds

Okay, here's what I think. I tried a couple of times to back up some files to a CD in order to prepare to reformat the hard drive, but when I try to do this, it's like the computer can't find the drive. I want to do what is best for my PC to get it back up and running again since it was my one gift to myself after graduating college. It's a nice computer and I hate to see it like this! So I will gladly do battle with the virus again if you think there's a possibility that I can get rid of it and restore my computer. If that possibility doesn't exist, I guess I can either do the repair or the reformat... whatever you think is best! Thanks for all your help!

--Heidi

Buckeye_Sam

Ok, let's see where the bad guys are.

Make sure that you can VIEW ALL HIDDEN FILES.

Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

Since you will be rebooting a lot I'm going to include some optional items that load at startup but are unnecessary to run at that time. This will help your computer load faster.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {2A6CD7EC-2DAA-0422-BCF0-60604DFD11ED} - (no file)
O2 - BHO: (no name) - {9FD6BB69-11FB-7A53-4AA5-4E7E9599AEE3} - (no file)
O2 - BHO: (no name) - {E4E04B1D-2E74-CC37-EBC9-81617958A32D} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [Internet Explorer] c:\Program Files\Internet Explorer\shttps\http.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [HBrpRgJ7e] inshpast.exe
O4 - HKCU\..\Run: [xset] C:\WINDOWS\System32\xset\wubegefg.exe
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2****ed.biz
O15 - Trusted Zone: *.traffic2cash.biz
O15 - Trusted Zone: *.windupdates.com



Reboot your computer into SAFE MODE

Then delete these files or directories (Do not be concerned if they do not exist):

inshpast.exe
C:\WINDOWS\System32\xset\wubegefg.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\isrvs\ffisearch.exe
C:\WINDOWS\isrvs\sysupd.dll
C:\WINDOWS\isrvs\mfiltis.dll
C:\WINDOWS\isrvs\msdbhk.dll
C:\WINDOWS\delprot.sys
C:\WINDOWS\delprot.ini
C:\WINDOWS\delprot.log
C:\WINDOWS\isrvs <--this folder



Reboot your computer to go back to normal mode and post a new log.

Are you still running Kaspersky as a trial version, or did you purchase it?

TiltheWorldEnds

Okay, here's the deal. Went into HJT and fixed all the items you said to check, but right after I fixed it, I did a scan and the same BHO's and one 015 that I supposedly fixed were right there again. Next I rebooted in safe mode and deleted the stuff I was supposed to delete, but when I went to search for the one (inshpast.exe), it told me I was missing a file needed to run a search, so I don't know what's going on there. Needless to say, I couldn't find that file in order to delete it. Okay, onto the third issue! When I did all that and went to reboot into normal mode, my background comes up, but no icons, no taskbar, no start menu, NADA. So the only way I could get back on here is to reboot into safe mode w/ networking. With all that said, here's my new log:

Logfile of HijackThis v1.99.0
Scan saved at 10:04:51 PM, on 05/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {2A6CD7EC-2DAA-0422-BCF0-60604DFD11ED} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9FD6BB69-11FB-7A53-4AA5-4E7E9599AEE3} - (no file)
O2 - BHO: (no name) - {E4E04B1D-2E74-CC37-EBC9-81617958A32D} - (no file)
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks!
--Heidi

Buckeye_Sam

Well, it looks much better. But it still sounds like your explorer file is corrupted. We'll try a few things later.


Download(right click and select Save file as or Save link as): DelDomains.inf
http://mvps.org/winhelp2002/DelDomains.inf

To use: Close all open browsers
Right-click DelDomains.inf and select: Install

This should remove those 015 entries.




Download and install Registrar Lite.
http://www.resplendence.com/reglite

Run Registrar Lite and do a search for each of these values. Once found, right click and select "Delete selected registry keys and values".

2A6CD7EC-2DAA-0422-BCF0-60604DFD11ED

9FD6BB69-11FB-7A53-4AA5-4E7E9599AEE3

E4E04B1D-2E74-CC37-EBC9-81617958A32D



Reboot and post a new hijackthis log.

TiltheWorldEnds

Okay, did all that and here's the new log. Also, I haven't puchased Kaspersky and the trial version is finished I guess? Forgot to answer your question about that in the last post.

Logfile of HijackThis v1.99.0
Scan saved at 3:10:39 PM, on 05/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Buckeye_Sam

Here's the good news. Your log is completely clean! You have no malware showing in your log.

However this probably does not solve the problem of your explorer file being corrupted. Can you run Kasperky any more, or does it just tell you the trial is over?

TiltheWorldEnds

Thanks for the news! About Kaspersky, it just tells me the trial version is over and I need a new... key? or something.

--Heidi

Buckeye_Sam

Your best option at this point is a repair installation of Windows XP. If you do this properly you won't lose anything on your hard drive and all of your system files will be restored, including the corrupt explorer file.

Here's some info and directions.
http://www.michaelstevenstech.com/XPrepairinstall.htm

TiltheWorldEnds

Okay, sounds good... Will it make my computer run slower though since I'll be installing more files? Thanks for the help.

--Heidi

Buckeye_Sam

No it won't make your computer run slower. In fact it should restore the performance of your computer back to what it should be.

TiltheWorldEnds

Okay, so I setup with the Windows XP CD and it seemed like everything went okay. My explorer seems to be repaired because I actually have a taskbar now, but when I clicked to restore my active desktop all I got was this white/beige background that keeps kind of like flashing or changing color...seems like it's maybe an html file? I can't open any of my files that are saved on the desktop (some gif files, just pictures of family and stuff) and when I ran adaware and spybot, tons of things showed up. Windows keep popping up telling me that my registry has errors and that I should go to different websites to fix it (registrycleaner.com, etc)... I figured this was incorrect, so I haven't done anything there. Also, I have been using mozilla firefox to browse the web, should I continue to do this for now or can I go back to iexplorer? My log looks okay to me, but here it is for you to check over. Thanks!!

Logfile of HijackThis v1.99.0
Scan saved at 12:29:05 PM, on 05/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Buckeye_Sam

Your log does look clean, but I'd like you to run a few virus scans just to make sure.

Please run at least two of these online scans.
Make sure they are set to clean automatically:

Kasperky

Panda Virus Scan

Bit Defender

TrendMicro Housecall

There will be files that these scans will not remove. Please include that information in your next post.


Reboot and post a new hijackthis log and the info from your virus scans.

TiltheWorldEnds

OKay, I couldn't get onto Kaspersky's website at all for some reason, so I didn't run that. I ran the other three... Bit Defender came back clean. TrendMicro came up with 6 infected files, something to do with Troj Delf.dt and I just went ahead and deleted those. Panda Virus let me save a log, so I figured I'd just paste that up here instead of trying to copy down all the files. So this post is going to be long, but here goes... Panda log first and then the new HJT log. Also, can't open Dell Jukebox and Windows Media Player keeps coming up with a message like procedure entry point can't be located in MSDART.DLL and I have a skin that randomly installed that I can't delete in the skin chooser, it doesn't even show up. Other than that, all the other stuff is still the same, weird background, things on desktop won't open, etc. K, here are the logs... thanks!!

It just told me my post is too long, so here's the HJT log and I'll post again with a Panda log.

Logfile of HijackThis v1.99.0
Scan saved at 3:33:55 PM, on 05/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

TiltheWorldEnds

Okay, I have to split the Panda log into a couple of posts, sorry about this!!


Incident Status Location

Adware:Adware/eZula No disinfected C:\WINDOWS\System32\ezPopStub.exe
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Fun & Games\Betting.lnk
Adware:Adware/Apropos No disinfected Windows Registry
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/SideSearch No disinfected Windows Registry
Adware:Adware/ISearch No disinfected C:\WINDOWS\deskbar.ini
Adware:Adware/AdLogix No disinfected Windows Registry
Spyware:Spyware/LocalNRD No disinfected C:\WINDOWS\inf\addremln.inf
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:Adware/SideStep No disinfected Windows Registry
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\v?.dll
Adware:Adware/PowerSearch No disinfected C:\WINDOWS\System32\stlb2.xml
Adware:Adware/BroadcastPC No disinfected Windows Registry
Spyware:Spyware/YourSiteBar No disinfected C:\WINDOWS\Downloaded Program Files\YSBactivex.???
Adware:Adware/MyCustomIE No disinfected Windows Registry
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Heidi\Application Data\sskknwrd.dll
Adware:Adware/BTGrab No disinfected Windows Registry
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Ab scissor.url
Adware:Adware/ESyndicate No disinfected Windows Registry
Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\drexinit.dll
Spyware:Spyware/LinkReplacer No disinfected C:\WINDOWS\System32\lmf32v.dll
Adware:Adware/Transponder No disinfected C:\WINDOWS\inst
Adware:Adware/CoolSearchHome No disinfected Windows Registry
Adware:Adware/P2PNetworking No disinfected C:\DOCUME~1\Heidi\LOCALS~1\Temp\p2psetup.exe
Adware:Adware/Funcade No disinfected C:\Documents and Settings\Heidi\Start Menu\Programs\Funcade
Adware:Adware/CWS.Searchmeup No disinfected C:\Documents and Settings\Administrator\dfe.exe
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Administrator\edxde.exe
Adware:Adware/Envolo No disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\AutoUpdate0\setup.inf
Adware:Adware/ISearch No disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\B211216222\build2.exe
Adware:Adware/TopRebates No disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\webrebates.exe
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z2D2X03\10[1].cab[v3.dll]
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z2D2X03\10[1].cab[v3cab.inf]
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z2D2X03\1[1].cab[v3.dll]
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z2D2X03\1[1].cab[v3cab.inf]
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z2D2X03\auto_update[2]
Adware:Adware/TopConvert No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z2D2X03\protect[1].php
Adware:Adware/TopRebates No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z2D2X03\webrebates_usa[1].exe
Spyware:Spyware/YourSiteBar No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z2D2X03\ysb_regular[1].cab
Spyware:Spyware/YourSiteBar No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z2D2X03\ysb_regular[1].cab[ysbactivex.dll]
Spyware:Spyware/YourSiteBar No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z2D2X03\ysb_regular[1].cab[ysbactivex.inf]
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6ONF53LV\js[2].htm
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Administrator\sfee.exe
Adware:Adware/ISearch No disinfected C:\Documents and Settings\Administrator\su1111fka.exe
Adware:Adware/ISearch No disinfected C:\Documents and Settings\Administrator\sufka.exe
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Heidi\Application Data\Sskcwrd.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Heidi\Application Data\Sskknwrd.dll
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Heidi\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-421ef8d3-1c212aae.class
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Heidi\Desktop\l2mfix\backup.zip[j2j60c1sef.dll]
Virus:Bck/Xset.A Disinfected C:\Documents and Settings\Heidi\ede.exe
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\edxde.exe
Virus:Bck/Xset.A Disinfected C:\Documents and Settings\Heidi\esree.exe
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Fun & Games\Betting.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Fun & Games\Casino Palace.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Fun & Games\Casino.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Fun & Games\Games.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Fun & Games\Horoscope.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Going Places\Air Tickets.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Going Places\Car Rentals.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Going Places\Hotel Deals.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Going Places\Luggage.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Going Places\Travel.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Living\Dating.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Living\Find a Degree.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Living\Find a job.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Living\Home.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Living\Insurance.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Shop\Auctions.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Shop\Books.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Shop\Computers.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Shop\Discount.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Shop\Flowers.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Shop\Golf.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Shop\Jewelry.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Shop\Movies.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Shop\Music.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Shop\Online Store.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Shop\Perfume.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Shop\Sleepwear.lnk

TiltheWorldEnds

Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Ab scissor.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Broadband comparison.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Credit counseling.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Credit report.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Crm software.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Debt credit card.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Escorts.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Fha.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Health insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Help desk software.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Insurance home.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Loan for debt consolidation.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Loan for people with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Marketing email.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Mortgage insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Mortgage life insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Nevada corporations.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Online Betting Site.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Online gambling casino.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Online instant loan.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Order phentermine.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Payroll advance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Personal loans online.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Personal loans with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Prescription Drugs Rx Online.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Refinancing my mortgage.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Tahoe vacation rental.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Unsecured bad credit loans.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\Videos.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Heidi\Favorites\Sites about\What is hydrocodone.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Technology\Adware Remover.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Technology\Anti-Virus.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Technology\PC Cleaner.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Heidi\Favorites\Technology\Tech & gadgets.lnk
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\104649218.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\109827234.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\109831843.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\113199765.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\117477312.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\122817140.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\127842125.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\137277843.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\14433687.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\22297062.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\27502640.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\31753078.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\31855734.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\36924125.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\41196203.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\41198484.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\56540390.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\56544000.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\61712484.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\65983578.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\71159609.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\75425562.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\79024750.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\80593578.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\85767593.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\90042609.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\94494937.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\95210281.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\98763109.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\99482468.dll
Adware:Adware/P2PNetworking No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\p2psetup.exe
Virus:Trj/Downloader.BSL Disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\sa8E.tmp.exe
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\Temporary Internet Files\Content.IE5\OD23CTIV\10[1].cab[v3cab.inf]
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\Local Settings\Temp\Temporary Internet Files\Content.IE5\OD23CTIV\1[1].cab[v3cab.inf]
Adware:Adware/TopConvert No disinfected C:\Documents and Settings\Heidi\Local Settings\Temporary Internet Files\Content.IE5\I1214XGX\protect[1].htm
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Heidi\Local Settings\Temporary Internet Files\Ssk.log
Virus:Trojan Horse No disinfected C:\Documents and Settings\Heidi\oad.exe[backup.exe]
Virus:Trojan Horse No disinfected C:\Documents and Settings\Heidi\oad.exe[cls.exe]
Virus:Trojan Horse No disinfected C:\Documents and Settings\Heidi\oad.exe[reboot.exe]
Virus:Trojan Horse No disinfected C:\Documents and Settings\Heidi\oad.exe[restore.exe]
Virus:Trojan Horse No disinfected C:\Documents and Settings\Heidi\s4df.exe[backup.exe]
Virus:Trojan Horse No disinfected C:\Documents and Settings\Heidi\s4df.exe[cls.exe]
Virus:Trojan Horse No disinfected C:\Documents and Settings\Heidi\s4df.exe[reboot.exe]
Virus:Trojan Horse No disinfected C:\Documents and Settings\Heidi\s4df.exe[restore.exe]
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Heidi\sfe1e.exe
Adware:Adware/ISearch No disinfected C:\Documents and Settings\Heidi\su1111fka.exe
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Spyware:Spyware/ISTbar No disinfected C:\Program Files\HijackThis\backups\backup-20050214-155434-603.inf
Spyware:Spyware/YourSiteBar No disinfected C:\Program Files\HijackThis\backups\backup-20050214-155435-588.inf
Spyware:Spyware/YourSiteBar No disinfected C:\Program Files\HijackThis\backups\backup-20050215-201933-349.inf
Adware:Adware/NetPals No disinfected C:\Program Files\HijackThis\backups\backup-20050217-214255-713.inf
Spyware:Spyware/YourSiteBar No disinfected C:\Program Files\HijackThis\backups\backup-20050222-213700-110.inf
Spyware:Spyware/ISTbar No disinfected C:\Program Files\HijackThis\backups\backup-20050222-213701-800.inf
Spyware:Spyware/YourSiteBar No disinfected C:\Program Files\HijackThis\backups\backup-20050228-180541-536.inf
Virus:Trojan Horse Disinfected C:\Program Files\Internet Explorer\shttps\www\tools\backup.exe
Virus:Trojan Horse Disinfected C:\Program Files\Internet Explorer\shttps\www\tools\cls.exe
Virus:Trojan Horse Disinfected C:\Program Files\Internet Explorer\shttps\www\tools\reboot.exe
Virus:Trojan Horse Disinfected C:\Program Files\Internet Explorer\shttps\www\tools\restore.exe
Adware:Adware/ISearch No disinfected C:\Program Files\Mozilla Firefox\extensions\{2bafa858-4ff3-4207-822e-ef46d1b431de}\chrome\isearch.jar[isearch.js]
Adware:Adware/CWS.008k No disinfected C:\WINDOWS\blank.htm
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Adware:Adware/ISearch No disinfected C:\WINDOWS\deskbar.ini
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.10\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.100\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.101\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.102\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.103\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.104\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.105\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.106\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.107\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.108\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.109\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.11\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.110\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.111\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.112\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.113\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.114\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.115\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.116\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.117\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.118\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.119\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.12\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.120\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.121\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.122\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.123\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.124\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.125\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.126\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.127\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.128\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.13\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.14\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.15\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.16\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.17\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.18\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.19\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.20\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.21\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.22\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.23\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.24\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.25\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.26\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.27\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.28\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.29\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\v3.dll

TiltheWorldEnds

Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.30\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.31\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.32\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.33\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.34\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.35\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.36\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.37\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.38\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.39\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.4\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.40\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.41\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.42\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.43\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.44\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.45\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.46\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.47\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.48\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.49\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.5\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.50\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.51\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.52\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.53\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.54\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.55\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.56\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.57\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.58\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.59\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.6\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.60\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.61\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.62\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.63\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.64\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.65\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.66\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.67\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.68\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.69\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.7\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.70\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.71\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.72\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.73\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.74\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.75\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.76\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.77\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.78\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.79\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.8\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.80\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.81\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.82\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.83\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.84\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.85\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.86\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.87\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.88\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.89\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.9\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.90\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.91\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.92\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.93\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.94\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.95\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.96\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.97\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.98\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.99\v3.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\v3.dll
Spyware:Spyware/YourSiteBar No disinfected C:\WINDOWS\Downloaded Program Files\ysbactivex.inf
Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\drexinit.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\icont.exe
Spyware:Spyware/LocalNRD No disinfected C:\WINDOWS\INF\addremln.inf
Adware:Adware/BTGrab No disinfected C:\WINDOWS\INF\btgrab.inf
Adware:Adware/SideSearch No disinfected C:\WINDOWS\sepsd.bin
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Virus:Trj/SCBop.A Disinfected C:\WINDOWS\SysCheckBop32.exe
Virus:Trj/SCBop.C Disinfected C:\WINDOWS\SYSTEM32\Cache\ssee.exe
Adware:Adware/BrowserAid No disinfected C:\WINDOWS\SYSTEM32\D0CE0C16B1.DLL
Virus:Trj/Delprot.A Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\delprot.sys
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
Virus:Trj/Qhost.Y Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20050212-151701.backup
Virus:Trj/Qhost.Y Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20050212-151733.backup
Virus:Trj/Qhost.Y Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20050212-151751.backup
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20050509-175357.backup
Adware:Adware/eZula No disinfected C:\WINDOWS\SYSTEM32\ezPopStub.exe
Spyware:Spyware/LinkReplacer No disinfected C:\WINDOWS\SYSTEM32\lmf32v.dll
Adware:Adware/PowerSearch No disinfected C:\WINDOWS\SYSTEM32\stlb2.xml
Adware:Adware/StatBlaster No disinfected C:\WINDOWS\SYSTEM32\Vj.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\vx3x.nls
Virus:Bck/Xset.A Disinfected C:\WINDOWS\SYSTEM32\xset\wukanmdh.exe
Virus:Trj/SCBop.C Disinfected C:\WINDOWS\win32076033-1406142005.exe

Buckeye_Sam

Make sure that you can VIEW ALL HIDDEN FILES.


Please delete these files:

C:\WINDOWS\System32\ezPopStub.exe
C:\Documents and Settings\Heidi\Favorites\Fun & Games\Betting.lnk
C:\keys.ini
C:\WINDOWS\deskbar.ini
C:\WINDOWS\inf\addremln.inf
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\Downloaded Program Files\v?.dll
C:\WINDOWS\System32\stlb2.xml
C:\WINDOWS\Downloaded Program Files\YSBactivex.???
C:\Documents and Settings\Heidi\Application Data\sskknwrd.dll
C:\Documents and Settings\Heidi\Favorites\Sites about\Ab scissor.url
C:\WINDOWS\drexinit.dll
C:\WINDOWS\System32\lmf32v.dll
C:\WINDOWS\inst
C:\Documents and Settings\Heidi\Start Menu\Programs\Funcade
C:\Documents and Settings\Administrator\dfe.exe
C:\Documents and Settings\Administrator\edxde.exe
C:\Documents and Settings\Administrator\sfee.exe
C:\Documents and Settings\Administrator\su1111fka.exe
C:\Documents and Settings\Administrator\sufka.exe
C:\Documents and Settings\Heidi\Application Data\Sskcwrd.dll
C:\Documents and Settings\Heidi\Application Data\Sskknwrd.dll
C:\Documents and Settings\Heidi\Desktop\l2mfix\backup.zip[j2j60c1sef.dll]
C:\Documents and Settings\Heidi\edxde.exe
C:\Documents and Settings\Heidi\oad.exe[backup.exe]
C:\Documents and Settings\Heidi\oad.exe[cls.exe]
C:\Documents and Settings\Heidi\oad.exe[reboot.exe]
C:\Documents and Settings\Heidi\oad.exe[restore.exe]
C:\Documents and Settings\Heidi\s4df.exe[backup.exe]
C:\Documents and Settings\Heidi\s4df.exe[cls.exe]
C:\Documents and Settings\Heidi\s4df.exe[reboot.exe]
C:\Documents and Settings\Heidi\s4df.exe[restore.exe]
C:\WINDOWS\Downloaded Program Files\ysbactivex.inf
C:\WINDOWS\drexinit.dll
C:\WINDOWS\icont.exe
C:\WINDOWS\INF\addremln.inf
C:\WINDOWS\INF\btgrab.inf
C:\WINDOWS\sepsd.bin
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\SysCheckBop32.exe
C:\WINDOWS\SYSTEM32\D0CE0C16B1.DLL
C:\WINDOWS\SYSTEM32\ezPopStub.exe
C:\WINDOWS\SYSTEM32\lmf32v.dll
C:\WINDOWS\SYSTEM32\stlb2.xml
C:\WINDOWS\SYSTEM32\Vj.exe
C:\WINDOWS\SYSTEM32\vx3x.nls


Please download, install, and run Cleanup 4.0
http://cleanup.stevengould.org/



Download Hoster.

http://www.funkytoad.com/download/hoster.zip

This will restore your original Host files.
Run the program and press Restore Original Hosts and press OK.



Download and run Microsoft's Antispyware application.

http://www.microsoft.com/athome/security/spyware/software/default.mspx

Remove everything that it finds.



Reboot and post a new hijackthis log. Let me know how things feel.

TiltheWorldEnds

Okay, I think I did pretty much everything you had listed there. Microsoft found alot of junk and I removed all of that. I found a couple of the ysbactivex files, but I couldn't delete them, it would only let me extract. I ran a standard cleanup with CleanUp 4.0, I didn't do thorough b/c it warned me, but I can if you think I should. The computer pretty much is running the same, still has a weird html background, still can't open my desktop files or Dell Jukebox (it appears as though it's loading and then just doesn't open, no error message). Also, alot of those files that you had me delete had other files with different extensions with them, but I only deleted the exact extensions you specified... don't know if that means anything. Here's the new HJT log:

Logfile of HijackThis v1.99.0
Scan saved at 8:31:32 PM, on 05/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.yahoo.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks!!

Buckeye_Sam

Your log is clean, but it sounds like your explorer file is not fully restored. I believe I have done all that I can do for you. I would recommend contacting Microsoft at the numbers that I posted here http://www.short-media.com/forum/showpost.php?p=274459&postcount=2

to see what they can do for you now.