Help with popups
AdAware and CCleaner dont work - here is a list from hijackthis- any help would be appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 10:24:28 AM, on 1/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Gateway\EzTune\dtsrvc.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Gateway\EzTune\dthtml.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\qbw32.exe
C:\PROGRA~1\Intuit\QUICKB~1\AXLBRI~1.EXE
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Drivers\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cgi?uid=0&id=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cgi?uid=0&id=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cgi?uid=0&id=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cgi?uid=0&id=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll
O2 - BHO: WebBar Class - {EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\APPLIE~1\Bar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [q34W34X] mqgtils.exe
O4 - HKLM\..\Run: [eltupt] C:\WINDOWS\eltupt.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on HP1-AT5QGAAC3Z] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P53 "Auto EPSON Stylus Photo R200 Series on HP1-AT5QGAAC3Z" /O25 "\\HP1-AT5QGAAC3Z\Printer3" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on YOUR-AT5QGAAC3Z] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P54 "Auto EPSON Stylus Photo R200 Series on YOUR-AT5QGAAC3Z" /O26 "\\YOUR-AT5QGAAC3Z\Printer2" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EzTune.lnk = C:\Program Files\Gateway\EzTune\dthtml.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0032.exe
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0009.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60/code/iPIX-ImageWell-ipix.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\o266lcjs1fo6.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\dtsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Logfile of HijackThis v1.99.1
Scan saved at 10:24:28 AM, on 1/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Gateway\EzTune\dtsrvc.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Gateway\EzTune\dthtml.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\qbw32.exe
C:\PROGRA~1\Intuit\QUICKB~1\AXLBRI~1.EXE
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Drivers\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cgi?uid=0&id=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cgi?uid=0&id=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cgi?uid=0&id=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cgi?uid=0&id=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll
O2 - BHO: WebBar Class - {EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\APPLIE~1\Bar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [q34W34X] mqgtils.exe
O4 - HKLM\..\Run: [eltupt] C:\WINDOWS\eltupt.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on HP1-AT5QGAAC3Z] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P53 "Auto EPSON Stylus Photo R200 Series on HP1-AT5QGAAC3Z" /O25 "\\HP1-AT5QGAAC3Z\Printer3" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on YOUR-AT5QGAAC3Z] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P54 "Auto EPSON Stylus Photo R200 Series on YOUR-AT5QGAAC3Z" /O26 "\\YOUR-AT5QGAAC3Z\Printer2" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EzTune.lnk = C:\Program Files\Gateway\EzTune\dthtml.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0032.exe
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0009.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60/code/iPIX-ImageWell-ipix.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\o266lcjs1fo6.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\dtsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
This discussion has been closed.
Comments
Follow these steps:
Step 1
Go to Add/Remove programs in Control Panel and look for the following
winupdates
WebBar Class
If found, please uninstall.
Step 2
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
Download CWShredder from here. Check for updates first and then Run a scan by pressing the *fix* button. Close all browser and explorer windows before hitting *fix*.
Step 3
Check the following in HJT and click 'Fix Checked' - Close ALL open Browsers first
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cgi?uid=0&id=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cgi?uid=0&id=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cgi?uid=0&id=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cgi?uid=0&id=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R3 - Default URLSearchHook is missing
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll
O2 - BHO: WebBar Class - {EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\APPLIE~1\Bar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [q34W34X] mqgtils.exe
O4 - HKLM\..\Run: [eltupt] C:\WINDOWS\eltupt.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0032.exe
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0009.exe
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60/code/iPIX-ImageWell-ipix.cab
Step 4
View hidden files and folders – explained here
Step 5
Find and Delete the following
C:\WINDOWS\eltt.dll << this file
C:\WINDOWS\eltupt.exe << this file
C:\PROGRA~1\APPLIE~1 << this folder
C:\Program Files\winupdates << this folder
We need to do a search. Click Start > Search > All Files and Folders.
Expand Search Options, check Advanced Options, check Search system folders, Search hidden files and folders, and Search Subfolders.
Paste this into the Search for files and folders named box:
mqgtils.exe
If any of these files are found please delete them.
Step 6
Run Ewido (Do not use the computer while Ewido is scanning as it may interrupt the scan)
- Click on scanner
- Click Complete System Scan and the scan will begin.
- NOTE: During some scans with ewido it is finding cases of false positives.
- You will need to step through the process of cleaning files one-by-one.
- If ewido detects a file you KNOW to be legitimate, select none as the action.
- DO NOT select "Perform action on all infections"
- If you are unsure of any entry found select none for now.
- When the scan is finished, click the Save report button at the bottom of the screen.
- Save the report to your desktop
Close EwidoStep 7
Restart your computer and please post a new HijackThis log, as well as the log from the Ewido scan.
Logfile of HijackThis v1.99.1
Scan saved at 12:28:16 PM, on 1/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Gateway\EzTune\dtsrvc.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Gateway\EzTune\dthtml.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Drivers\HijackThis.exe
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on HP1-AT5QGAAC3Z] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P53 "Auto EPSON Stylus Photo R200 Series on HP1-AT5QGAAC3Z" /O25 "\\HP1-AT5QGAAC3Z\Printer3" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on YOUR-AT5QGAAC3Z] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P54 "Auto EPSON Stylus Photo R200 Series on YOUR-AT5QGAAC3Z" /O26 "\\YOUR-AT5QGAAC3Z\Printer2" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EzTune.lnk = C:\Program Files\Gateway\EzTune\dthtml.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\o266lcjs1fo6.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\dtsrvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
_________________________________________________________________
ewido anti-malware - Scan report
+ Created on: 12:22:49 PM, 1/13/2006
+ Report-Checksum: B6FDAC0
+ Scan result:
HKLM\SOFTWARE\Classes\ANSMTP.MassSender -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.MassSender\CLSID -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.MassSender\CurVer -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.MassSender.1 -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ\CLSID -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ\CurVer -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ.1 -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CABCF5E7-0C79-4F1C-909D-B9CF68FED746} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{DB9A4E78-35DF-4A54-B6C5-C5190CEAF949} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WSG.WSGObj -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WSG.WSGObj\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\tsvcin -> Spyware.Look2Me : Cleaned with backup
HKU\S-1-5-21-484763869-1220945662-839522115-1003\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-484763869-1220945662-839522115-1003\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-484763869-1220945662-839522115-1003\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-484763869-1220945662-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} -> Spyware.NewtonKnows : Cleaned with backup
HKU\S-1-5-21-484763869-1220945662-839522115-1003\Software\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\3D Desktop Xmas Desktop Screensaver 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\3D War Chess 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\4x4 Evolution.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\50 Extra Cars In Most Wanted Mod.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\AFL Premiership 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Alcohol 120% 1.9.5.2802.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\American Pie Band Camp.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Arovax AntiSpyware 1.0.422.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Ashampoo Burning Studio 5.0.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Ashampoo Photo Commander 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Autodesk 3ds Max Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Avalanche Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Barbie Beauty Styler.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Batch Image Resizer 2.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\BatchRename 2 2.70.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Bejeweled 2 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Bejeweled 2 Deluxe Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Best of Dance 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Broken Sword 3 - Sleeping Dragon.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\BurnerSoft Smart DVD CD Burner 3.0.42.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Carrara 5.02+Video Training.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Chuzzle Deluxe Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Civilization IV.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Clean Up Men (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Comics Coloring pages for kids.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\CopyToDVD 3.0.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\CPU Guard 1.2.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\CrazyTalk 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Daemon Tools 4.0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Diagrams.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\DirectX December 2005 Release.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\DSL Speed 3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\DSS DJ 5.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\DVD X Player Professional 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\DVDIdle Pro 5.9.6.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\DVDIdle Pro 5.968.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\DVDX Platinum 2.1.0.43.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\EF Commander XP 4.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Eminem - Curtain Call.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Eminem - Encore - Complete CD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Empire Earth II.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Evil Dead Regeneration.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Feeding Frenzy Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\FinePrint 5.41 Enterprise.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\FixerLabs FixerBundle 1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\FL Studio Edition 6.0.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Freedom Fighters.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\FruityLoops Studio 6.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\GDF Magic Tools 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Go2PDF Virtual PDF Printer 1.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\GTA Vice City - Long Night Mod.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Harry Potter And The Goblet Of Fire - High Quality.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Hirens BootCD 7.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Home on the Range (2004) P2m.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Honestech VHS To DVD 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\HyperHide 1.3.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Ice Puzzle Deluxe 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Inquiry Standard Edition 1.3 SR1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Insaniquarium Deluxe Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\K-Lite Mega Codec Pack 1.46.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\K-Lite Mega Codec Pack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\King Kong (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\King Kong 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\King Kong.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Limewire Pro 4.10.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\LinkGrabber 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Macromedia Flash Pro8 Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\MahJong Suite 2005 2.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\ManMadeMan - The Legend Remixes (2006).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\MemInfo 1.75.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Microsoft Office Pro 12 Beta 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Miss Venezuela 2005 Nude.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\MOBILedit! 1.98.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Mortal Combat 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\MSN Messenger 8 Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Musicmatch Jukebox 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Namco Museum 50th Anniversary 120MB.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Need for Speed Most Wanted Black.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Nero 7 Plugins Pack Pro 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Net Meter 3.0.239.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Net Transport 2.02.307.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\NoClone 3.2.45.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Norton AntiVirus 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Norton SystemWorks 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Office DocumentsRescue Professional 3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Offline Explorer 4.0 SR2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Offline Explorer Enterprise 4.0 SR2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Offline Explorer Pro 4.0 SR2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\One Click CD Converter 1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Page2CHM 2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Panda Titanium Antivirus Plus Antispyware 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Password Agent 2.3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Password Boss 1.49.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\PC BackUp 2005 7.3.0.18.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\PC-Cillin Internet Security 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Perfect Keylogger 1.62.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Photocopier Pro 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\PhotoLightning 4.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Power Video Converter 1.5.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\PowerDVD Copy 1.0.0.701.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\PowerISO 2.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Prince Of Persia The Two Thrones.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\ProShow Producer 2.6.1749.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Rar Key 7.0.1180.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Rayman 2 - The Great Escape.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Reflexive Arcade 12 in 1 Pack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\RegDoctor 1.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Remote Administrator 2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\RioDVD 3.11 Including Gold.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\RocketMania Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Rumor Has It. (2005) Kvcd.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\SamLogic MultiMailer Professional 4.0.14 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Scary Movie 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Serious Sam 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Shopping Cart Professional 6.09.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Silent Hill 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Space Rangers 2 Special.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Split PDF 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\SpyStopper Pro 4.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\SpywareBlaster 3.5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Super File Encryption 3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Super Taxi Driver 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\SuperAVConverter 6.2.110.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\SuperVideoCap 4.39.520.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\SWF to Video Converter Pro 4.91.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\SWFKit Pro 2.2 R2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\The Chronicles Of Narnia (Soundtrack).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\The Mop! 3.71.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\The Myth (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\The Sims 2 Christmas Party Pack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\The Ultimate Troubleshooter 2.72.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\TM #6468.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Trainz Railroad Simulator 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Trojan Remover 6.4.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\TweakNow PowerPack 2006 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\TweakNT - Removes Windows Timebomb.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Typograf 4.8f.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Ulead DVD MovieFactory 4.0 TBYB.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\UltraISO Media Edition 7.65.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\VCOM SystemSuite Professional 6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Video to SWF Converter 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Virtual CD 7.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Vista Tranformation Pack 2 XP.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Weather Watcher 5.6.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\WebcamXP Pro ver. 2.18.242.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Where The Truth Lies (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Windows XP Live Edition 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\WINner Tweak 3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\WinUtilities 1.6.0101.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\WinXP Manager 4.9.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\X2 Wolverine Revenge.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\XoftSpy 4.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\XP Smoker 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\ZoneAlarm Pro 6.1.737.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\ZoneAlarm Security Suite 6.1.737.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\ZoneAlarm Wireless Security 5.5.094.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\ZoneAlarm With Anti-Spyware 6.1.737.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Zoo Tycoon 2 Endangered.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Complete\Zuma Deluxe Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Cookies\jeff [email]dean@ad.yieldmanager[2].txt[/email] -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Cookies\jeff [email]dean@advertising[2].txt[/email] -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Cookies\jeff [email]dean@atdmt[1].txt[/email] -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Cookies\jeff [email]dean@com[2].txt[/email] -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Cookies\jeff [email]dean@data.coremetrics[1].txt[/email] -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Cookies\jeff [email]dean@doubleclick[2].txt[/email] -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Cookies\jeff [email]dean@edge.ru4[1].txt[/email] -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Cookies\jeff [email]dean@ehg-ati.hitbox[2].txt[/email] -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Cookies\jeff [email]dean@hitbox[2].txt[/email] -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Cookies\jeff [email]dean@sales.liveperson[1].txt[/email] -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Cookies\jeff [email]dean@trafficmp[1].txt[/email] -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Cookies\jeff [email]dean@tribalfusion[1].txt[/email] -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Cookies\jeff [email]dean@yieldmanager[2].txt[/email] -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jeff Dean\Cookies\jeff [email]dean@z1.adserver[1].txt[/email] -> Spyware.Cookie.Adserver : Cleaned with backup
C:\limewire\Norton Antivirus 2005 - Key Generator\Internet Security 2005 Key Generator\KEY GENERATOR.EXE -> Dropper.Delf.fd : Cleaned with backup
C:\limewire\Norton Antivirus 2005 - Key Generator.zip/Internet Security 2005 Key Generator/KEY GENERATOR.EXE -> Dropper.Delf.fd : Cleaned with backup
C:\limewire\Solid Converter PDF Pro 3.0\Setup.exe -> Worm.VB.an : Cleaned with backup
C:\limewire\Solid Converter PDF Pro 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\RECYCLER\S-1-5-21-484763869-1220945662-839522115-1003\Dc10.exe -> Worm.VB.an : Cleaned with backup
C:\RECYCLER\S-1-5-21-484763869-1220945662-839522115-1003\Dc3.exe -> Downloader.OneClickSearch.k : Cleaned with backup
C:\RECYCLER\S-1-5-21-484763869-1220945662-839522115-1003\Dc8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\RECYCLER\S-1-5-21-484763869-1220945662-839522115-1003\Dc9.tmp -> Worm.VB.an : Cleaned with backup
C:\WINDOWS\autoload.exe -> Not-A-Virus.Tool.Autoloader : Cleaned with backup
C:\WINDOWS\icont.exe -> Spyware.AdURL : Cleaned with backup
C:\WINDOWS\system32\alucfgx.exe -> Downloader.Apropo.ac : Cleaned with backup
C:\WINDOWS\system32\Cache\dist006.exe -> Downloader.VB.eu : Cleaned with backup
C:\WINDOWS\system32\Cache\pi1_60.exe -> Downloader.Small.aal : Cleaned with backup
I:\PC\My Download Files\new\Medal of Honor Add Blood Effects.exe -> Dropper.Small.f : Cleaned with backup
::Report End
FlaCPY
If found, please uninstall.
===========
Run HiJackThis then:
1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"
-
Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:
C:\Program Files\Common Files\Java\flacpy.exe
Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain
===========
Check the following in HJT and click 'Fix Checked' - Close ALL open Browsers first
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\o266lcjs1fo6.dll (file missing)
===========
Find and Delete the following:
C:\Program Files\Common Files\Java\flacpy.exe << this file
==========
Reboot and post a new HJT log
Do you have a Anti-Virus and firewall on your computer?
Scan saved at 4:00:53 PM, on 1/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Gateway\EzTune\dtsrvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Gateway\EzTune\dthtml.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Drivers\HijackThis.exe
C:\WINDOWS\system32\HPBPRO.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on HP1-AT5QGAAC3Z] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P53 "Auto EPSON Stylus Photo R200 Series on HP1-AT5QGAAC3Z" /O25 "\\HP1-AT5QGAAC3Z\Printer3" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on YOUR-AT5QGAAC3Z] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P54 "Auto EPSON Stylus Photo R200 Series on YOUR-AT5QGAAC3Z" /O26 "\\YOUR-AT5QGAAC3Z\Printer2" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EzTune.lnk = C:\Program Files\Gateway\EzTune\dthtml.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\dtsrvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
If not, then get these
Anti-Virus
AVG Free Edition
Firewall
Zone Alarm
NOTE: You should only have one of each
How are things now?
Logfile of HijackThis v1.99.1
Scan saved at 11:15:01 AM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Gateway\EzTune\dtsrvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Gateway\EzTune\dthtml.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Drivers\HijackThis.exe
C:\WINDOWS\system32\HPBPRO.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on HP1-AT5QGAAC3Z] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P53 "Auto EPSON Stylus Photo R200 Series on HP1-AT5QGAAC3Z" /O25 "\\HP1-AT5QGAAC3Z\Printer3" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on YOUR-AT5QGAAC3Z] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P54 "Auto EPSON Stylus Photo R200 Series on YOUR-AT5QGAAC3Z" /O26 "\\YOUR-AT5QGAAC3Z\Printer2" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EzTune.lnk = C:\Program Files\Gateway\EzTune\dthtml.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\dtsrvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Try this scan:
Please download VundoFix.exe to your desktop.
Logfile of HijackThis v1.99.1
Scan saved at 1:55:55 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Gateway\EzTune\dtsrvc.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Gateway\EzTune\dthtml.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\WinPortrait\floater.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Drivers\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on HP1-AT5QGAAC3Z] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P53 "Auto EPSON Stylus Photo R200 Series on HP1-AT5QGAAC3Z" /O25 "\\HP1-AT5QGAAC3Z\Printer3" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on YOUR-AT5QGAAC3Z] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P54 "Auto EPSON Stylus Photo R200 Series on YOUR-AT5QGAAC3Z" /O26 "\\YOUR-AT5QGAAC3Z\Printer2" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EzTune.lnk = C:\Program Files\Gateway\EzTune\dthtml.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37520.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\dtsrvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Make sure you only have ONE of each
===
Your HJT log is clean.
Are you still having problems?
Do a full system scan with the Anti-Virus and list any files that could not be removed here.
Let me know how things go