Trojan-Spy.HTML.Smitfraud.c

maz

Hello,

I've scanned through some of the other the other posts reguarding the Smitfraud trojan and it appears that each case is different, so I've decided to post my log file. I wasn't running any virus protection, but somehow the trojan got through my Tiny Personal Firewall. The trojan has totally disabled my firewall to the point where I cannot open it. I have run Spybot and recognizes a problem but cannot fix it. And yes, I was running IE(for the last time). Can anyone help please?

Logfile of HijackThis v1.99.1
Scan saved at 7:32:17 PM, on 5/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Browser Mouse\1.0\LwbWheel.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\windows\ovfipen.exe
C:\wp.exe
C:\Audio Programs\Djs Mk-I free\djsfree.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Audio Programs\Djs Mk-I free\djsfree.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://w-find.com/index.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} -

c:\windows\system\BHOmod.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} -

C:\Program Files\Microsoft Office\Office\MDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\1.0\LwbWheel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\System\cpqs\scom\srmclean.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook

Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Access Update] C:\WINDOWS\System32\sfc_bc32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service]

C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [ifttfik] c:\windows\ovfipen.exe
O4 - HKCU\..\Run: [jkruqwy] c:\windows\sikclpl.exe
O4 - HKCU\..\Run: [vpnljvm] c:\windows\sikclpl.exe
O4 - HKCU\..\Run: [kmolbaq] c:\windows\sikclpl.exe
O4 - HKCU\..\Run: [tmugeiv] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [pqwtiwx] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [tqmudlp] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [avsyuvs] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [dokvckl] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [vyoviya] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [bgyebiy] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [yywhglf] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [oirfvfn] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [tkwidad] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [cnumqtq] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [imryrdo] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [fogejaw] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [uudgupq] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [mldcont] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [rxvmtar] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [gonoxkd] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [lmqflpf] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [ycaubfs] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [mqfdkyc] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [weepfsx] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [hmtniek] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [qykjaab] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [cgqlgdm] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [gctvxsi] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [ndevohl] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [qtgtevk] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [bggpsqm] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [eyjedbq] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [mobbxec] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [yfkpogt] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [icuveni] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [sjgafmi] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [tnocwcg] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [hgtqvyk] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [bmgseef] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [fsnmctj] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [jdkiqyl] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [vbpxukm] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [pkhfqco] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [wujpwfv] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [ijbqgfe] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [mofxrmi] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [oqsuolo] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [copjcli] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [xwmpdhl] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [occswea] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [onwaavq] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [dsebgcf] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [muhskkc] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [ufoiyjs] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [jleeccr] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [gnjieji] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [helqshi] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [jhfrqkf] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [pwiyvtt] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [kknnqxg] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [pvmgbuc] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [qgdaowg] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [vrbhgxk] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [mrhsnms] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [qbbxvpn] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [idovlha] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [pejtdta] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [yecaqkf] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [iejqsyn] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [iaijyno] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [bkyramj] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [byqspnh] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [kimiriw] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [nmcmmah] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [egthhtb] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [mdglxty] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [hdcwvab] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [bkadhxh] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [pukxtmw] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [oilkvwj] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [cknllxi] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [vryikew] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [pgkicnk] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [amemibx] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [julptjn] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [wuelkxc] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [wjxqgjf] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [aqmpxqw] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [inildlf] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [apojplv] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [skbwtvl] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [ykuquww] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [nysxrbf] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [vydrspr] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [urernsg] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [ttjyqpe] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [xntyoib] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [tmowcsa] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [cgnyvmd] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [gvthmtf] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [wcqprll] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [udmpifs] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [xqqueap] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [pmjcvhc] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [wybiqkq] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [qaapmfk] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [vmrthdj] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [bwpporw] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [rknbuly] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [mabgwgy] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [ogaycpu] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [tnpfrvd] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [ffakbbd] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [dkaldcy] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [vykkmlq] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [annnmoh] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [jsebxis] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [prybvid] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [nuvcnwc] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [toyoihd] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [efypjbt] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [ngetwar] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [lvofeyk] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [cpmysvh] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [lrwduxa] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [qvnrdky] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [jsvhfej] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [piadddo] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [cpryaqh] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [dpdfjqp] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [ujcmlgr] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [sbgmysl] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [qooidjf] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [cmlhkmf] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [fqprgtl] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [njerosk] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [mwpdknl] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [abyruwr] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [pcvrvvl] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [srjrbfp] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [sjlikke] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [gdpdyvr] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [vmvmcwt] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [jfoyhcc] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [bbnfuwm] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [gnynaxa] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [hrsiieg] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [ficuwvi] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [stnifew] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [isdasbd] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [tgfanrs] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [glekbyq] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [frcljwd] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [yayrlby] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [eattrkh] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [ylhlwyi] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [weuoalu] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [huqsrbp] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [hbvftwq] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [otukeyk] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [tfryrkt] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [ykmhlci] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [ngwibth] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [qinutpl] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [wlbwcti] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [ocemfxy] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [mhtqviw] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [nndxjby] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [fbxbbqo] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [fcndxby] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [voenunr] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [gkhqxle] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [pxpnbnv] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [wwyhvbp] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [skbeqmp] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [jdqephe] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [igmpvtr] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [ksmneed] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [pqrntwk] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [jcechwb] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [rvmukyf] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [cbasqrv] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [abxfyla] c:\windows\ebmoxni.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service]

C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O16 - DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - file://D:\IntraLaunch.CAB
O21 - SSODL: Themes Media - {A22841F8-D2F2-4F09-8FA3-E3A400829614} -

C:\WINDOWS\System32\seclrean.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd -

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: HP Configuration Interface Service (HPConfig) -

Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program

Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Quattro Installer (QuattroInstallerService) - M-Audio -

C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

Buckeye_Sam

You've got more problems than Smitfraud I'm afraid.

Download LSPFix from http://www.cexx.org/lspfix.zip and run it.

Check the I know what I'm doing box.

In the Keep box you should see one or more instances of the following files.

flsmngr.dll

Select every instance of this file, but no others, and move each one to the Remove box by clicking the >> button.

When you are done click Finish>>.



Make sure that you can VIEW ALL HIDDEN FILES.

Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

O4 - HKCU\..\Run: [ifttfik] c:\windows\ovfipen.exe
O4 - HKCU\..\Run: [jkruqwy] c:\windows\sikclpl.exe
O4 - HKCU\..\Run: [vpnljvm] c:\windows\sikclpl.exe
O4 - HKCU\..\Run: [kmolbaq] c:\windows\sikclpl.exe
O4 - HKCU\..\Run: [tmugeiv] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [pqwtiwx] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [tqmudlp] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [avsyuvs] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [dokvckl] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [vyoviya] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [bgyebiy] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [yywhglf] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [oirfvfn] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [tkwidad] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [cnumqtq] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [imryrdo] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [fogejaw] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [uudgupq] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [mldcont] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [rxvmtar] c:\windows\dacwndb.exe
O4 - HKCU\..\Run: [gonoxkd] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [lmqflpf] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [ycaubfs] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [mqfdkyc] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [weepfsx] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [hmtniek] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [qykjaab] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [cgqlgdm] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [gctvxsi] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [ndevohl] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [qtgtevk] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [bggpsqm] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [eyjedbq] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [mobbxec] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [yfkpogt] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [icuveni] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [sjgafmi] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [tnocwcg] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [hgtqvyk] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [bmgseef] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [fsnmctj] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [jdkiqyl] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [vbpxukm] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [pkhfqco] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [wujpwfv] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [ijbqgfe] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [mofxrmi] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [oqsuolo] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [copjcli] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [xwmpdhl] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [occswea] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [onwaavq] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [dsebgcf] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [muhskkc] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [ufoiyjs] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [jleeccr] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [gnjieji] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [helqshi] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [jhfrqkf] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [pwiyvtt] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [kknnqxg] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [pvmgbuc] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [qgdaowg] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [vrbhgxk] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [mrhsnms] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [qbbxvpn] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [idovlha] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [pejtdta] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [yecaqkf] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [iejqsyn] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [iaijyno] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [bkyramj] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [byqspnh] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [kimiriw] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [nmcmmah] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [egthhtb] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [mdglxty] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [hdcwvab] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [bkadhxh] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [pukxtmw] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [oilkvwj] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [cknllxi] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [vryikew] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [pgkicnk] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [amemibx] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [julptjn] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [wuelkxc] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [wjxqgjf] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [aqmpxqw] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [inildlf] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [apojplv] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [skbwtvl] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [ykuquww] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [nysxrbf] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [vydrspr] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [urernsg] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [ttjyqpe] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [xntyoib] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [tmowcsa] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [cgnyvmd] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [gvthmtf] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [wcqprll] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [udmpifs] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [xqqueap] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [pmjcvhc] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [wybiqkq] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [qaapmfk] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [vmrthdj] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [bwpporw] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [rknbuly] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [mabgwgy] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [ogaycpu] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [tnpfrvd] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [ffakbbd] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [dkaldcy] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [vykkmlq] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [annnmoh] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [jsebxis] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [prybvid] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [nuvcnwc] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [toyoihd] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [efypjbt] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [ngetwar] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [lvofeyk] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [cpmysvh] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [lrwduxa] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [qvnrdky] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [jsvhfej] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [piadddo] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [cpryaqh] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [dpdfjqp] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [ujcmlgr] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [sbgmysl] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [qooidjf] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [cmlhkmf] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [fqprgtl] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [njerosk] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [mwpdknl] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [abyruwr] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [pcvrvvl] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [srjrbfp] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [sjlikke] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [gdpdyvr] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [vmvmcwt] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [jfoyhcc] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [bbnfuwm] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [gnynaxa] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [hrsiieg] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [ficuwvi] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [stnifew] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [isdasbd] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [tgfanrs] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [glekbyq] c:\windows\pkvtiiu.exe
O4 - HKCU\..\Run: [frcljwd] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [yayrlby] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [eattrkh] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [ylhlwyi] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [weuoalu] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [huqsrbp] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [hbvftwq] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [otukeyk] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [tfryrkt] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [ykmhlci] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [ngwibth] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [qinutpl] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [wlbwcti] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [ocemfxy] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [mhtqviw] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [nndxjby] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [fbxbbqo] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [fcndxby] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [voenunr] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [gkhqxle] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [pxpnbnv] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [wwyhvbp] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [skbeqmp] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [jdqephe] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [igmpvtr] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [ksmneed] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [pqrntwk] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [jcechwb] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [rvmukyf] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [cbasqrv] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [abxfyla] c:\windows\ebmoxni.exe


Reboot your computer into SAFE MODE

Then delete these files or directories (Do not be concerned if they do not exist):

c:\windows\ebmoxni.exe
c:\windows\pkvtiiu.exe
c:\windows\dacwndb.exe
c:\windows\sikclpl.exe
c:\windows\ovfipen.exe


Reboot your computer to go back to normal mode.


Please run at least two of these online scans.
Make sure they are set to clean automatically:

Panda Virus Scan

Bit Defender

TrendMicro Housecall

There will be files that these scans will not remove. Please include that information in your next post.


Reboot and post a new hijackthis log and the info from your virus scans.

maz

Thank you thank you thank you for the response

I know my computer is screwed, however I thought my only problem was the smit.fraud trojan. What kind of damage are the problems actually doing to my computer?

Also, do you think a simple system restore would be an easier method, or would the problems still exist in my registry?

I will try this out after work tomorrow(my current mental resources have been properly drained from my job) and I will get back to you.

Buckeye_Sam

A system restore may work, but it depends on how deep this infection has dug in. I don't know that it will do your computer any harm, other than making it very slow. And it's usually not too difficult to remove.

maz

I did as instructed above and I think I was able to get all but one of the infections. It's running in the background of my system and I tried to use ctrl/alt/del to fiind it and disable it so I could delete it. It didn't work and I still have the blue screen with the error message displayed. I ran two of the system scans as well. Here is my most recent hijack log.


Logfile of HijackThis v1.99.1
Scan saved at 7:37:11 PM, on 5/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Browser Mouse\1.0\LwbWheel.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll (file missing)
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Microsoft Office\Office\MDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\1.0\LwbWheel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\System\cpqs\scom\srmclean.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Access Update] C:\WINDOWS\System32\sfc_bc32.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [rugfhtg] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [yrdwioe] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [fvoyihn] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [aqgkdhn] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [byyrbfq] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [vktnsbd] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [afgogpm] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [djeyxmq] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [mcgtwor] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [hltnspu] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [eqtyeqp] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [whednlo] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [tvxuqur] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [cwpsllc] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [mrjrcdw] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [odcqghk] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [gqfggvx] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [pnhrhgh] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [tdbgebh] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [utgoeji] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [mwnkpbx] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [nogyaqk] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [gqwdfbd] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [lmqgyqp] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [xnbqgso] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [mxstdqd] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [nbbsnwc] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [atcknhy] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [pmpbvjg] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [qrxcuag] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [axedktq] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [qfjtqtr] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [vbbpcif] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [prepjrq] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [vyiidyc] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [nnqhsrw] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [yijyhdo] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [xqcldlp] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [lhkyfcr] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [tnjyiap] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [wrulcwp] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [xwulaay] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [edfhoqy] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [yvptely] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [xghadtx] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [gqeshth] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [dcpdujw] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [begolbn] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [ihgduno] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [powxdbc] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [tqvveua] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [txdfvnh] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [enervti] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [ocsymox] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [pnqfcnp] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [nlhgxua] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [wwoecmx] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [awsbryu] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [yhikxua] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [apbychi] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [apfebna] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [biipydb] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [mpexqxq] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [vehkcmx] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [uwiuuxq] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [pwsfnss] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [aslonqj] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [kerfuiu] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [jbtglfd] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [obfurip] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [rlohavs] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [qmfurra] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [lvifcfs] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [cjbgetx] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [miprxsn] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [xpmjtvv] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [kgvonqw] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [otsonnf] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [lfhtckq] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [lkmayll] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ppcylyi] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [osqtwuc] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [vxsxbhg] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [vfvsfek] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [fgtgwtb] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [gnbsney] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [mpymcri] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [scmnkha] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [xvokrbs] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [aacdrwu] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [nxdeqbf] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [gcvyiyj] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [mykpivu] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [grbhilp] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [drsndmm] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [wwelgwp] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [rnpboop] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ympirxl] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [eeskoii] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [efoxnkd] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [racyclr] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [oyywynv] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [wothgir] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [hchalhs] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ydplhaw] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [mtydewr] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [qlmynij] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [tlwruas] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [xhumvjp] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ugksppo] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [nhkpjni] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [goknqfj] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [mtownyw] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [bqdurrb] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [cqmqgau] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [bjpkxas] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [akcetrt] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [vtgtpwq] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [axasmeo] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [abaofse] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [rwcqklg] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [pgkixhg] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [tpxqjbc] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [aihkjai] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [mjabkrq] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [eatmmqd] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [lragmao] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [uairfni] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [rpgvmqu] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ovkivsd] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [fealpxk] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [qjjegfe] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [pshwvye] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [psldcba] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [fpwcfsd] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [vrksjuq] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [imwntby] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [seecnym] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [chbakwt] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [tldgmgr] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [hqgknlm] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [nvhlijn] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [vvislry] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [gcfofgl] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [dogptkf] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [laakhyi] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [itkqkwd] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ieokpkr] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [fqqhlfc] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [qskylwu] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [cpywxyq] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [balhvbr] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [knfwjso] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [mnlwsvp] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [apqdasd] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [bxpnwjr] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [rvxyaqv] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [gujstwg] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ybnsknm] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [hxrcdyw] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [akgcygf] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [aformpk] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [msfnqwh] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [sxbohjs] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [uwevaly] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [aacnwre] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ojxvnyr] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [afhgsgc] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [rxlulot] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [rqppphy] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [gbujtty] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [cbiumdl] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [gwvgvnv] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [bhssqob] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [htaevti] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [cxniupa] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [sejmale] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [qweceam] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [apbnqij] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [tbxlwya] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [onfjgbl] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [aaviawl] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [sluaace] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [kvlxljw] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ftgnkap] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [qqyltlx] c:\windows\bsuxbye.exe
O4 - HKCU\..\Run: [aavfgqh] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [mwuaddm] c:\windows\ebmoxni.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - file://D:\IntraLaunch.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O21 - SSODL: Themes Media - {A22841F8-D2F2-4F09-8FA3-E3A400829614} - C:\WINDOWS\System32\seclrean.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Quattro Installer (QuattroInstallerService) - M-Audio - C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

Buckeye_Sam

Download and run this tool.
http://www.spywareinfo.dk/download/mwav.exe

Once it's done please post the log from the scan and a new hijackthis log.

maz

Ok I've ran the mwav.exe and I guess my system wasn't as clean as I thought. Unfortunately everytime I try and post the log from the mwav in this reply forum it crashes my browser. Weird. I guess the text has too many characters to fit in here. I'll try and post the wmav.log in two separate posts. Anywho, here is the latest hijack log.



Logfile of HijackThis v1.99.1
Scan saved at 9:27:08 AM, on 5/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Browser Mouse\1.0\LwbWheel.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\windows\nbpnchs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Audio Programs\Jetaudio\JetAudio.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://w-find.com/index.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} -

C:\Program Files\Microsoft Office\Office\MDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\1.0\LwbWheel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\System\cpqs\scom\srmclean.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook

Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Access Update] C:\WINDOWS\System32\sfc_bc32.exe
O4 - HKCU\..\Run: [djeyxmq] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [odcqghk] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [lmqgyqp] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [qfjtqtr] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [tnjyiap] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [begolbn] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [nlhgxua] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [vehkcmx] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [jbtglfd] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [obfurip] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [rlohavs] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [qmfurra] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [lvifcfs] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [cjbgetx] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [miprxsn] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [xpmjtvv] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [kgvonqw] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [otsonnf] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [lfhtckq] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [lkmayll] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ppcylyi] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [osqtwuc] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [vxsxbhg] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [vfvsfek] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [fgtgwtb] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [gnbsney] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [mpymcri] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [scmnkha] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [xvokrbs] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [aacdrwu] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [nxdeqbf] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [gcvyiyj] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [mykpivu] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [grbhilp] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [drsndmm] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [wwelgwp] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [rnpboop] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ympirxl] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [eeskoii] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [efoxnkd] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [racyclr] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [oyywynv] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [wothgir] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [hchalhs] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ydplhaw] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [mtydewr] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [qlmynij] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [tlwruas] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [xhumvjp] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ugksppo] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [nhkpjni] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [goknqfj] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [mtownyw] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [bqdurrb] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [cqmqgau] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [bjpkxas] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [akcetrt] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [vtgtpwq] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [axasmeo] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [abaofse] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [rwcqklg] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [pgkixhg] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [tpxqjbc] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [aihkjai] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [mjabkrq] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [eatmmqd] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [lragmao] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [uairfni] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [rpgvmqu] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ovkivsd] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [fealpxk] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [qjjegfe] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [pshwvye] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [psldcba] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [fpwcfsd] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [vrksjuq] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [imwntby] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [seecnym] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [chbakwt] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [tldgmgr] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [hqgknlm] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [nvhlijn] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [vvislry] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [gcfofgl] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [dogptkf] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [laakhyi] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [itkqkwd] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ieokpkr] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [fqqhlfc] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [qskylwu] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [cpywxyq] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [balhvbr] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [knfwjso] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [mnlwsvp] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [apqdasd] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [bxpnwjr] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [rvxyaqv] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [gujstwg] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ybnsknm] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [hxrcdyw] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [akgcygf] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [aformpk] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [msfnqwh] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [sxbohjs] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [uwevaly] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [aacnwre] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ojxvnyr] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [afhgsgc] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [rxlulot] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [rqppphy] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [gbujtty] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [cbiumdl] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [gwvgvnv] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [bhssqob] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [htaevti] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [cxniupa] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [sejmale] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [qweceam] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [apbnqij] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [tbxlwya] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [onfjgbl] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [aaviawl] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [sluaace] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [kvlxljw] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ftgnkap] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [qqyltlx] c:\windows\bsuxbye.exe
O4 - HKCU\..\Run: [igfuahk] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [hvpssbw] c:\windows\gaanrug.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O16 - DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - file://D:\IntraLaunch.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housec

all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -

http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O21 - SSODL: Themes Media - {A22841F8-D2F2-4F09-8FA3-E3A400829614} -

C:\WINDOWS\System32\seclrean.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd -

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: HP Configuration Interface Service (HPConfig) -

Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program

Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Quattro Installer (QuattroInstallerService) - M-Audio -

C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

maz

Yeah, because the log was the complete scan of my system it wouldn't fit. I don't know how much info you need from the log but I rekon this is the important bit. Let me know if you need more info from the mwav.log and I can send the full log to you in an email or pm.

Thanks

Sat May 14 17:28:25 2005 => Options Selected by User:
Sat May 14 17:28:25 2005 => Memory Check: Enabled
Sat May 14 17:28:25 2005 => Registry Check: Enabled
Sat May 14 17:28:25 2005 => StartUp Folder Check: Enabled
Sat May 14 17:28:25 2005 => System Folder Check: Enabled
Sat May 14 17:28:25 2005 => System Area Check: Disabled
Sat May 14 17:28:25 2005 => Services Check: Enabled
Sat May 14 17:28:25 2005 => Drive Check Option Disabled
Sat May 14 17:28:25 2005 => Scanning Type: Scan And Clean
Sat May 14 17:28:25 2005 => Folder Check: Disabled


Sat May 14 23:37:30 2005 => ***** Checking for specific ITW Viruses *****
Sat May 14 23:37:30 2005 => Checking for Welchia Virus...
Sat May 14 23:37:30 2005 => Checking for LovGate Virus...
Sat May 14 23:37:30 2005 => Checking for CodeRed Virus...
Sat May 14 23:37:30 2005 => Checking for OpaServ Virus...
Sat May 14 23:37:30 2005 => Checking for Sobig.e Virus...
Sat May 14 23:37:30 2005 => Checking for Winupie Virus...
Sat May 14 23:37:30 2005 => Checking for Swen Virus...
Sat May 14 23:37:30 2005 => Checking for JS.Fortnight Virus...
Sat May 14 23:37:30 2005 => Checking for Novarg Virus...
Sat May 14 23:37:30 2005 => Checking for Pagabot Virus...
Sat May 14 23:37:30 2005 => Checking for Parite.b Virus...
Sat May 14 23:37:30 2005 => Checking for Parite.a Virus...

Sat May 14 23:37:30 2005 => ***** Scanning complete. *****

Sat May 14 23:37:30 2005 => Total Number of Files Scanned: 73473
Sat May 14 23:37:30 2005 => Total Number of Virus(es) Found: 21
Sat May 14 23:37:30 2005 => Total Number of Disinfected Files: 0
Sat May 14 23:37:30 2005 => Total Number of Files Renamed: 0
Sat May 14 23:37:30 2005 => Total Number of Deleted Files: 9
Sat May 14 23:37:30 2005 => Total Number of Errors: 11
Sat May 14 23:37:30 2005 => Time Elapsed: 01:40:01
Sat May 14 23:37:30 2005 => Virus Database Date: 2005/05/08
Sat May 14 23:37:30 2005 => Virus Database Count: 128916



Sat May 14 23:37:30 2005 => Scan Completed.

Buckeye_Sam

Fix these lines with Hijackthis. Then reboot and post a new hijackthis log.

O4 - HKLM\..\Run: [Access Update] C:\WINDOWS\System32\sfc_bc32.exe
O4 - HKCU\..\Run: [djeyxmq] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [odcqghk] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [lmqgyqp] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [qfjtqtr] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [tnjyiap] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [begolbn] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [nlhgxua] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [vehkcmx] c:\windows\ebmoxni.exe
O4 - HKCU\..\Run: [jbtglfd] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [obfurip] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [rlohavs] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [qmfurra] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [lvifcfs] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [cjbgetx] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [miprxsn] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [xpmjtvv] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [kgvonqw] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [otsonnf] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [lfhtckq] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [lkmayll] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ppcylyi] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [osqtwuc] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [vxsxbhg] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [vfvsfek] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [fgtgwtb] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [gnbsney] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [mpymcri] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [scmnkha] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [xvokrbs] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [aacdrwu] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [nxdeqbf] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [gcvyiyj] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [mykpivu] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [grbhilp] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [drsndmm] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [wwelgwp] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [rnpboop] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ympirxl] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [eeskoii] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [efoxnkd] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [racyclr] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [oyywynv] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [wothgir] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [hchalhs] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ydplhaw] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [mtydewr] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [qlmynij] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [tlwruas] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [xhumvjp] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ugksppo] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [nhkpjni] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [goknqfj] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [mtownyw] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [bqdurrb] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [cqmqgau] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [bjpkxas] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [akcetrt] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [vtgtpwq] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [axasmeo] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [abaofse] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [rwcqklg] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [pgkixhg] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [tpxqjbc] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [aihkjai] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [mjabkrq] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [eatmmqd] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [lragmao] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [uairfni] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [rpgvmqu] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ovkivsd] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [fealpxk] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [qjjegfe] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [pshwvye] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [psldcba] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [fpwcfsd] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [vrksjuq] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [imwntby] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [seecnym] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [chbakwt] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [tldgmgr] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [hqgknlm] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [nvhlijn] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [vvislry] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [gcfofgl] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [dogptkf] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [laakhyi] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [itkqkwd] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ieokpkr] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [fqqhlfc] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [qskylwu] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [cpywxyq] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [balhvbr] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [knfwjso] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [mnlwsvp] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [apqdasd] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [bxpnwjr] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [rvxyaqv] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [gujstwg] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ybnsknm] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [hxrcdyw] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [akgcygf] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [aformpk] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [msfnqwh] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [sxbohjs] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [uwevaly] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [aacnwre] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ojxvnyr] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [afhgsgc] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [rxlulot] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [rqppphy] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [gbujtty] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [cbiumdl] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [gwvgvnv] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [bhssqob] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [htaevti] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [cxniupa] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [sejmale] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [qweceam] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [apbnqij] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [tbxlwya] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [onfjgbl] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [aaviawl] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [sluaace] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [kvlxljw] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [ftgnkap] c:\windows\nbpnchs.exe
O4 - HKCU\..\Run: [qqyltlx] c:\windows\bsuxbye.exe
O4 - HKCU\..\Run: [igfuahk] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [hvpssbw] c:\windows\gaanrug.exe

maz

Done and done. New hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 8:04:01 PM, on 5/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
C:\Program Files\Browser Mouse\1.0\LwbWheel.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Audio Programs\Quicktime_iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\gaanrug.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Microsoft Office\Office\MDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\1.0\LwbWheel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\System\cpqs\scom\srmclean.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Audio Programs\Quicktime_iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Access Update] C:\WINDOWS\System32\sfc_bc32.exe
O4 - HKCU\..\Run: [aqnhsxw] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [lvmnunu] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ssqtile] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [sgujjfq] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [yercels] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [gduordr] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [unjtpgy] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [jlnleuo] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [bnpncnp] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ixfswhc] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ykocfgd] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [jgdfixm] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [hbgdfyf] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [pqevfbr] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [htyxxic] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [gksxjko] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [vduvowj] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [liiyjli] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [pkiowkm] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [uwsfajw] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [fxgitgm] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [khrltej] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [kgyorfv] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ebeaidt] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [scraord] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [fvgflli] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [payxexa] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [mvixlpj] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [agvobce] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [vyhvema] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [tvthiwk] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [cwwlphx] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [lyorojm] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [faxxcif] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [saqdmep] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [iyrybqh] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [khcqlbh] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [hhldcka] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [usaaxmu] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [orweabl] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [cjqhfbm] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [aauhgkh] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [pqwpbqd] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [aipbpju] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [lisgiii] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [fpbwdtd] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [yqnaejf] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [uieevqq] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [fusdhor] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [mtuyqng] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [womyoal] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [vftvkss] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [rpfskwm] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [gxqkvxk] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [lslxjcs] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ratlsdn] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [sqmhune] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [pxmfacx] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [wwkglfn] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [rcchyos] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [wiwljkg] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [fxdmnrc] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [kqgpmko] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [rysesqu] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ykjssco] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [jusvwsm] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [cgauthg] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [drghhrg] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [iptmdfu] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [xccmnfr] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [wjnifhx] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [xudnhfb] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [pjmgjgy] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [dldiusj] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [qqtgfqn] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [kwfttvj] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [rmrtsis] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [nmmjyga] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ulhrswx] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [fhcvfup] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [svvjaqa] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [dnrqbsf] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [qooqbsi] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [itrxesc] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ycfajnf] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [eavqwwd] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [avrnxou] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [xhpmqil] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [uedofrv] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ymyixvy] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [fymfihp] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [jqpuqbc] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [piqwhgv] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [dehlhtj] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [eafelwt] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [daxwitm] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [snucoid] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [hnypoqw] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [egwrqfk] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ryustkv] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [kfdtbrw] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [aehmxwj] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [wtqcjpd] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [nubodvh] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [sbdavkc] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [vkhdydl] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [igjyeqq] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [amfyljo] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [opovdrx] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [hayaotx] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [rmxgotb] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [kffdnlg] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [mxcgajj] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [psagbui] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [jgulwyj] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [tcsxami] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [rjohjug] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [uhxvvjf] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [xwjvlmv] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [vxoffim] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [bfmnbje] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [pstvqop] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [wbjrhqo] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [awfbeeu] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [uhmypio] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [kjhmgcp] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [vhljffu] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [jagqkdw] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [uwukghh] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [diqklvo] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ivmqokj] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [lfqwbxo] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ffpovfb] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [eiqwdtt] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [rhatmlf] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [mbgsjdn] c:\windows\mdonpqf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - file://D:\IntraLaunch.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O21 - SSODL: Themes Media - {A22841F8-D2F2-4F09-8FA3-E3A400829614} - C:\WINDOWS\System32\seclrean.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Quattro Installer (QuattroInstallerService) - M-Audio - C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

Buckeye_Sam

Make sure that you can VIEW ALL HIDDEN FILES.

Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O4 - HKLM\..\Run: [Access Update] C:\WINDOWS\System32\sfc_bc32.exe
O4 - HKCU\..\Run: [aqnhsxw] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [lvmnunu] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ssqtile] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [sgujjfq] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [yercels] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [gduordr] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [unjtpgy] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [jlnleuo] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [bnpncnp] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ixfswhc] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ykocfgd] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [jgdfixm] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [hbgdfyf] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [pqevfbr] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [htyxxic] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [gksxjko] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [vduvowj] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [liiyjli] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [pkiowkm] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [uwsfajw] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [fxgitgm] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [khrltej] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [kgyorfv] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ebeaidt] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [scraord] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [fvgflli] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [payxexa] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [mvixlpj] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [agvobce] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [vyhvema] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [tvthiwk] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [cwwlphx] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [lyorojm] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [faxxcif] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [saqdmep] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [iyrybqh] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [khcqlbh] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [hhldcka] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [usaaxmu] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [orweabl] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [cjqhfbm] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [aauhgkh] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [pqwpbqd] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [aipbpju] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [lisgiii] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [fpbwdtd] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [yqnaejf] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [uieevqq] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [fusdhor] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [mtuyqng] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [womyoal] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [vftvkss] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [rpfskwm] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [gxqkvxk] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [lslxjcs] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ratlsdn] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [sqmhune] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [pxmfacx] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [wwkglfn] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [rcchyos] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [wiwljkg] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [fxdmnrc] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [kqgpmko] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [rysesqu] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ykjssco] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [jusvwsm] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [cgauthg] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [drghhrg] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [iptmdfu] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [xccmnfr] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [wjnifhx] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [xudnhfb] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [pjmgjgy] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [dldiusj] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [qqtgfqn] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [kwfttvj] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [rmrtsis] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [nmmjyga] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ulhrswx] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [fhcvfup] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [svvjaqa] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [dnrqbsf] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [qooqbsi] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [itrxesc] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ycfajnf] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [eavqwwd] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [avrnxou] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [xhpmqil] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [uedofrv] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ymyixvy] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [fymfihp] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [jqpuqbc] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [piqwhgv] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [dehlhtj] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [eafelwt] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [daxwitm] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [snucoid] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [hnypoqw] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [egwrqfk] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ryustkv] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [kfdtbrw] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [aehmxwj] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [wtqcjpd] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [nubodvh] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [sbdavkc] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [vkhdydl] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [igjyeqq] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [amfyljo] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [opovdrx] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [hayaotx] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [rmxgotb] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [kffdnlg] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [mxcgajj] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [psagbui] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [jgulwyj] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [tcsxami] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [rjohjug] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [uhxvvjf] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [xwjvlmv] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [vxoffim] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [bfmnbje] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [pstvqop] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [wbjrhqo] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [awfbeeu] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [uhmypio] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [kjhmgcp] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [vhljffu] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [jagqkdw] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [uwukghh] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [diqklvo] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ivmqokj] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [lfqwbxo] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [ffpovfb] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [eiqwdtt] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [rhatmlf] c:\windows\gaanrug.exe
O4 - HKCU\..\Run: [mbgsjdn] c:\windows\mdonpqf.exe


Reboot your computer into SAFE MODE

Then delete these files or directories (Do not be concerned if they do not exist):

c:\windows\gaanrug.exe
c:\windows\mdonpqf.exe
C:\WINDOWS\System32\sfc_bc32.exe


Reboot your computer to go back to normal mode and post a new log.

maz

Ok, I after I rebooted in safemode, you instructed me to delete these files:

c:\windows\gaanrug.exe
c:\windows\mdonpqf.exe
C:\WINDOWS\System32\sfc_bc32.exe

As you can see from the latest hijack log I had quite a few of "c:\windows\mdonpqf.exe,"
but I didn't know if I should have deleted them all.

Logfile of HijackThis v1.99.1
Scan saved at 7:28:09 PM, on 5/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Browser Mouse\1.0\LwbWheel.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\windows\mdonpqf.exe
C:\Program Files\Filezilla\firefox.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Microsoft Office\Office\MDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\1.0\LwbWheel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\System\cpqs\scom\srmclean.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Access Update] C:\WINDOWS\System32\sfc_bc32.exe
O4 - HKCU\..\Run: [teuhsut] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [maccbiw] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [cqvepkn] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [oauhhhx] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [bncipxo] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [fhrpxli] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [jmsnvfb] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [eeihixp] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [ldshpjv] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [uagnwvh] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [flnssam] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [oubiltx] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [tqbxtqj] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [mtweyrh] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [iihhnls] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [xjtebgp] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [cxqlemi] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [dtetset] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [blqkbad] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [xlnghbr] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [ekhbafk] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [reyewpw] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [kmatehl] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [cftlrap] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [waysjtr] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [xdkmorq] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [xyibeet] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [ikcuikv] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [qnrvkao] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [navvrqs] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [wifugym] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [gqggmge] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [wtmxxsq] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [rsrcski] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [rarxxqh] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [sndcaei] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [nsljucv] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [mqnitvi] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [nvgpmyw] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [hvrxrbf] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [hulxipc] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [kbvsfwy] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [qcsukuf] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [lvshvsn] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [gxfrulk] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [ufefbuc] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [sqgawef] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [ijedppb] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [guimunx] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [cmvekhr] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [phgwblt] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [yypujnf] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [gbbtuvo] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [nqcaash] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [iugcrss] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [udnolfj] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [wlfhkmg] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [idvyjhm] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [xgatlru] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [bodhden] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [vciqxxs] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [kwttpid] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [rbgmldk] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [ihfgneh] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [knjcvfk] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [oxciogf] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [ngsqnwt] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [uvfprgy] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [pcvedcl] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [blsjjys] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [rrcixgt] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [wlfjeyi] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [axplthr] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [yuafyar] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [uewalvu] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [mfotonn] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [xhufcqm] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [nxetpel] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [vnyslss] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [permbij] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [pprucdu] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [powdqei] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [yrlyjgs] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [wjbknim] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [clbikty] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [gykexld] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [wlrmjax] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [ykcmvab] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [fglfsyl] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [epxjsiu] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [kokpnnv] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [rwsctma] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [ycktibc] c:\windows\subccad.exe
O4 - HKCU\..\Run: [ytmmjsg] c:\windows\subccad.exe
O4 - HKCU\..\Run: [jygdbhi] c:\windows\subccad.exe
O4 - HKCU\..\Run: [xjgglld] c:\windows\subccad.exe
O4 - HKCU\..\Run: [bbrkejv] c:\windows\subccad.exe
O4 - HKCU\..\Run: [qvpcedj] c:\windows\subccad.exe
O4 - HKCU\..\Run: [uihxusl] c:\windows\subccad.exe
O4 - HKCU\..\Run: [ajsttyf] c:\windows\subccad.exe
O4 - HKCU\..\Run: [rperhgr] c:\windows\subccad.exe
O4 - HKCU\..\Run: [lxiprfo] c:\windows\subccad.exe
O4 - HKCU\..\Run: [rscnaxu] c:\windows\subccad.exe
O4 - HKCU\..\Run: [fusuqvp] c:\windows\subccad.exe
O4 - HKCU\..\Run: [rgghxuj] c:\windows\subccad.exe
O4 - HKCU\..\Run: [fxtxgbj] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ctjqifp] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [eoujagm] c:\windows\wdctkha.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - file://D:\IntraLaunch.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O21 - SSODL: Themes Media - {A22841F8-D2F2-4F09-8FA3-E3A400829614} - C:\WINDOWS\System32\seclrean.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Quattro Installer (QuattroInstallerService) - M-Audio - C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

Buckeye_Sam

Download rkfiles.zip
http://skads.org/special/rkfiles.zip
Unzip the contents to a permanent folder.

Reboot your computer into Safe Mode


Doubleclick rkfiles.bat
It will scan for a while, so please be patient.
Wait till the DOS window closes and reboot back to normal mode.

Post the contents of C:\log.txt in your next reply.

maz

Here is the log from the rkfiles.bat scan.

C:\Documents and Settings\Administrator\Desktop\rkfiles

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............

---

C:\WINDOWS\system32\bwfouikx.exe: UPX!
C:\WINDOWS\system32\loqcaaaa.exe: UPX!
C:\WINDOWS\system32\pinmwbuf.exe: UPX!
C:\WINDOWS\system32\vapcpnnl.exe: UPX!
C:\WINDOWS\system32\xxfxaaaa.exe: UPX!
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\system32\spoolsrv32.exe: PEC2

Files Found in all users startup Folder............

---

Files Found in all users windows Folder............

---

C:\WINDOWS\bsuxbye.exe: UPX!
C:\WINDOWS\gaanrug.exe: UPX!
C:\WINDOWS\IFinst27.exe: UPX!
C:\WINDOWS\mdonpqf.exe: UPX!
C:\WINDOWS\nbpnchs.exe: UPX!
C:\WINDOWS\p2p-10110.exe: UPX!
C:\WINDOWS\subccad.exe: UPX!
C:\WINDOWS\tsc.exe: UPX!
C:\WINDOWS\vsapi32.dll: UPX!t4
C:\WINDOWS\wdctkha.exe: UPX!
C:\WINDOWS\whlbakv.exe: UPX!
Finished
bye

Buckeye_Sam

Fix these lines with Hijackthis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O4 - HKLM\..\Run: [Access Update] C:\WINDOWS\System32\sfc_bc32.exe
O4 - HKCU\..\Run: [teuhsut] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [maccbiw] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [cqvepkn] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [oauhhhx] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [bncipxo] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [fhrpxli] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [jmsnvfb] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [eeihixp] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [ldshpjv] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [uagnwvh] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [flnssam] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [oubiltx] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [tqbxtqj] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [mtweyrh] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [iihhnls] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [xjtebgp] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [cxqlemi] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [dtetset] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [blqkbad] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [xlnghbr] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [ekhbafk] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [reyewpw] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [kmatehl] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [cftlrap] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [waysjtr] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [xdkmorq] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [xyibeet] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [ikcuikv] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [qnrvkao] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [navvrqs] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [wifugym] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [gqggmge] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [wtmxxsq] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [rsrcski] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [rarxxqh] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [sndcaei] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [nsljucv] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [mqnitvi] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [nvgpmyw] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [hvrxrbf] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [hulxipc] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [kbvsfwy] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [qcsukuf] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [lvshvsn] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [gxfrulk] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [ufefbuc] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [sqgawef] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [ijedppb] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [guimunx] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [cmvekhr] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [phgwblt] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [yypujnf] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [gbbtuvo] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [nqcaash] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [iugcrss] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [udnolfj] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [wlfhkmg] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [idvyjhm] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [xgatlru] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [bodhden] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [vciqxxs] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [kwttpid] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [rbgmldk] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [ihfgneh] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [knjcvfk] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [oxciogf] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [ngsqnwt] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [uvfprgy] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [pcvedcl] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [blsjjys] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [rrcixgt] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [wlfjeyi] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [axplthr] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [yuafyar] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [uewalvu] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [mfotonn] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [xhufcqm] c:\windows\mdonpqf.exe
O4 - HKCU\..\Run: [nxetpel] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [vnyslss] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [permbij] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [pprucdu] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [powdqei] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [yrlyjgs] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [wjbknim] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [clbikty] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [gykexld] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [wlrmjax] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [ykcmvab] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [fglfsyl] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [epxjsiu] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [kokpnnv] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [rwsctma] c:\windows\whlbakv.exe
O4 - HKCU\..\Run: [ycktibc] c:\windows\subccad.exe
O4 - HKCU\..\Run: [ytmmjsg] c:\windows\subccad.exe
O4 - HKCU\..\Run: [jygdbhi] c:\windows\subccad.exe
O4 - HKCU\..\Run: [xjgglld] c:\windows\subccad.exe
O4 - HKCU\..\Run: [bbrkejv] c:\windows\subccad.exe
O4 - HKCU\..\Run: [qvpcedj] c:\windows\subccad.exe
O4 - HKCU\..\Run: [uihxusl] c:\windows\subccad.exe
O4 - HKCU\..\Run: [ajsttyf] c:\windows\subccad.exe
O4 - HKCU\..\Run: [rperhgr] c:\windows\subccad.exe
O4 - HKCU\..\Run: [lxiprfo] c:\windows\subccad.exe
O4 - HKCU\..\Run: [rscnaxu] c:\windows\subccad.exe
O4 - HKCU\..\Run: [fusuqvp] c:\windows\subccad.exe
O4 - HKCU\..\Run: [rgghxuj] c:\windows\subccad.exe
O4 - HKCU\..\Run: [fxtxgbj] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ctjqifp] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [eoujagm] c:\windows\wdctkha.exe



Download the Pocket Killbox.

Unzip the contents of KillBox.zip to a convenient location and then double-click on KillBox.exe to launch the program.

• Highlight the lines below and press the Ctrl key and the C key at the same time to copy them to the clipboard:
  
  C:\WINDOWS\system32\bwfouikx.exe
  C:\WINDOWS\system32\loqcaaaa.exe
  C:\WINDOWS\system32\pinmwbuf.exe
  C:\WINDOWS\system32\vapcpnnl.exe
  C:\WINDOWS\system32\xxfxaaaa.exe
  C:\WINDOWS\system32\spoolsrv32.exe
  C:\WINDOWS\System32\sfc_bc32.exe
  C:\WINDOWS\bsuxbye.exe
  c:\windows\whlbakv.exe
  C:\WINDOWS\gaanrug.exe
  C:\WINDOWS\IFinst27.exe
  C:\WINDOWS\mdonpqf.exe
  C:\WINDOWS\nbpnchs.exe
  C:\WINDOWS\p2p-10110.exe
  C:\WINDOWS\subccad.exe
  C:\WINDOWS\wdctkha.exe
  C:\WINDOWS\whlbakv.exe
  
  

[*]Now go to the Killbox application and click on the File menu and then the Paste from Clipboard menu item. In the Full Path of File to Delete box you should see the first file. If you dropdown that box you should see the rest of them. Make sure that they are all there.
[*]Click on the Delete on Reboot option and then click on the red circle with a white 'X' in to to delete the files. Killbox will tell you that all listed files will be deleted on next reboot, click YES. When it asks if you would like to Reboot now, click YES. If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.

Your system will reboot now.


Post a new hijackthis log and new rkfiles log.

maz

Thanks for hanging in there with me! Does this look good so far or am my system screwed?

Logfile of HijackThis v1.99.1
Scan saved at 8:49:07 PM, on 5/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
C:\Program Files\Browser Mouse\1.0\LwbWheel.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\windows\ssdscgn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Filezilla\firefox.exe
C:\Audio Programs\Djs Mk-I free\djsfree.exe
C:\Program Files\Hijack This\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Microsoft Office\Office\MDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\1.0\LwbWheel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\System\cpqs\scom\srmclean.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Access Update] C:\WINDOWS\System32\aaaaxoci.exe
O4 - HKCU\..\Run: [hiqhyki] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [slctenn] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ryhnxvw] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [gfbogbj] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [pxxpjrm] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jsyxjrg] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [sdemqgg] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [kfberry] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [swlamtp] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [nucedxq] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [kontjyr] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [stwbrlf] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [dhdikve] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [skqntah] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [luwanpk] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [laevyqa] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [denpqjw] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [linfhlm] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [pyrbtgw] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [hjfujcn] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [lwrftju] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [maikgvl] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [mfswxxg] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [kchplkl] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [xoopieu] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ywrkhoi] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ehfthwg] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [bospiod] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jmdlfmm] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [wtmmtwp] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [yrvwqin] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [eydlejr] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [aroirej] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [vjwtpof] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [bjhosoa] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [blqfctg] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [hcjwslh] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ptseakn] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [cdcxdpq] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [fsbhpif] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [pjtqakk] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [xrnnwky] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [bxbesnc] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [xoxgouj] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [xxpalnm] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [hetguos] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [vjfcoxn] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [vawxqia] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [mtvcvxy] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ktbmnwh] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ahikmka] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ycwfebi] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [nokvtyj] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ydiwugn] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jyunuyq] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [axebsni] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [xjsuyre] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [mmarynt] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [rrxjbmt] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [hopmueh] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [vuqehdh] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [uxgpsde] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [oefpmcd] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [icvippt] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [nutphve] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [twbsqor] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [uajfanb] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ofpjsdu] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [xrnjuiu] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [drlkdqp] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jbrttxp] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [dqqeqgf] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jamaxke] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [xwukvdh] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [aybfuua] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jqcbrcq] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jonlhvj] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [nrxpoas] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [smhrsuk] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [nhrynqw] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [dfxafno] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [xlebvbo] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [wbetncl] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [sbuoymy] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [hbodybp] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [tdtwpdg] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [mcvdbog] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [hetambk] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [sxhksgt] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [vpxixvi] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [bmtnwps] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [pcaxebh] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [dyuqfig] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ugclrto] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jdcxbkp] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [vagkecq] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [rvfogrf] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [aiahhyg] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [bgsflhu] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [nbqxmuk] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ultapcb] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [wjdsgkd] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [fvofvgl] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [iycgqpv] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [waonqbm] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [yrmkbmu] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [iesqjke] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [tnfikyl] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [uwhsyqv] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jteqria] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [rcqchji] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [rvtklun] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [trrwdlg] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [mrknjhk] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [hrivouy] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [hvrtbbx] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [yyocilp] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [tsqngmf] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [knmytqi] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [mvjtqbo] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [elcycce] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [llxvfbc] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jdvapvv] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ttttuwo] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [opaxwxi] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ynabiso] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [bodfolh] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [xspbqyf] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ibssacc] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [aajbqfx] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [wpmitkb] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [pmpsrlm] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jyotbnb] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [wptgbpr] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [eklmoqj] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [btqukoa] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [yovsrrv] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [mkadqwr] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [cwghdvk] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [vvaybdf] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [pnhtkra] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [tfnorkd] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [gbbniqn] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ntkpgat] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jjafdck] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [mvhmdcy] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [hpykiej] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [icjrslm] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [xasrvxk] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [atbxjfc] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [tflggjf] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [tagtass] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [cccylnv] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [tjpyxnh] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [rcimurw] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [mcpxaik] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [mkryiro] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [epbodxs] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [eiaqggj] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ujepxmk] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [hniobgg] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [umxshjq] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [jbujurj] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [obliugf] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [xwlcgqw] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [prmrrnc] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [tadvnph] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [nhyhcny] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [rfpibej] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [mjhinuh] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [xsovike] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [krtdpmo] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [efelypl] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [kylvcoc] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [seaqhnm] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [jihedtu] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [gsglwbf] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [bofxanw] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [jdqicbl] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [ikwnuvq] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [uarbipx] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [asrjuyb] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [wnmekva] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [fxfpscl] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [ntbyojm] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [bksdupt] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [uxdgven] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [gvxjxsh] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [belcsnj] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [cxpissj] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [xllrcgn] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [piinbya] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [ikhckue] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [clvjofd] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [bgifqox] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [wqjdrsp] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [jblvues] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [ucmhbwo] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [flmqltm] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [idhaciu] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [brgffsp] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [rfogpti] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [suwusyu] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [hkbjueb] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [opjwoko] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [dyiqegj] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [mdsowpq] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [intilin] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [inrpado] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [ccianft] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [bluabkc] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [kayaftk] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [vssindr] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [gxrgfmt] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [ijlrgba] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [flbciqk] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [twqxwvs] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [vogxfux] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [mvbiaka] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [pyyqsgt] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [fbcaxkj] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [dcktffv] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [kmbqqil] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [idipmbl] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [dcdjaow] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [tpfficf] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [eosasbi] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [uvxmose] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ffeisef] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [culppsk] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [vhykupp] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [whjtegu] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [plgmeiv] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [jigxdrh] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [jjsvfik] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [trqblnw] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [pvbeayw] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [jonbuly] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [nywpnxg] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ssqsqvw] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [cyidwtq] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [dmsxhvs] c:\windows\ycnriql.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - file://D:\IntraLaunch.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O21 - SSODL: Themes Media - {A22841F8-D2F2-4F09-8FA3-E3A400829614} - C:\WINDOWS\System32\sounpntw.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Quattro Installer (QuattroInstallerService) - M-Audio - C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

C:\Documents and Settings\Administrator\Desktop\rkfiles

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT

FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE

THEM ALONE.
Files Found in system Folder............

---

C:\WINDOWS\system32\dfrg.msc:

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213

Files Found in all users startup Folder............

---

Files Found in all users windows Folder............

---

C:\WINDOWS\qwqpdmc.exe: UPX!
C:\WINDOWS\ssdscgn.exe: UPX!
C:\WINDOWS\tsc.exe: UPX!
C:\WINDOWS\uqajvnh.exe: UPX!
C:\WINDOWS\vsapi32.dll: UPX!t4
C:\WINDOWS\ycnriql.exe: UPX!
Finished
bye

Buckeye_Sam

Have faith. We will get you cleaned up. This is a stubborn infection, but it's not lethal.

Fix these lines with Hijackthis:

O4 - HKLM\..\Run: [Access Update] C:\WINDOWS\System32\aaaaxoci.exe
O4 - HKCU\..\Run: [hiqhyki] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [slctenn] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ryhnxvw] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [gfbogbj] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [pxxpjrm] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jsyxjrg] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [sdemqgg] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [kfberry] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [swlamtp] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [nucedxq] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [kontjyr] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [stwbrlf] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [dhdikve] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [skqntah] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [luwanpk] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [laevyqa] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [denpqjw] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [linfhlm] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [pyrbtgw] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [hjfujcn] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [lwrftju] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [maikgvl] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [mfswxxg] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [kchplkl] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [xoopieu] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ywrkhoi] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ehfthwg] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [bospiod] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jmdlfmm] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [wtmmtwp] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [yrvwqin] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [eydlejr] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [aroirej] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [vjwtpof] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [bjhosoa] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [blqfctg] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [hcjwslh] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ptseakn] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [cdcxdpq] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [fsbhpif] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [pjtqakk] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [xrnnwky] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [bxbesnc] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [xoxgouj] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [xxpalnm] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [hetguos] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [vjfcoxn] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [vawxqia] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [mtvcvxy] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ktbmnwh] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ahikmka] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ycwfebi] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [nokvtyj] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ydiwugn] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jyunuyq] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [axebsni] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [xjsuyre] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [mmarynt] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [rrxjbmt] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [hopmueh] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [vuqehdh] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [uxgpsde] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [oefpmcd] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [icvippt] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [nutphve] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [twbsqor] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [uajfanb] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ofpjsdu] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [xrnjuiu] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [drlkdqp] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jbrttxp] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [dqqeqgf] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jamaxke] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [xwukvdh] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [aybfuua] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jqcbrcq] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jonlhvj] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [nrxpoas] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [smhrsuk] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [nhrynqw] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [dfxafno] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [xlebvbo] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [wbetncl] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [sbuoymy] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [hbodybp] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [tdtwpdg] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [mcvdbog] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [hetambk] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [sxhksgt] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [vpxixvi] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [bmtnwps] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [pcaxebh] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [dyuqfig] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ugclrto] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jdcxbkp] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [vagkecq] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [rvfogrf] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [aiahhyg] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [bgsflhu] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [nbqxmuk] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ultapcb] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [wjdsgkd] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [fvofvgl] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [iycgqpv] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [waonqbm] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [yrmkbmu] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [iesqjke] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [tnfikyl] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [uwhsyqv] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jteqria] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [rcqchji] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [rvtklun] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [trrwdlg] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [mrknjhk] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [hrivouy] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [hvrtbbx] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [yyocilp] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [tsqngmf] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [knmytqi] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [mvjtqbo] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [elcycce] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [llxvfbc] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jdvapvv] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ttttuwo] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [opaxwxi] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ynabiso] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [bodfolh] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [xspbqyf] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ibssacc] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [aajbqfx] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [wpmitkb] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [pmpsrlm] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jyotbnb] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [wptgbpr] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [eklmoqj] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [btqukoa] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [yovsrrv] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [mkadqwr] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [cwghdvk] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [vvaybdf] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [pnhtkra] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [tfnorkd] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [gbbniqn] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ntkpgat] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [jjafdck] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [mvhmdcy] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [hpykiej] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [icjrslm] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [xasrvxk] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [atbxjfc] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [tflggjf] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [tagtass] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [cccylnv] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [tjpyxnh] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [rcimurw] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [mcpxaik] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [mkryiro] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [epbodxs] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [eiaqggj] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [ujepxmk] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [hniobgg] c:\windows\wdctkha.exe
O4 - HKCU\..\Run: [umxshjq] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [jbujurj] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [obliugf] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [xwlcgqw] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [prmrrnc] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [tadvnph] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [nhyhcny] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [rfpibej] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [mjhinuh] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [xsovike] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [krtdpmo] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [efelypl] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [kylvcoc] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [seaqhnm] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [jihedtu] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [gsglwbf] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [bofxanw] c:\windows\ssdscgn.exe
O4 - HKCU\..\Run: [jdqicbl] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [ikwnuvq] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [uarbipx] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [asrjuyb] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [wnmekva] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [fxfpscl] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [ntbyojm] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [bksdupt] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [uxdgven] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [gvxjxsh] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [belcsnj] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [cxpissj] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [xllrcgn] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [piinbya] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [ikhckue] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [clvjofd] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [bgifqox] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [wqjdrsp] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [jblvues] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [ucmhbwo] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [flmqltm] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [idhaciu] c:\windows\qwqpdmc.exe
O4 - HKCU\..\Run: [brgffsp] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [rfogpti] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [suwusyu] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [hkbjueb] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [opjwoko] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [dyiqegj] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [mdsowpq] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [intilin] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [inrpado] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [ccianft] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [bluabkc] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [kayaftk] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [vssindr] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [gxrgfmt] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [ijlrgba] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [flbciqk] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [twqxwvs] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [vogxfux] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [mvbiaka] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [pyyqsgt] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [fbcaxkj] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [dcktffv] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [kmbqqil] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [idipmbl] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [dcdjaow] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [tpfficf] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [eosasbi] c:\windows\uqajvnh.exe
O4 - HKCU\..\Run: [uvxmose] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ffeisef] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [culppsk] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [vhykupp] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [whjtegu] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [plgmeiv] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [jigxdrh] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [jjsvfik] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [trqblnw] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [pvbeayw] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [jonbuly] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [nywpnxg] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ssqsqvw] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [cyidwtq] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [dmsxhvs] c:\windows\ycnriql.exe
O16 - DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - file://D:\IntraLaunch.CAB
O21 - SSODL: Themes Media - {A22841F8-D2F2-4F09-8FA3-E3A400829614} - C:\WINDOWS\System32\sounpntw.dll


Use Killbox as before to delete these files:

C:\WINDOWS\qwqpdmc.exe
C:\WINDOWS\ssdscgn.exe
C:\WINDOWS\uqajvnh.exe
C:\WINDOWS\ycnriql.exe
c:\windows\wdctkha.exe
C:\WINDOWS\System32\aaaaxoci.exe
C:\WINDOWS\System32\sounpntw.dll


Delete temp files

Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Navigate to the C:\Windows\Prefetch folder. Open the Prefetch folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Prefetch folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Empty the Recycle Bin.



Reboot and post a new hijackthis log and new rkfiles log.

maz

New logs

Logfile of HijackThis v1.99.1
Scan saved at 9:05:38 PM, on 5/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
C:\Program Files\Browser Mouse\1.0\LwbWheel.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Audio Programs\Djs Mk-I free\djsfree.exe
C:\Program Files\Filezilla\firefox.exe
C:\Program Files\Filezilla\FileZilla.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Microsoft Office\Office\MDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\1.0\LwbWheel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\System\cpqs\scom\srmclean.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [lohyvfg] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [rxqlleq] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [twotbty] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [jfdmfgd] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [kceewcn] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [prloaca] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ffqhkqa] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ciudhqm] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [gaejais] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [setpdsp] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [yxnisia] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [jqebonu] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [lbtmrqx] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [kjdpqqh] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [bjwixet] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [vhrvoud] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [klbknlg] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [swkrjwd] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [tdwbbtp] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [tkptnvp] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [mmkmkyn] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [kypkkux] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [deuurxu] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [egoglfw] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ktfauex] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [dmkfiaw] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [akueapj] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [bfhinvx] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [fampymt] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [pqcvjlj] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [gbmfawu] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [smldcvq] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [paqqxad] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [wfavncp] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ygrxsus] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ugbfxks] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [dnctxho] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [lhjaycg] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [oddyhkn] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [mokckvc] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ficfmjt] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [nhxqvrh] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [etcpjqe] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [rerqtmt] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [madknnh] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [dvqhyam] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [oceqagq] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [hnmnfon] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [cbxfqne] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [gtjvlde] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ntumfvb] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [jvvrbfn] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [npanjft] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ganhlyb] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [agfuspu] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [fvqpcja] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [epiofrf] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [toxyvhq] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [fqvvpms] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [qsibouc] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [fobovfh] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [clfavng] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [aqdycyn] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [hgsgmwi] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [apcvlyb] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [iosuwti] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [umiayco] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [lnqjvrj] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [hicougo] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [mrenxsn] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [bxxrthk] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [rypcruv] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [dttajhl] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ulhkrra] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [dargumt] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [rjlwjjv] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [kjubrbu] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [velisin] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [whwpoww] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [qqdptyt] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [vxnokmo] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [rwodsws] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [knmysao] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [kvhskov] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [clnandp] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [efndrue] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [pslgjml] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [nebyrkx] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [fejpqib] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [yjbnxvr] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ebomigc] c:\windows\ycnriql.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Quattro Installer (QuattroInstallerService) - M-Audio - C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

C:\Documents and Settings\Administrator\Desktop\rkfiles

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............

---

C:\WINDOWS\system32\bwfouikx.exe: UPX!
C:\WINDOWS\system32\loqcaaaa.exe: UPX!
C:\WINDOWS\system32\pinmwbuf.exe: UPX!
C:\WINDOWS\system32\vapcpnnl.exe: UPX!
C:\WINDOWS\system32\xxfxaaaa.exe: UPX!
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\system32\spoolsrv32.exe: PEC2

Files Found in all users startup Folder............

---

Files Found in all users windows Folder............

---

C:\WINDOWS\bsuxbye.exe: UPX!
C:\WINDOWS\gaanrug.exe: UPX!
C:\WINDOWS\IFinst27.exe: UPX!
C:\WINDOWS\mdonpqf.exe: UPX!
C:\WINDOWS\nbpnchs.exe: UPX!
C:\WINDOWS\p2p-10110.exe: UPX!
C:\WINDOWS\subccad.exe: UPX!
C:\WINDOWS\tsc.exe: UPX!
C:\WINDOWS\vsapi32.dll: UPX!t4
C:\WINDOWS\wdctkha.exe: UPX!
C:\WINDOWS\whlbakv.exe: UPX!
Finished
bye

Buckeye_Sam

Reboot your computer into SAFE MODE

Perform all of these steps in Safe Mode without rebooting until the very end. You will need to print out these instructions.


Delete these files:

C:\WINDOWS\system32\bwfouikx.exe
C:\WINDOWS\system32\loqcaaaa.exe
C:\WINDOWS\system32\pinmwbuf.exe
C:\WINDOWS\system32\vapcpnnl.exe
C:\WINDOWS\system32\xxfxaaaa.exe
C:\WINDOWS\system32\spoolsrv32.exe
c:\windows\ycnriql.exe
C:\WINDOWS\bsuxbye.exe
C:\WINDOWS\gaanrug.exe
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\mdonpqf.exe
C:\WINDOWS\nbpnchs.exe
C:\WINDOWS\p2p-10110.exe
C:\WINDOWS\subccad.exe
C:\WINDOWS\wdctkha.exe
C:\WINDOWS\whlbakv.exe



Fix these lines with Hijackthis.

O4 - HKCU\..\Run: [lohyvfg] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [rxqlleq] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [twotbty] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [jfdmfgd] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [kceewcn] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [prloaca] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ffqhkqa] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ciudhqm] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [gaejais] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [setpdsp] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [yxnisia] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [jqebonu] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [lbtmrqx] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [kjdpqqh] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [bjwixet] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [vhrvoud] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [klbknlg] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [swkrjwd] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [tdwbbtp] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [tkptnvp] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [mmkmkyn] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [kypkkux] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [deuurxu] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [egoglfw] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ktfauex] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [dmkfiaw] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [akueapj] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [bfhinvx] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [fampymt] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [pqcvjlj] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [gbmfawu] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [smldcvq] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [paqqxad] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [wfavncp] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ygrxsus] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ugbfxks] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [dnctxho] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [lhjaycg] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [oddyhkn] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [mokckvc] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ficfmjt] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [nhxqvrh] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [etcpjqe] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [rerqtmt] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [madknnh] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [dvqhyam] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [oceqagq] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [hnmnfon] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [cbxfqne] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [gtjvlde] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ntumfvb] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [jvvrbfn] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [npanjft] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ganhlyb] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [agfuspu] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [fvqpcja] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [epiofrf] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [toxyvhq] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [fqvvpms] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [qsibouc] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [fobovfh] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [clfavng] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [aqdycyn] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [hgsgmwi] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [apcvlyb] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [iosuwti] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [umiayco] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [lnqjvrj] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [hicougo] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [mrenxsn] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [bxxrthk] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [rypcruv] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [dttajhl] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ulhkrra] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [dargumt] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [rjlwjjv] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [kjubrbu] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [velisin] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [whwpoww] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [qqdptyt] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [vxnokmo] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [rwodsws] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [knmysao] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [kvhskov] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [clnandp] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [efndrue] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [pslgjml] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [nebyrkx] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [fejpqib] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [yjbnxvr] c:\windows\ycnriql.exe
O4 - HKCU\..\Run: [ebomigc] c:\windows\ycnriql.exe



Delete temp files

Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Navigate to the C:\Windows\Prefetch folder. Open the Prefetch folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Prefetch folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Empty the Recycle Bin.



Finally reboot back to normal mode and post a new hijackthis log.

maz

Ok I followed all the instructions except the first set of files you said to delete were not on my system. I used the Windows search function and Killbox to locate them. These are the files I'm referrring to:


C:\WINDOWS\system32\bwfouikx.exe
C:\WINDOWS\system32\loqcaaaa.exe
C:\WINDOWS\system32\pinmwbuf.exe
C:\WINDOWS\system32\vapcpnnl.exe
C:\WINDOWS\system32\xxfxaaaa.exe
C:\WINDOWS\system32\spoolsrv32.exe
c:\windows\ycnriql.exe
C:\WINDOWS\bsuxbye.exe
C:\WINDOWS\gaanrug.exe
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\mdonpqf.exe
C:\WINDOWS\nbpnchs.exe
C:\WINDOWS\p2p-10110.exe
C:\WINDOWS\subccad.exe
C:\WINDOWS\wdctkha.exe
C:\WINDOWS\whlbakv.exe

Here is the current hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 4:52:52 PM, on 5/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Browser Mouse\1.0\LwbWheel.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijack This\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Microsoft Office\Office\MDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\1.0\LwbWheel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\System\cpqs\scom\srmclean.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Quattro Installer (QuattroInstallerService) - M-Audio - C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

Buckeye_Sam

Your log looks clean now. How are things running?

maz

Well I never could tell that there was something wrong except that I had the 'Trojan' message on my desktop and I couldn't open my firewall. I downloaded a free firewall(Ominiquad Personal Firewall) just to troubleshoot, but it keeps says "unable to load Omniquad Personal Firewall Drivers. Please make sure that OPFSVC is running and restart your computer." I still don't know if this is due to the Smitfraud.

Also I tried to restore my desktop using the instructions you guys have but I couldn't open the regfile. The error message says that "The file does no have a program associated with it for performing this action. "Create an associating in the Folder Options Control Panel." I don't know what this means.

Also in IE I still have the smitfraud links in my bookmarks even though I've deleted them with Hijack.

Buckeye_Sam

Try to right click on the reg file and see if you get an option to Install. If so, select Install. It won't noticeably do anything, but if you reboot you should get your desktop options back.

Please follow these instructions to run Adware.

• Download, install, update, configure, and run Ad-Aware SE Personal 1.05.
  1. Download Ad-Aware SE Personal 1.05:
     • Download Ad-Aware SE Personal 1.05.
     • Save aawsepersonal.exe to a convenient location.
  2. Install Ad-Aware SE Personal 1.05:
     • Double-click on aawsepersonal.exe to install the program.
     • Follow the default settings for installation.
     • After the program has finished installing uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
  3. Update Ad-Aware SE Personal 1.05:
     • Double-click the Ad-Aware SE Personal icon on your desktop.
     • Click "Check for updates now" then click "Connect".
     • It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
  4. Configure Ad-Aware SE Personal 1.05:
     • Click on the Gear button at the top of the window.
     • Click "General" on the left hand side to display the General Settings box.
       • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
         • "Automatically save logfile"
         • "Automatically quarantine objects prior to removal"
         • "Safe Mode (always request confirmation)"
         • "Prompt to update outdated definitions" - change to 7 days from the default 14.
     • Click "Scanning" on the left hand side to display the Scan Settings box.
       • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
         • "Scan within archives"
         • "Select drives & folders to scan" - select your hard drive(s).
         • "Scan active processes"
         • "Scan registry"
         • "Deep-scan registry"
         • "Scan my IE favorites for banned URLs"
         • "Scan my Hosts file"
     • Click "Advanced" on the left hand side to display the Advanced Settings box.
       • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
         • "Move deleted files to Recycle Bin"
         • "Include additional object information"
         • "Include negligible objects information"
         • "Include environment information"
     • Click "Defaults" on the left hand side to display the Default Settings box.
       • Make sure these items have your preferred settings in them.:
         • "Default homepage"
         • "Default searchpage"
     • Click "Tweak" on the left hand side to display the Tweak Settings box.
       • Click the + (plus) sign next to the Log Files section. This will expand the section.
       • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
         • "Include basic Ad-Aware settings in log file"
         • "Include additional Ad-Aware settings in log file"
         • "Include reference summary in log file"
         • "Include alternate data stream details in log file"
       • Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
       • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
         • "Unload recognized processes & modules during scan"
         • "Scan registry for all users instead of current user only"
         • "Obtain command line of scanned processes"
       • Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
       • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
         • "Always try to unload modules before deletion"
         • "During removal, unload Explorer and IE if necessary"
         • "Let Windows remove files in use at next reboot"
         • "Delete quarantined objects after restoring"
     • Once you are done with these settings, click "Proceed" to save them.
     • This will take you back to the main screen.
  5. Run Ad-Aware SE Personal 1.05:
     • Click the "Start" button.
     • Uncheck the "Search for negligible risk entries" entry.
     • Choose the "Use custom scanning options" scan mode.
     • Click the "Next" button.
     • Ad-Aware will begin to scan for malware residing on your computer.
     • Allow the scan to finish.
     • Right-click on any entry in the list and click "Select All" to select the whole list.
     • Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.

Reboot and post a new hijackthis log and we'll see what's left.

maz

Here is my scan log from Adaware:


Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 24, 2005 9:45:51 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):2 total references
CoolWebSearch(TAC index:10):11 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
Security iGuard(TAC index:9):1 total references
TIB Browser(TAC index:6):3 total references
Tracking Cookie(TAC index:3):5 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R46 17.05.2005
Internal build : 54
File location : C:\Program Files\Ad-Aware SE Personal\defs.ref
File size : 474775 Bytes
Total size : 1435210 Bytes
Signature data size : 1404100 Bytes
Reference data size : 30598 Bytes
Signatures total : 40060
Fingerprints total : 883
Fingerprints size : 30250 Bytes
Target categories : 15
Target families : 674

5-24-2005 9:16:29 PM WebUpdate

Installing Update...
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\Program Files\Ad-Aware SE Personal\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
Fingerprints total : 886
Fingerprints size : 30371 Bytes
Target categories : 15
Target families : 679


5-24-2005 9:16:37 PM Success
Update successfully downlodaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:61 %
Total physical memory:752624 kb
Available physical memory:455816 kb
Total page file size:1009732 kb
Available on page file:797296 kb
Total virtual memory:2097024 kb
Available virtual memory:2046376 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-24-2005 9:45:51 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 576
ThreadCreationTime : 5-23-2005 1:27:00 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 624
ThreadCreationTime : 5-23-2005 1:27:02 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 652
ThreadCreationTime : 5-23-2005 1:27:05 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 696
ThreadCreationTime : 5-23-2005 1:27:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 708
ThreadCreationTime : 5-23-2005 1:27:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 904
ThreadCreationTime : 5-23-2005 1:27:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1024
ThreadCreationTime : 5-23-2005 1:27:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1232
ThreadCreationTime : 5-23-2005 1:27:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1252
ThreadCreationTime : 5-23-2005 1:27:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1496
ThreadCreationTime : 5-23-2005 1:27:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [cdantsrv.exe]
FilePath : C:\WINDOWS\System32\DRIVERS\
ProcessID : 1700
ThreadCreationTime : 5-23-2005 1:27:16 PM
BasePriority : Normal
FileVersion : 3.24.010
ProductVersion : 3.24.010 Windows NT 2001/10/10
ProductName : CD-Secure/CD-Compress Windows NT
CompanyName : C-Dilla Ltd
FileDescription : C-Dilla RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright (c) Macrovision 1993-2001
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English

#:12 [hpconfig.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1728
ThreadCreationTime : 5-23-2005 1:27:16 PM
BasePriority : Normal
FileVersion : 3, 0, 1, 8
ProductVersion : 3, 0, 1, 8
ProductName : HPConfig Module
CompanyName : Hewlett-Packard
FileDescription : HPConfig Module
InternalName : HPConfig
LegalCopyright : Hewlett-Packard Copyright (C) 1999-2002
OriginalFilename : HPConfig.EXE
Comments : HP Configuration Interface Service

#:13 [hpwirelessmgr.exe]
FilePath : C:\Program Files\HPQ\Notebook Utilities\
ProcessID : 1756
ThreadCreationTime : 5-23-2005 1:27:16 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
ProductName : HPWirelessMgr Module
CompanyName : Hewlett-Packard Co.
FileDescription : HPWirelessMgr Module
InternalName : HPWirelessMgr
LegalCopyright : Hewlett-Packard Copyright 2002
OriginalFilename : HPWirelessMgr.EXE
Comments : HP Wireless On/Off Button Service

#:14 [quatinst.exe]
FilePath : C:\Program Files\M-Audio USB Quattro\Install\
ProcessID : 1796
ThreadCreationTime : 5-23-2005 1:27:16 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 2
ProductName : Quattro
CompanyName : M-Audio
FileDescription : Quattro Installer service
InternalName : quatinst.exe
LegalCopyright : Copyright © 2003 M-Audio, Inc. All Rights Reserved.
OriginalFilename : quatinst.exe

#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 336
ThreadCreationTime : 5-23-2005 1:27:20 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:16 [lwbwheel.exe]
FilePath : C:\Program Files\Browser Mouse\1.0\
ProcessID : 504
ThreadCreationTime : 5-23-2005 1:27:21 PM
BasePriority : Normal
FileVersion : 9.0.2.0
ProductVersion : 9.0.0.0
FileDescription : Mouse Control Application
LegalCopyright : Copyright 2000 By LEE,WEI-BIN.

#:17 [onetouch.exe]
FilePath : C:\Program Files\HPQ\One-Touch\
ProcessID : 392
ThreadCreationTime : 5-23-2005 1:27:21 PM
BasePriority : Normal
FileVersion : 1.6.8.0
ProductVersion : 1.6.8.0
ProductName : Dritek System Inc. OneTouch 01.30.2003 ( VC60 )
CompanyName : Dritek System Inc.
FileDescription : One-Touch
InternalName : OneTouch
LegalCopyright : Copyright © 2003 Dritek System Inc.
OriginalFilename : OneTouch.exe

#:18 [carpserv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 600
ThreadCreationTime : 5-23-2005 1:27:21 PM
BasePriority : Normal
FileVersion : 5.03.09.00
ProductVersion : 5.03.09.00
ProductName : Conexant carpserv
CompanyName : Conexant Systems
FileDescription : carpserv
InternalName : carpserv
LegalCopyright : Copyright© Conexant Systems, Inc. 2002
OriginalFilename : carpserv.exe

#:19 [logi_mwx.exe]
FilePath : C:\WINDOWS\
ProcessID : 856
ThreadCreationTime : 5-23-2005 1:27:21 PM
BasePriority : Normal
FileVersion : 9.79.024
ProductVersion : 9.79.024
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Launcher Application
InternalName : Logi_MWX
LegalCopyright : (C) 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Logi_MWX.exe
Comments : Created by the MouseWare team

#:20 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_01\bin\
ProcessID : 984
ThreadCreationTime : 5-23-2005 1:27:22 PM
BasePriority : Normal


#:21 [firefox.exe]
FilePath : C:\Program Files\Filezilla\
ProcessID : 1620
ThreadCreationTime : 5-24-2005 12:07:37 AM
BasePriority : Normal


#:22 [djsfree.exe]
FilePath : C:\Audio Programs\Djs Mk-I free\
ProcessID : 836
ThreadCreationTime : 5-25-2005 12:34:48 AM
BasePriority : Normal


#:23 [ad-aware.exe]
FilePath : C:\Program Files\Ad-Aware SE Personal\
ProcessID : 1520
ThreadCreationTime : 5-25-2005 3:15:33 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b599c57e-113a-4488-a5e9-bc552c4f1152}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1d27210e-2da2-41e2-a103-b5fd9d6a798b}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{145e6fb1-1256-44ed-a336-8bba43373be6}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{145e6fb1-1256-44ed-a336-8bba43373be6}
Value : InprocServer32

TIB Browser Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2112350434-2689812441-3268963050-500\software\classes\clsid\{0656a137-b161-cadd-9777-e37a75727e78}

TIB Browser Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0656a137-b161-cadd-9777-e37a75727e78}

Security iGuard Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\rex-services

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Windows Object Recognized!
Type : RegData
Data :
Category : Vulnerability
Comment : Possible virus infection, REG file extension compromised
Rootkey : HKEY_CLASSES_ROOT
Object : regfile\shell\open\command
Value :
Data :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 10
Objects found so far: 10


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]administrator@2o7[2].txt[/email]
Category : Data Miner
Comment : Hits:15
Value : Cookie:administrator@2o7.net/
Expires : 5-14-2010 12:57:10 PM
LastSync : Hits:15
UseCount : 0
Hits : 15

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]administrator@citi.bridgetrack[2].txt[/email]
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrator@citi.bridgetrack.com/
Expires : 5-9-2006 10:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]administrator@questionmarket[1].txt[/email]
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@questionmarket.com/
Expires : 7-13-2006 8:17:28 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]administrator@trafficmp[2].txt[/email]
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrator@trafficmp.com/
Expires : 5-15-2006 2:33:08 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]administrator@ads.pointroll[2].txt[/email]
Category : Data Miner
Comment : Hits:27
Value : Cookie:administrator@ads.pointroll.com/
Expires : 12-31-2009 6:00:00 PM
LastSync : Hits:27
UseCount : 0
Hits : 27

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 15



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 15



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : FREE Access to 800 Paid sites.url
Category : Misc
Comment : Problematic URL discovered: http://getthis4free.com/
Object : C:\Documents and Settings\Administrator\Favorites\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\system
Value : Wallpaper

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\system
Value : NoDispAppearancePage

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\system
Value : WallpaperStyle

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : C:\wp.bmp
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : control panel\desktop
Value : Wallpaper
Data : C:\wp.bmp

CoolWebSearch Object Recognized!
Type : File
Data : wp.bmp
Category : Malware
Comment :
Object : c:\



TIB Browser Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\classes\clsid\{0656a137-b161-cadd-9777-e37a75727e78}

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 24

9:55:14 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:23.50
Objects scanned:133754
Objects identified:24
Objects ignored:0
New critical objects:24

Then here is my Hijack log. Thanks again!

Logfile of HijackThis v1.99.1
Scan saved at 9:58:14 PM, on 5/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Browser Mouse\1.0\LwbWheel.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Filezilla\firefox.exe
C:\Audio Programs\Djs Mk-I free\djsfree.exe
C:\Program Files\Hijack This\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Microsoft Office\Office\MDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\1.0\LwbWheel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\System\cpqs\scom\srmclean.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Quattro Installer (QuattroInstallerService) - M-Audio - C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

Buckeye_Sam

Your log is clean.

It looks like Adaware is just cleaning up registry entries. Did you get your desktop back? What problems are you still having?

maz

None at all. I think I'm good to go. I've learned a lot here and I'll probably be lurking around this forum for a while.Thanks a lot for your help!!!

Buckeye_Sam

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.
   
   You can find instructions on how to enable and reenable system restore here:
   
   Managing Windows Millenium System Restore
   
   or
   
   Windows XP System Restore Guide
   
   Renable system restore with instructions from tutorial above
   
   
2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
   1. From within Internet Explorer click on the Tools menu and then click on Options.
   2. Click once on the Security tab
   3. Click once on the Internet icon so it becomes highlighted.
   4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
         
      2. Change the Download unsigned ActiveX controls to Disable
         
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
         
      4. Change the Installation of desktop items to Prompt
         
      5. Change the Launching programs and files in an IFRAME to Prompt
         
      6. Change the Navigate sub-frames across different domains to Prompt
         
      7. When all these settings have been made, click on the OK button.
         
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
   5. Next press the Apply button and then the OK to exit the Internet Properties page.
   
   
3. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
   
   See this link for a listing of some online & their stand-alone antivirus programs:
   
   Virus, Spyware, and Malware Protection and Removal Resources
   
   
4. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
   
   For a tutorial on Firewalls and a listing of some available ones see the link below:
   
   Understanding and Using Firewalls
   
   
6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
   
7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
   
   A tutorial on installing & using this product can be found here:
   
   Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
   
   
8. Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
   
   A tutorial on installing & using this product can be found here:
   
   Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
   
   
9. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
   
   A tutorial on installing & using this product can be found here:
   
   Using SpywareBlaster to protect your computer from Spyware and Malware
   
   
10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.