win min, searchengine.com, email spamming...

Unknown

everytime i search yahoo the first page of results is ALL other search engines, my homepage WONT change from searchengine.com and my norton antivirus (symantec) keeps telling me my pc is trying to send out emails every couple minutes with weird headlines....norton cant find crap! HELP!

Logfile of HijackThis v1.99.1
Scan saved at 3:31:27 PM, on 6/14/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\Ati2evxx.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS.000\System32\CTSvcCDA.EXE
C:\WINDOWS.000\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS.000\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS.000\System32\WBEM\WinMgmt.exe
C:\WINDOWS.000\System32\MsPMSPSv.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\system32\Ati2evxx.exe
C:\WINDOWS.000\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS.000\system32\WDBtnMgr.exe
C:\WINDOWS.000\SOUNDMAN.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS.000\system32\CTHELPER.EXE
C:\Program Files\Creative\Surround Mixer\CTSysVol.exe
C:\WINDOWS.000\system32\combop.exe
C:\WINDOWS.000\system32\combo.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\windows.000\piiwsck.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
I:\FILES_~1\PROGRA~1\WINZIP\wzqkpick.exe
C:\Program Files\Internet Explorer\iexplore.exe
I:\files_files\Program****e\HIJACKTHISBITCH\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://top-find4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-searchengine.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie-searchengine.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie-searchengine.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-searchengine.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie-searchengine.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://top-find4u.com/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS.000\UpdReg.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [combop.exe] combop.exe
O4 - HKLM\..\Run: [combo.exe] combo.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [aifigjf] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [cslqhgy] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [qawqfac] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [eusrjmy] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [rajehgy] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [yseiyue] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [ykuycjy] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [aifdhtc] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [ojyloci] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [jekfsvp] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [lnfmsjv] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [jenxmrd] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [fpuifou] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [fuwcjvs] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [nmcfcjk] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [dihjonq] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [faskwcd] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [oruvwte] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [fkqefyn] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [rijqrqk] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [mqqavde] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [ipgbrvo] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [svusymk] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [mcdrfla] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [jekufpa] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [phpgdox] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [urqwbta] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [qoasenb] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [skbetti] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [liwxcpj] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [beoxtwj] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [rpbvudt] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [jqvuvwv] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [hivgoiq] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [xdfkdak] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [lbfxigu] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [ypgrmqj] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [xvbhstx] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [trmjrog] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [mcantbf] c:\windows.000\dqbrutk.exe
O4 - HKCU\..\Run: [xbgedxj] c:\windows.000\dqbrutk.exe
O4 - HKCU\..\Run: [yxjpivm] c:\windows.000\dqbrutk.exe
O4 - HKCU\..\Run: [tjjutwy] c:\windows.000\dqbrutk.exe
O4 - HKCU\..\Run: [khrgpma] c:\windows.000\dqbrutk.exe
O4 - HKCU\..\Run: [qguqjww] c:\windows.000\dqbrutk.exe
O4 - HKCU\..\Run: [piclkxg] c:\windows.000\dqbrutk.exe
O4 - HKCU\..\Run: [nuqbucv] c:\windows.000\dqbrutk.exe
O4 - HKCU\..\Run: [svbgcrv] c:\windows.000\dqbrutk.exe
O4 - HKCU\..\Run: [wefekgw] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [jcbgdil] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [ivwscrs] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [uxymwtv] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [jtrbyrt] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [mcvwwrb] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [gtkpxuk] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [qqxrjho] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [simkioe] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [vmfdglp] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [wehvqwa] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [tyrgvki] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [rrgtbrk] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [uhmctvd] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [rgadghq] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [wxdffrr] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [rsricqv] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [yarcbfd] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [qwdthci] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [yvwsgsl] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [byucblq] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [bwgihbc] c:\windows.000\dyafvxp.exe
O4 - HKCU\..\Run: [cyeuxyb] c:\windows.000\dyafvxp.exe
O4 - HKCU\..\Run: [snwfmgk] c:\windows.000\dyafvxp.exe
O4 - HKCU\..\Run: [hrwlqfn] c:\windows.000\gtlxhsa.exe
O4 - HKCU\..\Run: [xpmsgck] c:\windows.000\gtlxhsa.exe
O4 - HKCU\..\Run: [bxrucnv] c:\windows.000\gtlxhsa.exe
O4 - HKCU\..\Run: [dvahsfn] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [mjyheat] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [rvajixy] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [pwcyocx] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [pldqgcb] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [xsmdpst] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [fwuxsms] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [qkxnkgb] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [buewmxx] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [pbeylln] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [mosmijk] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [mpadxyu] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [bmkuneu] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [lycyjmi] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [tumsggp] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [lduqsqe] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [wdqqbew] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [sokdeqh] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [boqagpl] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [ggvwhyb] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [vrnfjfr] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [btqorbo] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [wjlavjo] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [asqooik] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ojsdvas] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ykfljdf] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [wjfimiy] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [srthexg] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [pgrytvr] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [yrfohgh] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [qvqtxbq] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [rfmwvve] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jfykpln] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jlhnahq] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [tjotymq] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [iettdcw] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [pgdoanu] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [oncgvpi] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [prtrrrs] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [hceskbg] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [rksrbvy] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [xpneveo] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [bvbdpnl] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jerjbnl] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ndjcfae] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [dadhagx] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [qbiqpxa] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [mkvqdxv] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vxpfipi] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vsafgqf] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [qqkybso] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [rjsgvxe] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vndlqhd] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [xnrdhpm] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vgeunrw] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [dkwlbuj] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [nwnktmb] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [lvgtvub] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [srnbeop] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [eokxreq] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jelrrsh] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [nvhmkko] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [lyjplba] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [hqvemem] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [otpawku] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [mjwgmaw] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ugqleuh] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [cakbckr] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [aeqedxl] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [sxrljqd] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [dagqqki] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ivqdywf] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [eegapoq] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vuufhvr] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [nufklls] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [wbtnpcj] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [dtemxqt] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [oyyfjof] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [qnlwpkx] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vdkxixs] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [qddpakt] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [sbgpqfr] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vdylptd] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jisphvb] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [eovmgao] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ikkgaph] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [cvslexg] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [sqkjppk] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [sscgjpq] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [mdqnfdl] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [aeujogb] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ktsqgpf] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [xjrfohk] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [napjxnx] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [uqfsjcy] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [baildma] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [fliridy] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ulpitar] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [keafnrh] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [imnjymr] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [kfwcpcf] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [yrinega] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [itflkha] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [eybokil] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [gyfwsdt] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [qncqmkk] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [sqyfucw] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [owdscap] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [wjbqjfa] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [sqqyybq] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [mhikvem] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [smpfidw] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [gejbqde] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [eghjsgv] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [aikydqd] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [wqtwnsf] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vlxtarf] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [cjugvkh] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jpivmov] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [nxlgwgu] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vhrqkst] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [srppeno] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jfheixn] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [fqxinpd] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [bfnnbxi] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ookcmam] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ijkdjqs] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [rtcskfw] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [xtijpye] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [cdrtorg] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [gnvxqqv] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ubirmuc] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [nscgdlh] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [yfglyve] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vjuxrtb] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [pumxltb] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [pfsgcyk] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [bgnkdhx] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ktmnkve] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [efywctg] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [nieohbd] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [imjplel] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vtdebpx] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [uaslvyn] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [hollxes] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [wuglfew] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [trxkhtt] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ytdegcw] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [onnhrug] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [xvbbnkr] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jxfyeav] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [frdcpdr] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [pblmmin] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [xwhaklo] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ngelexe] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [grfxero] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jefnucf] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jawovim] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [rmcsddk] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [wjiwcti] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [lcvajjp] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [xwimpmt] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [csjqgcd] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ecaviuc] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [agkpjkv] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jypdlwu] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [lhfdeio] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [fvffurh] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [xiabjlv] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [sihlxvl] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [fpygwgs] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [hjmxito] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [rdsdiqh] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [awiyohs] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [lkbcufl] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ucwoowu] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [lrptobo] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [nciuslx] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vpsutpg] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [hdxhdhg] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [yivywuw] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ogiprbp] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [shlrwsl] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ljrtlri] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [qkorjve] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [sgxqqiq] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [dtodtte] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [eisjxgs] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [pqwdnff] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [pteupwd] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [qnnljyh] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [igfxtpm] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [lwynhuk] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [bdrknvk] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ogsebli] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [dcswevv] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [phumcgy] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [ujmrkuv] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [vsxyeby] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [xulrtyv] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [msdhrsd] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [eahmbhb] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [qqohhgl] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [hacijof] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [gshdevw] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [faqkium] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [unbmfxa] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [bacxgat] c:\windows.000\kokinsq.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: WinZip Quick Pick.lnk = I:\files_files\Program****e\WinZip\WZQKPICK.EXE
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {81FA8596-1183-47AB-9666-988E707E4485} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {81FA8596-1183-47AB-9666-988E707E4485} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\flsmngr.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102/335//main.chm::/update.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.000\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.000\SYSTEM32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.000\System32\CTSvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS.000\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Buckeye_Sam

Step 1
Download CWShredder but don't run it yet.


Step 2
Download Ad-aware SE 1.06
Install the program and launch it. First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files. Exit Adaware for now.


Step 3
Make sure that you can VIEW ALL HIDDEN FILES.


Step 4
Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://top-find4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-searchengine.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie-searchengine.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie-searchengine.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-searchengine.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie-searchengine.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://top-find4u.com/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\SYSTEM\blank.htm
O4 - HKLM\..\Run: [combop.exe] combop.exe
O4 - HKLM\..\Run: [combo.exe] combo.exe
O4 - HKCU\..\Run: [aifigjf] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [cslqhgy] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [qawqfac] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [eusrjmy] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [rajehgy] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [yseiyue] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [ykuycjy] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [aifdhtc] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [ojyloci] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [jekfsvp] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [lnfmsjv] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [jenxmrd] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [fpuifou] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [fuwcjvs] c:\windows.000\piiwsck.exe
O4 - HKCU\..\Run: [nmcfcjk] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [dihjonq] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [faskwcd] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [oruvwte] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [fkqefyn] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [rijqrqk] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [mqqavde] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [ipgbrvo] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [svusymk] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [mcdrfla] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [jekufpa] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [phpgdox] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [urqwbta] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [qoasenb] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [skbetti] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [liwxcpj] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [beoxtwj] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [rpbvudt] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [jqvuvwv] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [hivgoiq] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [xdfkdak] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [lbfxigu] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [ypgrmqj] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [xvbhstx] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [trmjrog] c:\windows.000\cdyesxl.exe
O4 - HKCU\..\Run: [mcantbf] c:\windows.000\dqbrutk.exe
O4 - HKCU\..\Run: [xbgedxj] c:\windows.000\dqbrutk.exe
O4 - HKCU\..\Run: [yxjpivm] c:\windows.000\dqbrutk.exe
O4 - HKCU\..\Run: [tjjutwy] c:\windows.000\dqbrutk.exe
O4 - HKCU\..\Run: [khrgpma] c:\windows.000\dqbrutk.exe
O4 - HKCU\..\Run: [qguqjww] c:\windows.000\dqbrutk.exe
O4 - HKCU\..\Run: [piclkxg] c:\windows.000\dqbrutk.exe
O4 - HKCU\..\Run: [nuqbucv] c:\windows.000\dqbrutk.exe
O4 - HKCU\..\Run: [svbgcrv] c:\windows.000\dqbrutk.exe
O4 - HKCU\..\Run: [wefekgw] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [jcbgdil] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [ivwscrs] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [uxymwtv] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [jtrbyrt] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [mcvwwrb] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [gtkpxuk] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [qqxrjho] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [simkioe] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [vmfdglp] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [wehvqwa] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [tyrgvki] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [rrgtbrk] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [uhmctvd] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [rgadghq] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [wxdffrr] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [rsricqv] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [yarcbfd] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [qwdthci] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [yvwsgsl] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [byucblq] c:\windows.000\hmmcgrm.exe
O4 - HKCU\..\Run: [bwgihbc] c:\windows.000\dyafvxp.exe
O4 - HKCU\..\Run: [cyeuxyb] c:\windows.000\dyafvxp.exe
O4 - HKCU\..\Run: [snwfmgk] c:\windows.000\dyafvxp.exe
O4 - HKCU\..\Run: [hrwlqfn] c:\windows.000\gtlxhsa.exe
O4 - HKCU\..\Run: [xpmsgck] c:\windows.000\gtlxhsa.exe
O4 - HKCU\..\Run: [bxrucnv] c:\windows.000\gtlxhsa.exe
O4 - HKCU\..\Run: [dvahsfn] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [mjyheat] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [rvajixy] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [pwcyocx] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [pldqgcb] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [xsmdpst] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [fwuxsms] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [qkxnkgb] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [buewmxx] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [pbeylln] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [mosmijk] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [mpadxyu] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [bmkuneu] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [lycyjmi] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [tumsggp] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [lduqsqe] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [wdqqbew] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [sokdeqh] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [boqagpl] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [ggvwhyb] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [vrnfjfr] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [btqorbo] c:\windows.000\aakstqo.exe
O4 - HKCU\..\Run: [wjlavjo] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [asqooik] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ojsdvas] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ykfljdf] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [wjfimiy] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [srthexg] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [pgrytvr] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [yrfohgh] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [qvqtxbq] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [rfmwvve] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jfykpln] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jlhnahq] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [tjotymq] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [iettdcw] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [pgdoanu] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [oncgvpi] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [prtrrrs] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [hceskbg] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [rksrbvy] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [xpneveo] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [bvbdpnl] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jerjbnl] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ndjcfae] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [dadhagx] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [qbiqpxa] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [mkvqdxv] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vxpfipi] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vsafgqf] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [qqkybso] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [rjsgvxe] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vndlqhd] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [xnrdhpm] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vgeunrw] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [dkwlbuj] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [nwnktmb] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [lvgtvub] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [srnbeop] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [eokxreq] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jelrrsh] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [nvhmkko] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [lyjplba] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [hqvemem] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [otpawku] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [mjwgmaw] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ugqleuh] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [cakbckr] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [aeqedxl] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [sxrljqd] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [dagqqki] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ivqdywf] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [eegapoq] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vuufhvr] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [nufklls] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [wbtnpcj] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [dtemxqt] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [oyyfjof] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [qnlwpkx] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vdkxixs] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [qddpakt] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [sbgpqfr] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vdylptd] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jisphvb] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [eovmgao] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ikkgaph] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [cvslexg] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [sqkjppk] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [sscgjpq] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [mdqnfdl] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [aeujogb] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ktsqgpf] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [xjrfohk] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [napjxnx] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [uqfsjcy] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [baildma] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [fliridy] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ulpitar] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [keafnrh] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [imnjymr] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [kfwcpcf] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [yrinega] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [itflkha] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [eybokil] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [gyfwsdt] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [qncqmkk] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [sqyfucw] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [owdscap] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [wjbqjfa] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [sqqyybq] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [mhikvem] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [smpfidw] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [gejbqde] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [eghjsgv] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [aikydqd] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [wqtwnsf] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vlxtarf] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [cjugvkh] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jpivmov] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [nxlgwgu] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vhrqkst] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [srppeno] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jfheixn] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [fqxinpd] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [bfnnbxi] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ookcmam] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ijkdjqs] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [rtcskfw] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [xtijpye] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [cdrtorg] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [gnvxqqv] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ubirmuc] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [nscgdlh] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [yfglyve] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vjuxrtb] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [pumxltb] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [pfsgcyk] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [bgnkdhx] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ktmnkve] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [efywctg] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [nieohbd] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [imjplel] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vtdebpx] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [uaslvyn] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [hollxes] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [wuglfew] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [trxkhtt] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ytdegcw] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [onnhrug] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [xvbbnkr] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jxfyeav] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [frdcpdr] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [pblmmin] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [xwhaklo] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ngelexe] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [grfxero] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jefnucf] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jawovim] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [rmcsddk] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [wjiwcti] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [lcvajjp] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [xwimpmt] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [csjqgcd] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ecaviuc] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [agkpjkv] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [jypdlwu] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [lhfdeio] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [fvffurh] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [xiabjlv] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [sihlxvl] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [fpygwgs] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [hjmxito] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [rdsdiqh] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [awiyohs] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [lkbcufl] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ucwoowu] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [lrptobo] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [nciuslx] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [vpsutpg] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [hdxhdhg] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [yivywuw] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ogiprbp] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [shlrwsl] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ljrtlri] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [qkorjve] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [sgxqqiq] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [dtodtte] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [eisjxgs] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [pqwdnff] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [pteupwd] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [qnnljyh] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [igfxtpm] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [lwynhuk] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [bdrknvk] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [ogsebli] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [dcswevv] c:\windows.000\abgvrxa.exe
O4 - HKCU\..\Run: [phumcgy] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [ujmrkuv] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [vsxyeby] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [xulrtyv] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [msdhrsd] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [eahmbhb] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [qqohhgl] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [hacijof] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [gshdevw] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [faqkium] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [unbmfxa] c:\windows.000\kokinsq.exe
O4 - HKCU\..\Run: [bacxgat] c:\windows.000\kokinsq.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {81FA8596-1183-47AB-9666-988E707E4485} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {81FA8596-1183-47AB-9666-988E707E4485} - (no file) (HKCU)


Step 5
Reboot your computer into SAFE MODE


Step 6
Now run CWShredder, making sure to click "Fix".


Step 7
Then delete these files or directories (Do not be concerned if they do not exist)

c:\windows.000\kokinsq.exe
c:\windows.000\abgvrxa.exe
c:\windows.000\aakstqo.exe
c:\windows.000\gtlxhsa.exe
c:\windows.000\hmmcgrm.exe
c:\windows.000\dqbrutk.exe
c:\windows.000\cdyesxl.exe
c:\windows.000\piiwsck.exe
C:\WINDOWS.000\system32\combop.exe
C:\WINDOWS.000\system32\combo.exe



Step 8
Run a full scan with Adaware.


Reboot your computer to go back to normal mode and post a new hijackthis log.

ru1n3r

AHHHH! They're BACK!!!

Logfile of HijackThis v1.99.1
Scan saved at 3:37:48 PM, on 6/16/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\Ati2evxx.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS.000\System32\CTSvcCDA.EXE
C:\WINDOWS.000\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS.000\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS.000\System32\WBEM\WinMgmt.exe
C:\WINDOWS.000\System32\MsPMSPSv.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\system32\Ati2evxx.exe
C:\WINDOWS.000\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS.000\system32\WDBtnMgr.exe
C:\WINDOWS.000\SOUNDMAN.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS.000\system32\CTHELPER.EXE
C:\Program Files\Creative\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\windows.000\cgadxca.exe
I:\files_files\Program****e\KILLERS\HIJACKTHISBITCH\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-searchengine.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie-searchengine.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie-searchengine.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-searchengine.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie-searchengine.com/index.htm
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS.000\UpdReg.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [fykkkml] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [fqglrwd] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [uqwslkg] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [toeusfp] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [yxbstwu] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [rymihfl] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [dfqjine] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [glkbgsl] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [rkhdjve] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [kyiojxa] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [lsyapxt] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [unfhfuh] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ygkbyhl] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ocymber] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [huoenhr] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [iawqtal] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [wmbpodm] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ftfoamv] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [rkobkgq] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [qtlmtlu] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [xkgqjhi] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [jyvksbj] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [dshlumk] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [lnvftrx] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [aqgmura] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [cpmuimv] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [mfnxmsw] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [nuvkayv] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [natgnis] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ggmpswk] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [dqhnkqx] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [nuytlvf] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [iqqohds] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [tgdwkyq] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [xbybtaq] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [coqdtog] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [syhucdg] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [nukurxx] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [dogxxnd] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [uubnhut] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [lohxghr] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ithqnjc] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [mweclam] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [dchdcsd] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [tknneqo] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [wvkxnpl] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [erdideb] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [qsgdybi] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [gpiwkfk] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [yljfdhd] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [vbsxyuc] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ssobjbw] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [cqivwct] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ftmgjqq] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [njcudua] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [uavillx] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [vgkapgl] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [fubwbne] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [vemqawj] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [fdltdmd] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [mkvluwe] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ogagqdk] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [tiqqexr] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [fknexau] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [nhfcxat] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [upgjigs] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ranrlvp] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [cbenfgs] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [xmliqtf] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [kdmpyfy] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [polhvkv] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [bxdyxbk] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ysugthm] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [uwekeup] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [uqdqnng] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [frersrv] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [obuqkrs] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [jqrjgks] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [dfmnxeq] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [tstfcco] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ytkuteb] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [kyffevw] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [vkwkqea] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [rhfyanu] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [xmuvivs] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [gfstqlj] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [qsyjmnj] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [bitrjyg] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [qyoisyc] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ejbbbex] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [svqemdv] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [unigqrg] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [sjoqwsn] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [hkufniw] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [qthcuyq] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [wlsnbrr] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ibaquin] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [uvoovxf] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [otmgyba] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [dgqrmjb] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [yqmyvyq] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [teomnhk] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [axixjie] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [xfiyflr] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [kxnveky] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [mfuwubu] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [lrjbbui] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [chparfs] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [cgejbol] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [rkcclha] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [glymeey] c:\windows.000\wgowxyi.exe
O4 - HKCU\..\Run: [trwnepu] c:\windows.000\wgowxyi.exe
O4 - HKCU\..\Run: [autwlrx] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [pgqtnbd] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [nlggvbw] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [fnvtmkd] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [expvfqf] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [wxrrcvm] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [neyswcq] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [dorofaa] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [buxhsjg] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [ajxuqam] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [weagviq] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [ksrkyjc] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [uvcdwmr] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [uatdpow] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [ehtgorr] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [foyptqe] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [xrvywsc] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [ebmtedb] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [kovwycr] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [pkkrikq] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [ljhybrf] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [wkebdtu] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [chgwikq] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [piufduk] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [uytyybt] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [stskcet] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [fcgqbqp] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [hesyhkb] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [abalkns] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [gkvbgqa] c:\windows.000\aodpdjv.exe
O4 - HKCU\..\Run: [xdxupef] c:\windows.000\aodpdjv.exe
O4 - HKCU\..\Run: [xvurabm] c:\windows.000\aodpdjv.exe
O4 - HKCU\..\Run: [mrtyhwc] c:\windows.000\aodpdjv.exe
O4 - HKCU\..\Run: [hgvddqa] c:\windows.000\aodpdjv.exe
O4 - HKCU\..\Run: [biaovde] c:\windows.000\aodpdjv.exe
O4 - HKCU\..\Run: [yxlyeeo] c:\windows.000\sgethpd.exe
O4 - HKCU\..\Run: [ihitsbf] c:\windows.000\sgethpd.exe
O4 - HKCU\..\Run: [gbcxxdi] c:\windows.000\sgethpd.exe
O4 - HKCU\..\Run: [ndjdkxs] c:\windows.000\sgethpd.exe
O4 - HKCU\..\Run: [qnvtpxa] c:\windows.000\sgethpd.exe
O4 - HKCU\..\Run: [lrqdvga] c:\windows.000\sgethpd.exe
O4 - HKCU\..\Run: [csykevw] c:\windows.000\sgethpd.exe
O4 - HKCU\..\Run: [etfetmj] c:\windows.000\mkpnwtn.exe
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - I:\files_files\Program****e\AIM\aim.exe
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\flsmngr.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102/335//main.chm::/update.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.000\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.000\SYSTEM32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.000\System32\CTSvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS.000\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Buckeye_Sam

Sometimes this infection takes a few steps. It usually doesn't go easily.

Download LSPFix from http://www.cexx.org/lspfix.zip and run it.
Check the I know what I'm doing box.
In the Keep box you should see one or more instances of the following files.

flsmngr.dll

Select every instance of this file, but no others, and move each one to the Remove box by clicking the >> button.
When you are done click Finish>>.



Download and run this tool.
http://www.spywareinfo.dk/download/mwav.exe

Once it's done please post the log from the scan and a new hijackthis log.

ru1n3r

Here we go...

Thu Jun 16 22:10:48 2005 => **********************************************************
Thu Jun 16 22:10:48 2005 => eScan AntiVirus Toolkit Utility.
Thu Jun 16 22:10:48 2005 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Thu Jun 16 22:10:48 2005 => **********************************************************
Thu Jun 16 22:10:48 2005 => Version 4.4.7
Thu Jun 16 22:10:48 2005 => Log File: I:\FILES_~1\PROGRA~1\KILLERS\mwav.log
Thu Jun 16 22:10:48 2005 => Latest Date of files inside MWAV: 17 Jun 2005 05:20:41.
Thu Jun 16 22:10:49 2005 => AV Library Loaded...
Thu Jun 16 22:10:49 2005 => Scanning File I:\FILES_~1\PROGRA~1\KILLERS\kavss.exe
Thu Jun 16 22:10:49 2005 => Scanning File I:\FILES_~1\PROGRA~1\KILLERS\Getvlist.exe
Thu Jun 16 22:10:49 2005 => Scanning File I:\FILES_~1\PROGRA~1\KILLERS\kavss.dll
Thu Jun 16 22:10:49 2005 => Scanning File I:\FILES_~1\PROGRA~1\KILLERS\kavssdi.dll
Thu Jun 16 22:10:49 2005 => Scanning File I:\FILES_~1\PROGRA~1\KILLERS\kavssi.dll
Thu Jun 16 22:10:49 2005 => Scanning File I:\FILES_~1\PROGRA~1\KILLERS\kavvlg.dll
Thu Jun 16 22:10:49 2005 => Scanning File I:\FILES_~1\PROGRA~1\KILLERS\msvlclnt.dll
Thu Jun 16 22:10:49 2005 => Scanning File I:\FILES_~1\PROGRA~1\KILLERS\ipc.dll
Thu Jun 16 22:10:49 2005 => Scanning File I:\FILES_~1\PROGRA~1\KILLERS\main.avi
Thu Jun 16 22:10:49 2005 => Scanning File I:\FILES_~1\PROGRA~1\KILLERS\virus.avi
Thu Jun 16 22:10:49 2005 => Virus Database Date: 2005/06/17
Thu Jun 16 22:10:49 2005 => Virus Database Count: 135132


And heres my hijackthis log....i've been on this site 24/7 trying to fix this for the past 2 days....so im not going anywhere...

Logfile of HijackThis v1.99.1
Scan saved at 10:12:46 PM, on 6/16/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\Ati2evxx.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS.000\System32\CTSvcCDA.EXE
C:\WINDOWS.000\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS.000\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS.000\System32\WBEM\WinMgmt.exe
C:\WINDOWS.000\System32\MsPMSPSv.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\system32\Ati2evxx.exe
C:\WINDOWS.000\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS.000\system32\WDBtnMgr.exe
C:\WINDOWS.000\SOUNDMAN.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS.000\system32\CTHELPER.EXE
C:\Program Files\Creative\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS.000\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\files_files\Program****e\KILLERS\HIJACKTHISBITCH\HijackThis.exe
I:\files_files\Program****e\KILLERS\mwavscan.com
I:\files_files\Program****e\KILLERS\kavss.exe
C:\WINDOWS.000\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-searchengine.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie-searchengine.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie-searchengine.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-searchengine.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie-searchengine.com/index.htm
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS.000\UpdReg.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [fykkkml] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [fqglrwd] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [uqwslkg] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [toeusfp] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [yxbstwu] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [rymihfl] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [dfqjine] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [glkbgsl] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [rkhdjve] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [kyiojxa] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [lsyapxt] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [unfhfuh] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ygkbyhl] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ocymber] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [huoenhr] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [iawqtal] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [wmbpodm] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ftfoamv] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [rkobkgq] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [qtlmtlu] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [xkgqjhi] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [jyvksbj] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [dshlumk] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [lnvftrx] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [aqgmura] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [cpmuimv] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [mfnxmsw] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [nuvkayv] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [natgnis] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ggmpswk] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [dqhnkqx] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [nuytlvf] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [iqqohds] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [tgdwkyq] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [xbybtaq] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [coqdtog] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [syhucdg] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [nukurxx] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [dogxxnd] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [uubnhut] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [lohxghr] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ithqnjc] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [mweclam] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [dchdcsd] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [tknneqo] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [wvkxnpl] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [erdideb] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [qsgdybi] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [gpiwkfk] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [yljfdhd] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [vbsxyuc] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ssobjbw] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [cqivwct] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ftmgjqq] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [njcudua] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [uavillx] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [vgkapgl] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [fubwbne] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [vemqawj] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [fdltdmd] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [mkvluwe] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ogagqdk] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [tiqqexr] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [fknexau] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [nhfcxat] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [upgjigs] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ranrlvp] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [cbenfgs] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [xmliqtf] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [kdmpyfy] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [polhvkv] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [bxdyxbk] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ysugthm] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [uwekeup] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [uqdqnng] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [frersrv] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [obuqkrs] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [jqrjgks] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [dfmnxeq] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [tstfcco] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ytkuteb] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [kyffevw] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [vkwkqea] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [rhfyanu] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [xmuvivs] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [gfstqlj] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [qsyjmnj] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [bitrjyg] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [qyoisyc] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ejbbbex] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [svqemdv] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [unigqrg] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [sjoqwsn] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [hkufniw] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [qthcuyq] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [wlsnbrr] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ibaquin] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [uvoovxf] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [otmgyba] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [dgqrmjb] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [yqmyvyq] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [teomnhk] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [axixjie] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [xfiyflr] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [kxnveky] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [mfuwubu] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [lrjbbui] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [chparfs] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [cgejbol] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [rkcclha] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [glymeey] c:\windows.000\wgowxyi.exe
O4 - HKCU\..\Run: [trwnepu] c:\windows.000\wgowxyi.exe
O4 - HKCU\..\Run: [autwlrx] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [pgqtnbd] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [nlggvbw] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [fnvtmkd] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [expvfqf] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [wxrrcvm] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [neyswcq] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [dorofaa] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [buxhsjg] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [ajxuqam] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [weagviq] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [ksrkyjc] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [uvcdwmr] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [uatdpow] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [ehtgorr] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [foyptqe] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [xrvywsc] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [ebmtedb] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [kovwycr] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [pkkrikq] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [ljhybrf] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [wkebdtu] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [chgwikq] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [piufduk] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [uytyybt] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [stskcet] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [fcgqbqp] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [hesyhkb] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [abalkns] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [gkvbgqa] c:\windows.000\aodpdjv.exe
O4 - HKCU\..\Run: [xdxupef] c:\windows.000\aodpdjv.exe
O4 - HKCU\..\Run: [xvurabm] c:\windows.000\aodpdjv.exe
O4 - HKCU\..\Run: [mrtyhwc] c:\windows.000\aodpdjv.exe
O4 - HKCU\..\Run: [hgvddqa] c:\windows.000\aodpdjv.exe
O4 - HKCU\..\Run: [biaovde] c:\windows.000\aodpdjv.exe
O4 - HKCU\..\Run: [yxlyeeo] c:\windows.000\sgethpd.exe
O4 - HKCU\..\Run: [ihitsbf] c:\windows.000\sgethpd.exe
O4 - HKCU\..\Run: [gbcxxdi] c:\windows.000\sgethpd.exe
O4 - HKCU\..\Run: [ndjdkxs] c:\windows.000\sgethpd.exe
O4 - HKCU\..\Run: [qnvtpxa] c:\windows.000\sgethpd.exe
O4 - HKCU\..\Run: [lrqdvga] c:\windows.000\sgethpd.exe
O4 - HKCU\..\Run: [csykevw] c:\windows.000\sgethpd.exe
O4 - HKCU\..\Run: [etfetmj] c:\windows.000\mkpnwtn.exe
O4 - HKCU\..\Run: [fomrjcl] c:\windows.000\mkpnwtn.exe
O4 - HKCU\..\Run: [oolovgi] c:\windows.000\mkpnwtn.exe
O4 - HKCU\..\Run: [qadghbp] c:\windows.000\mkpnwtn.exe
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - I:\files_files\Program****e\AIM\aim.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102/335//main.chm::/update.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.000\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.000\SYSTEM32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.000\System32\CTSvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS.000\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Buckeye_Sam

Fix these lines with Hijackthis and delete the associated files.

O4 - HKCU\..\Run: [fykkkml] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [fqglrwd] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [uqwslkg] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [toeusfp] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [yxbstwu] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [rymihfl] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [dfqjine] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [glkbgsl] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [rkhdjve] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [kyiojxa] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [lsyapxt] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [unfhfuh] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ygkbyhl] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ocymber] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [huoenhr] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [iawqtal] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [wmbpodm] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ftfoamv] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [rkobkgq] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [qtlmtlu] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [xkgqjhi] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [jyvksbj] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [dshlumk] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [lnvftrx] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [aqgmura] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [cpmuimv] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [mfnxmsw] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [nuvkayv] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [natgnis] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ggmpswk] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [dqhnkqx] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [nuytlvf] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [iqqohds] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [tgdwkyq] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [xbybtaq] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [coqdtog] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [syhucdg] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [nukurxx] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [dogxxnd] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [uubnhut] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [lohxghr] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ithqnjc] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [mweclam] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [dchdcsd] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [tknneqo] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [wvkxnpl] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [erdideb] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [qsgdybi] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [gpiwkfk] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [yljfdhd] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [vbsxyuc] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ssobjbw] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [cqivwct] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ftmgjqq] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [njcudua] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [uavillx] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [vgkapgl] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [fubwbne] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [vemqawj] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [fdltdmd] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [mkvluwe] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ogagqdk] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [tiqqexr] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [fknexau] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [nhfcxat] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [upgjigs] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ranrlvp] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [cbenfgs] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [xmliqtf] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [kdmpyfy] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [polhvkv] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [bxdyxbk] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ysugthm] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [uwekeup] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [uqdqnng] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [frersrv] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [obuqkrs] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [jqrjgks] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [dfmnxeq] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [tstfcco] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ytkuteb] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [kyffevw] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [vkwkqea] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [rhfyanu] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [xmuvivs] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [gfstqlj] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [qsyjmnj] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [bitrjyg] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [qyoisyc] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ejbbbex] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [svqemdv] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [unigqrg] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [sjoqwsn] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [hkufniw] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [qthcuyq] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [wlsnbrr] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [ibaquin] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [uvoovxf] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [otmgyba] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [dgqrmjb] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [yqmyvyq] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [teomnhk] c:\windows.000\cgadxca.exe
O4 - HKCU\..\Run: [axixjie] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [xfiyflr] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [kxnveky] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [mfuwubu] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [lrjbbui] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [chparfs] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [cgejbol] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [rkcclha] c:\windows.000\gsahyau.exe
O4 - HKCU\..\Run: [glymeey] c:\windows.000\wgowxyi.exe
O4 - HKCU\..\Run: [trwnepu] c:\windows.000\wgowxyi.exe
O4 - HKCU\..\Run: [autwlrx] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [pgqtnbd] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [nlggvbw] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [fnvtmkd] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [expvfqf] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [wxrrcvm] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [neyswcq] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [dorofaa] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [buxhsjg] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [ajxuqam] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [weagviq] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [ksrkyjc] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [uvcdwmr] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [uatdpow] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [ehtgorr] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [foyptqe] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [xrvywsc] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [ebmtedb] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [kovwycr] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [pkkrikq] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [ljhybrf] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [wkebdtu] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [chgwikq] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [piufduk] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [uytyybt] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [stskcet] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [fcgqbqp] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [hesyhkb] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [abalkns] c:\windows.000\nivmxwm.exe
O4 - HKCU\..\Run: [gkvbgqa] c:\windows.000\aodpdjv.exe
O4 - HKCU\..\Run: [xdxupef] c:\windows.000\aodpdjv.exe
O4 - HKCU\..\Run: [xvurabm] c:\windows.000\aodpdjv.exe
O4 - HKCU\..\Run: [mrtyhwc] c:\windows.000\aodpdjv.exe
O4 - HKCU\..\Run: [hgvddqa] c:\windows.000\aodpdjv.exe
O4 - HKCU\..\Run: [biaovde] c:\windows.000\aodpdjv.exe
O4 - HKCU\..\Run: [yxlyeeo] c:\windows.000\sgethpd.exe
O4 - HKCU\..\Run: [ihitsbf] c:\windows.000\sgethpd.exe
O4 - HKCU\..\Run: [gbcxxdi] c:\windows.000\sgethpd.exe
O4 - HKCU\..\Run: [ndjdkxs] c:\windows.000\sgethpd.exe
O4 - HKCU\..\Run: [qnvtpxa] c:\windows.000\sgethpd.exe
O4 - HKCU\..\Run: [lrqdvga] c:\windows.000\sgethpd.exe
O4 - HKCU\..\Run: [csykevw] c:\windows.000\sgethpd.exe
O4 - HKCU\..\Run: [etfetmj] c:\windows.000\mkpnwtn.exe
O4 - HKCU\..\Run: [fomrjcl] c:\windows.000\mkpnwtn.exe
O4 - HKCU\..\Run: [oolovgi] c:\windows.000\mkpnwtn.exe
O4 - HKCU\..\Run: [qadghbp] c:\windows.000\mkpnwtn.exe



Reboot and post a new hijackthis log.

ru1n3r

Ok...not sure if thats it but lets hope....

Logfile of HijackThis v1.99.1
Scan saved at 10:26:27 PM, on 6/16/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\Ati2evxx.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS.000\System32\CTSvcCDA.EXE
C:\WINDOWS.000\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS.000\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS.000\System32\WBEM\WinMgmt.exe
C:\WINDOWS.000\System32\MsPMSPSv.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\system32\Ati2evxx.exe
C:\WINDOWS.000\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS.000\system32\WDBtnMgr.exe
C:\WINDOWS.000\SOUNDMAN.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS.000\system32\CTHELPER.EXE
C:\Program Files\Creative\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
I:\files_files\Program****e\KILLERS\HIJACKTHISBITCH\HijackThis.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS.000\UpdReg.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - I:\files_files\Program****e\AIM\aim.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102/335//main.chm::/update.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.000\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.000\SYSTEM32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.000\System32\CTSvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS.000\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

ru1n3r

well I just want to thank you greatly for having the spyhunting knowledge that i can never possess......if i werent so manly id give you a hug...so i hope a "THANK YOU VERY MUCH!! YOURE THE BEST!" will do.....adios

Buckeye_Sam

You're not quite clean yet, although it does appear that the main infection is now gone.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

Viewpoint Manager
Viewpoint Media Player



Fix this line with hijackthis.

O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102/335//main.chm::/update.exe



Reboot and post one last hijackthis log.

ru1n3r

ok....im still having SOOOO much troubhle trying to play half-life on steam.... and very SECOND i deleted that last file on hijackthis that you told me to....i got an alert from norton that ithaqd detected a "Bloodhound.Exploit.6" and was unable to repair it or something...now i cant find it....

well heres my last log...hope this is it


Logfile of HijackThis v1.99.1
Scan saved at 1:34:31 AM, on 6/18/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\Ati2evxx.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS.000\System32\CTSvcCDA.EXE
C:\WINDOWS.000\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS.000\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS.000\System32\WBEM\WinMgmt.exe
C:\WINDOWS.000\System32\MsPMSPSv.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\system32\Ati2evxx.exe
C:\WINDOWS.000\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS.000\system32\WDBtnMgr.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS.000\system32\CTHELPER.EXE
C:\Program Files\Creative\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Symantec Shared\Nmain.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\files_files\Program****e\KILLERS\HIJACKTHISBITCH\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS.000\UpdReg.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - I:\files_files\Program****e\AIM\aim.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.000\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.000\SYSTEM32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.000\System32\CTSvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS.000\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Buckeye_Sam

Your log looks good.

Please run at least two of these online scans.
Make sure they are set to clean automatically

Panda Virus Scan

Bit Defender

TrendMicro Housecall

There will be files that these scans will not remove. Please include that information in your next post.


Reboot and post a new hijackthis log and the info from your virus scans.

ru1n3r

im running sooooo slowly....heres my bit defender report
BitDefender Online Scanner - Real Time Virus Report



Generated at: Sun, Jun 19, 2005 - 07:04:42

---

Scan Info



Scanned Files
51916

Infected Files
18








Virus Detected



Trojan.Delf.LY
2

Trojan.Dropper.Small.WV
2

BehavesLike:Trojan.StartPage
9

Adware.Wheaterbug.A
1

Trojan.Downloader.Adload.G
1

Trojan.Dropper.Small.ZP
2

Trojan.Proxy.Small.BK
1

---

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.




Here is my trend micro house call report.....


Virus Scan 0 virus cleaned, 0 virus deleted


Results:
We have detected 1 infected file(s) with 1 virus(es) on your computer. Only 0 out of 0 infected files are displayed: - 0 virus(es) passed, 0 virus(es) no action available
- 0 virus(es) cleaned, 0 virus(es) uncleanable
- 0 virus(es) deleted, 0 virus(es) undeletable
- 1 virus(es) not found, 0 virus(es) unaccessible
Detected File Associated Virus Name Action Taken
C:\WINDOWS.000\SYSTEM32\thn32.dll TROJ_SMALL.AKB File not found before action taken. Threat removed.




Trojan/Worm Check 0 worm/Trojan horse deleted

What we checked:
Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer.
Results:
We have detected 0 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed: - 0 worm(s)/Trojan(s) passed, 0 worm(s)/Trojan(s) no action available
- 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s) undeletable
Trojan/Worm Name Trojan/Worm Type Action Taken




Spyware Check 0 spyware program removed

What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet.
Results:
We have detected 4 spyware(s) on your computer. Only 0 out of 0 spywares are displayed: - 4 spyware(s) passed, 0 spyware(s) no action available
- 0 spyware(s) removed, 0 spyware(s) unremovable
Spyware Name Spyware Type Action Taken
COOKIE_442 Cookie Pass
COOKIE_3009 Cookie Pass
COOKIE_3188 Cookie Pass
COOKIE_3196 Cookie Pass




Microsoft Vulnerability Check 3 vulnerabilities detected

What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix.
Results:
We have detected 3 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.
Risk Level Issue How to Fix
Highly Critical This vulnerability enables a remote attacker to execute any file that can be rendered as text, and be opened as part of a page in Internet Explorer. MS03-014
Critical The MHTML URL Processing Vulnerability allows remote attackers to bypass domain restrictions and execute arbitrary code via script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers.This could allow an attacker to take complete control of an affected system. MS04-013
Moderate A denial of service (DoS) vulnerability exists in Outlook Express that could cause the said program to fail. The malformed email should be removed before restarting Outlook Express in order to regain its normal operation. MS04




and heres my hijackthis log....

Logfile of HijackThis v1.99.1
Scan saved at 7:10:48 AM, on 6/19/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\Ati2evxx.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS.000\System32\CTSvcCDA.EXE
C:\WINDOWS.000\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS.000\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS.000\System32\WBEM\WinMgmt.exe
C:\WINDOWS.000\System32\MsPMSPSv.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\system32\Ati2evxx.exe
C:\WINDOWS.000\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS.000\system32\CTHELPER.EXE
C:\Program Files\Creative\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
I:\files_files\Program****e\KILLERS\Microsoft Antispyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\files_files\Program****e\KILLERS\HIJACKTHISBITCH\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS.000\UpdReg.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - I:\files_files\Program****e\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.000\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.000\SYSTEM32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.000\System32\CTSvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS.000\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Buckeye_Sam

Your log is still clean. I don't see any reason why you would be running slow.

I'd recommend running a good registry cleaner and then defragging your hard drive. Aside from that I don't see anything else that I can do for you.

ru1n3r

well thank you for everything youve done and the time youve taken with me here

Buckeye_Sam

Glad I could help out.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.
   
   You can find instructions on how to enable and reenable system restore here:
   
   Managing Windows Millenium System Restore
   
   or
   
   Windows XP System Restore Guide
   
   Renable system restore with instructions from tutorial above
   
   
2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
   1. From within Internet Explorer click on the Tools menu and then click on Options.
   2. Click once on the Security tab
   3. Click once on the Internet icon so it becomes highlighted.
   4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
         
      2. Change the Download unsigned ActiveX controls to Disable
         
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
         
      4. Change the Installation of desktop items to Prompt
         
      5. Change the Launching programs and files in an IFRAME to Prompt
         
      6. Change the Navigate sub-frames across different domains to Prompt
         
      7. When all these settings have been made, click on the OK button.
         
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
   5. Next press the Apply button and then the OK to exit the Internet Properties page.
   
   
3. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
   
   See this link for a listing of some online & their stand-alone antivirus programs:
   
   Virus, Spyware, and Malware Protection and Removal Resources
   
   
4. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
   
   For a tutorial on Firewalls and a listing of some available ones see the link below:
   
   Understanding and Using Firewalls
   
   
6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
   
7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
   
   A tutorial on installing & using this product can be found here:
   
   Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
   
   
8. Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
   
   A tutorial on installing & using this product can be found here:
   
   Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
   
   
9. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
   
   A tutorial on installing & using this product can be found here:
   
   Using SpywareBlaster to protect your computer from Spyware and Malware
   
   
10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.