I need help with identifying trojans etc. on my logfile. [closed due to duplicate]
Here is my logfile that I recieved off of a recommended program called HiJackThis. I don't know which registry files to delete. If I could get some help with that, that would be great!
Logfile of HijackThis v1.99.1
Scan saved at 8:33:10 PM, on 8/6/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\ati2evxx.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\Compaq\COMPAQ~3\hibserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\taskmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDBVt3B+BXauuMSGS5seB5UMeDlzbHYj+/2lUO0qDKR5EmJiqd5ZF5HT4wQdeAQARPHvE/0eZq+S3bQMPxxnqRv8FD4kid+m7RAI7RUcrPvjT5whVf0LH0OogKnGDpUlI9h2rxdIgUg5HmNUxQOydMgebtTAPpnaKf
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/Ywt/2xYhTlJWsBlSAONGafHXtgyLxK0KKGQZuoiF3cOZmo40n3pixD7aQl4YP8cV/awmrNHJeZDRE=
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
F3 - REG:win.ini: load=,
F3 - REG:win.ini: run=,
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\3.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINNT\System32\SearchTool\nsl68.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll (file missing)
O3 - Toolbar: Need2Find Bar - {4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\3.bin\ND2FNBAR.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\SYSTEM32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\HotKey Software\hkss.exe
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [twn] C:\WINNT\twn.exe
O4 - HKLM\..\Run: [Oomfc] C:\Program Files\Dvtbes\Ftpcnc.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DXDllRegExe] C:\WINNT\System32\dxdllreg.exe
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [EmpireEarthIISetup.exe] C:\DOWNLO~1\EMPIRE~1.EXE /r
O4 - HKCU\..\Run: [AutoSpell] C:\Program Files\Autospell60\autospel.exe
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINNT\inf\unregmp2.exe /Fixups
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Anti-Virus&Trojan.lnk = C:\Program Files\Anti-Virus&Trojan\Anti-Virus&Trojan.exe
O4 - Global Startup: MSWin.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\DOCUME~1\Mason\Desktop\MASONS~1\OFFICE~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: spellchecker - C:\Program Files\Autospell60\IEspellchecker.htm
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://goalscorer.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - Winlogon Notify: style2 - C:\WINNT\q20395527_disk.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2evxx.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~3\hibserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
Logfile of HijackThis v1.99.1
Scan saved at 8:33:10 PM, on 8/6/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\ati2evxx.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\Compaq\COMPAQ~3\hibserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\taskmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDBVt3B+BXauuMSGS5seB5UMeDlzbHYj+/2lUO0qDKR5EmJiqd5ZF5HT4wQdeAQARPHvE/0eZq+S3bQMPxxnqRv8FD4kid+m7RAI7RUcrPvjT5whVf0LH0OogKnGDpUlI9h2rxdIgUg5HmNUxQOydMgebtTAPpnaKf
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/Ywt/2xYhTlJWsBlSAONGafHXtgyLxK0KKGQZuoiF3cOZmo40n3pixD7aQl4YP8cV/awmrNHJeZDRE=
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
F3 - REG:win.ini: load=,
F3 - REG:win.ini: run=,
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\3.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINNT\System32\SearchTool\nsl68.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll (file missing)
O3 - Toolbar: Need2Find Bar - {4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\3.bin\ND2FNBAR.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\SYSTEM32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\HotKey Software\hkss.exe
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [twn] C:\WINNT\twn.exe
O4 - HKLM\..\Run: [Oomfc] C:\Program Files\Dvtbes\Ftpcnc.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DXDllRegExe] C:\WINNT\System32\dxdllreg.exe
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [EmpireEarthIISetup.exe] C:\DOWNLO~1\EMPIRE~1.EXE /r
O4 - HKCU\..\Run: [AutoSpell] C:\Program Files\Autospell60\autospel.exe
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINNT\inf\unregmp2.exe /Fixups
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Anti-Virus&Trojan.lnk = C:\Program Files\Anti-Virus&Trojan\Anti-Virus&Trojan.exe
O4 - Global Startup: MSWin.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\DOCUME~1\Mason\Desktop\MASONS~1\OFFICE~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: spellchecker - C:\Program Files\Autospell60\IEspellchecker.htm
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://goalscorer.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - Winlogon Notify: style2 - C:\WINNT\q20395527_disk.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2evxx.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~3\hibserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
0
This discussion has been closed.
Comments
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=w...dMgebtTAPpnaKf
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=w.../awmrNHJeZDRE=
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0. dll (file missing)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\3.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0. dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll (file missing)
O3 - Toolbar: Need2Find Bar - {4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\3.bin\ND2FNBAR.DLL (file missing)
O4 - HKLM\..\Run: [Oomfc] C:\Program Files\Dvtbes\Ftpcnc.exe
O18 - Filter: text/plain - (no CLSID) - (no file)
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
Fix these in HJT and post a new log. Are you having any problems, or is this just precautionary measure?
Thanks...
Update it, then run a complete system scan. Save a log file and post that here alongside your hijackthis log file.
Logfile of HijackThis v1.99.1
Scan saved at 6:55:37 PM, on 8/10/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\ati2evxx.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\Compaq\COMPAQ~3\hibserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
F3 - REG:win.ini: load=,
F3 - REG:win.ini: run=,
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINNT\System32\SearchTool\nsl68.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\SYSTEM32\msdxm.ocx (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\HotKey Software\hkss.exe
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [twn] C:\WINNT\twn.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DXDllRegExe] C:\WINNT\System32\dxdllreg.exe
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [EmpireEarthIISetup.exe] C:\DOWNLO~1\EMPIRE~1.EXE /r
O4 - HKCU\..\Run: [AutoSpell] C:\Program Files\Autospell60\autospel.exe
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINNT\inf\unregmp2.exe /Fixups
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: MSWin.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\DOCUME~1\Mason\Desktop\MASONS~1\OFFICE~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: spellchecker - C:\Program Files\Autospell60\IEspellchecker.htm
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://goalscorer.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: style2 - C:\WINNT\q20395527_disk.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2evxx.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~3\hibserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
ewido anti-spyware - Scan Report
+ Created at: 6:52:16 PM 8/10/2006
+ Scan result:
HKU\S-1-5-21-1854688153-808992556-1696275913-1000\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6AC3806F-8B39-4746-9C38-6B01CB7331FF} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\EMediaCodec.Chl -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\EMediaCodec.Chl\CLSID -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Media-Codec.Chl -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Media-Codec.Chl\CLSID -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\oiggsckrlq\csrss.exe -> Backdoor.Landis.k : Cleaned with backup (quarantined).
C:\WINNT\q20377781_disk.dll -> Downloader.Delf.lh : Cleaned with backup (quarantined).
C:\WINNT\q20395527_disk.dll -> Downloader.Delf.lh : Cleaned with backup (quarantined).
[176] C:\WINNT\q20395527_disk.dll -> Downloader.Delf.lh : Error during cleaning.
C:\Documents and Settings\Mason\Local Settings\Temp\aino.exe -> Dropper.Small.act : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Local Settings\Temp\amob.exe -> Dropper.Small.act : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\fw.dll -> Proxy.Agent.df : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Cookies\mason@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@e-2dj6wjmigoajelp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@ehg-ifilm.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Mason\Cookies\mason@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINNT\SYSTEM32\OLEADM.DL$ -> Trojan.Agent.ff : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Local Settings\Temp\rsysinit.exe -> Trojan.ExitWin.z : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\rynoplgs.exe -> Trojan.LowZones.dm : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\lich.exe -> Trojan.LowZones.dm : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\rock.exe -> Trojan.LowZones.dm : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ld11D6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ld18FD.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ld1B9E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ld1D0E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ld2319.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ld28DE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ld2D06.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ld2F30.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ld3644.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ld3A6C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ld4A0B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ld4C8A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ld4DD1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ld56B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ld6734.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ld74B4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ld75D1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ld9651.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ld9A3D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ldA9D8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ldB080.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ldB8E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ldCF62.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ldEF8A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ldEFA8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ldF4F5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\1024\ldF7FB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\boopkptk.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\bygoudrn.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\byxxcclt.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\cblhigsy.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\csbhxcsm.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\ehfmukbo.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\ermqehui.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\fa.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\foonbsqm.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\gbkdzzpb.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\gbqsjrlh.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\gixyekgu.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\gpobnbga.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\hdpdguus.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\hgffexcg.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\hwvzepcj.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\ighesiqz.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\jpyxkldu.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\jutjfmte.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\kpbdtjop.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\kvgjpigm.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\mflbyydw.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\mxwmkxfe.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\nbqlgkdw.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\nmunohnz.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\nozkrvdu.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\pvvlkxze.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\qbvbmcmt.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\qolwpuff.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\qxewwblp.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\rlobqbbg.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\rmvoujbx.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\sa.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\sdlbjlfn.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\tsilsvem.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\uctwemnt.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\unokxpsi.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\vdlqnlnr.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\wdtmslgp.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\xmxwwpot.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\ynzljsrw.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\zlypwcwn.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\zrcctqcw.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\zxhmklbr.exe -> Trojan.Small.ev : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\10000+ Serials.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\246 Arcade Games.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\50 Cent - The Massacare (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\AIO Rapidshare Tools.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Adobe GoLive CS2 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Advanced Uninstaller Pro 2005 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Alive Video Converter 2.5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\AntiTracer 1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\AnyDVD 3.9.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\ArtMoney 7.14.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Ashampoo Magic Security 1.55.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Batman Begins.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Battlefield 1942 and Battlefield 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Blaze VideoMagic 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Boris RED 3GL incl Plugins.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\C-Organizer Professional 3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Cheetah DVD Burner 1.49.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Clipboard Box 2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Corel WordPerfect Office 12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\CorelDRAW Graphics Suite 12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Cute CD DVD Burner 2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\DVD to AVI DivX MPEG Ripper converts 7gb.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\DVDFab Platinum Edition 2.89.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\DVDIdle Pro 5.89.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\DWG And DXF To PDF Converter.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\DZSoft PHP Editor 3.5.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Dating for Sex, an eBook Collection.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Default Printer 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Digital Audio Editor 2.9.1.475.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\DiskExplorer for NTFS 2.31.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Download Tunnel Me 2.0.1 , set up tunne.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\EditPlus V. 2.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Fat Joe - All Or Nothing (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\File Utilities.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\FileRecoveryAngel 1.06.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\FixDown 0dayRetailFull The Mega List.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Foxy 1.0.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\HTMLRunExe 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Half-Life2 Antlion Troopers Deuce.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\HiDownload 6.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Hitman 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\I-Sound WMA MP3 Recorder Pro 6.57.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\ImTOO Mpeg Encoder 2.1.55.1008b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\KeyView 2.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Lavavo CD Ripper 4.17.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Lil Kim - The Naked Truth (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Lord Of The Ring Audio Books.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Macro Recorder 2.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\MaxBulk Mailer 4.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Maxthon.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Mcft Windows XP Scene Edition 1.6 INTER.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Microsoft Antispyware.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Microsoft Windows Vista.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Moto GP 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Nero Burning ROM 6.6.0.14.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Network Security Bible.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\New 115 Top Software.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Norton Ghost 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\OSS Audio CD Maker 3.0.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\OSS Audio Converter Pro 5.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\PDF2Word 1.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\PHPMaker 3.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Panda Titanium Antivirus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Paris Hilton Diary Hacked.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\PicturesToExe 4.42.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Pinnacle TitleDeko Pro 2.0.1634.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Plato DVD Ripper 1.31.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Pop up Blocker Pro 7.0.5j.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\PowerArchiver 2004 9.00.30.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\PowerGREP 3.2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Private Magazine Editon 82.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\ProgeCAD 2006 Professional.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\QuickTime Alternative 1.63.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\QuickTime Pro 6.5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Rapidshare premimum accounts.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Rapidshare premium 100 accounts.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Raxco PerfectDisk 7.0.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Real Alternative 1.44.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Recover My Photos 2.80.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Remote Password Stealer 2.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Reportizer 2.2.5.73.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Ringtones, Games for Cellphones 781 Fi.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\SD SmartMouse 1.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\SD WinHider 1.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\SMS Create Pro 5.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\SQL Server Backup 4.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Scansoft OmniPage Pro 15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Screen VidShot 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Sim Girls 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Simpsons hit and run.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\SmartMOUSE 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Sothink DHTMLMenu 6.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\SpamWasher 2.0.1000.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\SpyAnytime PC Spy 2.41.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Super Video Converter 1.2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Super Video Joiner 1.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Supermario.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Symantec Norton AntiVirus Corporate 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\THE ART OF KISSING by Hugh Morris.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\TVolution 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Torrent Eminem Dont call me.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Torrent Waiting (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Tricks of the Windows Game Programming G.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Trojan Remover 6.3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Troubleshooting Your PC for Dummies 2ND.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\UFS Explorer 1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\URL Helper 2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Ulead PhotoImpact 11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\UltraISO 7.65.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Visual Basic Game Programming For Teens.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Visual.CertExam.Suite 1.7.542.CHiCNCREA.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Voice Technology Software AIO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\WINner Tweak 3.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Warez P2P 2.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Webroot Window Washer 6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\WinRAR 3.51 (final).zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Windows XP.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Xiao Steganography 1.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Mason\Complete\Your Uninstaller! 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Program Files\winupdates\a.tmp -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Program Files\winupdates\winupdates.exe -> Worm.VB.an : Cleaned with backup (quarantined).
::Report end
Thanks a billion!
Mandt6
Logfile of HijackThis v1.99.1
Scan saved at 11:15:04 AM, on 8/15/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Compaq\COMPAQ~3\hibserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\Atiptaxx.exe
C:\Program Files\Compaq\HotKey Software\hkss.exe
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\WINNT\loadqm.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MSWin.exe
C:\WINNT\TEMP\win27B.tmp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINNT\System32\MsiExec.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
F3 - REG:win.ini: load=,
F3 - REG:win.ini: run=,
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\SYSTEM32\msdxm.ocx (file missing)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\HotKey Software\hkss.exe
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [twn] C:\WINNT\twn.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [3508b015.exe] C:\WINNT\System32\3508b015.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [EmpireEarthIISetup.exe] C:\DOWNLO~1\EMPIRE~1.EXE /r
O4 - HKCU\..\Run: [AutoSpell] C:\Program Files\Autospell60\autospel.exe
O4 - HKCU\..\Run: [3508b015.exe] C:\Documents and Settings\Mason\Local Settings\Application Data\3508b015.exe
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: MSWin.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\DOCUME~1\Mason\Desktop\MASONS~1\OFFICE~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: spellchecker - C:\Program Files\Autospell60\IEspellchecker.htm
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://goalscorer.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155270726395
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2evxx.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~3\hibserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
Download XCleaner and Execute the program.
♣Reboot
♣Scan Your Computer Again
♣Post another HiJackThis Log
Scan saved at 3:16:17 PM, on 8/15/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\ati2evxx.exe
C:\PROGRA~1\Compaq\COMPAQ~3\hibserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\Atiptaxx.exe
C:\Program Files\Compaq\HotKey Software\hkss.exe
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\WINNT\loadqm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\{231318E9-01F1-1033-1117-000011070001}\Update.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MSWin.exe
C:\WINNT\TEMP\winC.tmp.exe
C:\Program Files\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
F3 - REG:win.ini: load=,
F3 - REG:win.ini: run=,
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\SYSTEM32\msdxm.ocx (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\HotKey Software\hkss.exe
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [twn] C:\WINNT\twn.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [3508b015.exe] C:\WINNT\System32\3508b015.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [EmpireEarthIISetup.exe] C:\DOWNLO~1\EMPIRE~1.EXE /r
O4 - HKCU\..\Run: [AutoSpell] C:\Program Files\Autospell60\autospel.exe
O4 - HKCU\..\Run: [3508b015.exe] C:\Documents and Settings\Mason\Local Settings\Application Data\3508b015.exe
O4 - Global Startup: MSWin.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\DOCUME~1\Mason\Desktop\MASONS~1\OFFICE~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: spellchecker - C:\Program Files\Autospell60\IEspellchecker.htm
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://goalscorer.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155270726395
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2evxx.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~3\hibserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
Click "Open the Misc Tools Section"
Click "Open Uninstall Manager"
Then Click "Save List"
And Paste the List Here.
EDIT: here's link to thread if anyone needs it or for easy access http://www.short-media.com/forum/showthread.php?t=49231