HELP HJT log

[HELP_ME]

This is my HJT log, any help would be great = D

Logfile of HijackThis v1.99.1
Scan saved at 10:05:52 AM, on 9/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Updater.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Matthew April\My Documents\My Received Files\anti-spy\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hpB3EE.tmp (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: BigMeanGorilla.MadAsHell - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - C:\WINDOWS\system32\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll (file missing)
O3 - Toolbar: Search - {215303D2-42B9-A7EC-7414-5630B3DD8F1A} - C:\WINDOWS\Cagxrcfg.dll (file missing)
O3 - Toolbar: (no name) - {00000000-0000-0000-0000-000000000001} - (no file)
O4 - HKLM\..\Run: [Zfkj] C:\WINDOWS\xfqub.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [lfsqbiqafb] C:\WINDOWS\System32\wqupxsmg.exe
O4 - HKLM\..\Run: [kjefel] C:\WINDOWS\kjefel.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [inhttpw] C:\WINDOWS\System32\inhttpw.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [bO²
ùð[×y-¯Œ] C:\WINDOWS\xfqub.exe
O4 - HKLM\..\Run: [bO²
ùðZ×y-¯Œ] C:\WINDOWS\xfqub.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [wshatm] "C:\WINDOWS\system32\wshatm.exe"
O4 - HKCU\..\Run: [wmpencen] "C:\WINDOWS\system32\wmpencen.exe"
O4 - HKCU\..\Run: [wlnotify] "C:\WINDOWS\system32\wlnotify.exe"
O4 - HKCU\..\Run: [vxblock] "C:\WINDOWS\system32\vxblock.exe"
O4 - HKCU\..\Run: [version] C:\WINDOWS\System32\version.exe
O4 - HKCU\..\Run: [SpyTrooper]
O4 - HKCU\..\Run: [shfolder] "C:\WINDOWS\system32\shfolder.exe"
O4 - HKCU\..\Run: [shell32] "C:\WINDOWS\system32\shell32.exe"
O4 - HKCU\..\Run: [shdocvw] "C:\WINDOWS\system32\shdocvw.exe"
O4 - HKCU\..\Run: [s3gnb] "C:\WINDOWS\system32\s3gnb.exe"
O4 - HKCU\..\Run: [raschap] "C:\Documents and Settings\Matthew April\raschap.exe"
O4 - HKCU\..\Run: [netcfgx] "C:\WINDOWS\system32\netcfgx.exe"
O4 - HKCU\..\Run: [netapi] "C:\WINDOWS\system32\netapi.exe"
O4 - HKCU\..\Run: [msxbde40] "C:\WINDOWS\system32\msxbde40.exe"
O4 - HKCU\..\Run: [kbduzb] "C:\WINDOWS\system32\kbduzb.exe"
O4 - HKCU\..\Run: [kbdus] "C:\WINDOWS\system32\kbdus.exe"
O4 - HKCU\..\Run: [kbdinbe1] "C:\WINDOWS\system32\kbdinbe1.exe"
O4 - HKCU\..\Run: [kbdhe] "C:\WINDOWS\system32\kbdhe.exe"
O4 - HKCU\..\Run: [jgmd400] "C:\WINDOWS\system32\jgmd400.exe"
O4 - HKCU\..\Run: [ir41_qcx] "C:\WINDOWS\system32\ir41_qcx.exe"
O4 - HKCU\..\Run: [infosoft] "C:\WINDOWS\system32\infosoft.exe"
O4 - HKCU\..\Run: [inetclnt] "C:\WINDOWS\system32\inetclnt.exe"
O4 - HKCU\..\Run: [hsfcisp2] "C:\WINDOWS\system32\hsfcisp2.exe"
O4 - HKCU\..\Run: [fkfw] C:\PROGRA~1\COMMON~1\fkfw\fkfwm.exe
O4 - HKCU\..\Run: [eventcls] "C:\WINDOWS\system32\eventcls.exe"
O4 - HKCU\..\Run: [dmband] "C:\WINDOWS\system32\dmband.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cscui] "C:\Documents and Settings\Matthew April\cscui.exe"
O4 - HKCU\..\Run: [iprtcnst] "C:\WINDOWS\system32\iprtcnst.exe"
O4 - HKCU\..\Run: [atiicdxx] "C:\WINDOWS\system32\atiicdxx.exe"
O4 - HKCU\..\Run: [rmoc3260] "C:\WINDOWS\system32\rmoc3260.exe"
O4 - HKCU\..\Run: [getuname] "C:\WINDOWS\system32\getuname.exe"
O4 - HKCU\..\Run: [vdmdbg] "C:\WINDOWS\system32\vdmdbg.exe"
O4 - HKCU\..\Run: [resutils] "C:\WINDOWS\system32\resutils.exe"
O4 - HKCU\..\Run: [lftif11n] "C:\WINDOWS\system32\lftif11n.exe"
O4 - HKCU\..\Run: [uniplat] "C:\WINDOWS\system32\uniplat.exe"
O4 - HKCU\..\Run: [msr2cenu] "C:\WINDOWS\system32\msr2cenu.exe"
O4 - HKCU\..\Run: [mmcbase] "C:\WINDOWS\system32\mmcbase.exe"
O4 - HKCU\..\Run: [msorc32r] "C:\WINDOWS\system32\msorc32r.exe"
O4 - HKCU\..\Run: [wmiprop] "C:\WINDOWS\system32\wmiprop.exe"
O4 - HKCU\..\Run: [dmscript] "C:\WINDOWS\system32\dmscript.exe"
O4 - HKCU\..\Run: [wmerror] "C:\WINDOWS\system32\wmerror.exe"
O4 - HKCU\..\Run: [qasf] "C:\WINDOWS\system32\qasf.exe"
O4 - HKCU\..\Run: [6to4svc] "C:\WINDOWS\system32\6to4svc.exe"
O4 - HKCU\..\Run: [dpwsock] "C:\WINDOWS\system32\dpwsock.exe"
O4 - HKCU\..\Run: [kbdir] "C:\WINDOWS\system32\kbdir.exe"
O4 - HKCU\..\Run: [mmutilse] "C:\WINDOWS\system32\mmutilse.exe"
O4 - HKCU\..\Run: [pjlmon] "C:\WINDOWS\system32\pjlmon.exe"
O4 - HKCU\..\Run: [crypt32] "C:\WINDOWS\system32\crypt32.exe"
O4 - HKCU\..\Run: [dispex] "C:\WINDOWS\system32\dispex.exe"
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {563EC66E-5A1B-51D2-1DB0-5080C83DA4EB} - ms-its:mhtml:file://C:ie.mht!http://69.50.164.12/exp/mht/sext02.chm::/MegaInstaller.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\pychdprf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

 

[edifier]

This is one of the worst logs i've seen and will take many rounds of cleaning. Are you prepared for that?.

 

[HELP_ME]

i guess hahaha, i know its bad

 

[HELP_ME]

i will post a new log shortly i have changed somethings since then.

 

[HELP_ME]

Logfile of HijackThis v1.99.1
Scan saved at 1:25:18 PM, on 9/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Updater.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Matthew April\My Documents\My Received Files\anti-spy\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.computerforum.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hpB3EE.tmp (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: BigMeanGorilla.MadAsHell - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - C:\WINDOWS\system32\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll (file missing)
O3 - Toolbar: Search - {215303D2-42B9-A7EC-7414-5630B3DD8F1A} - C:\WINDOWS\Cagxrcfg.dll (file missing)
O3 - Toolbar: (no name) - {00000000-0000-0000-0000-000000000001} - (no file)
O4 - HKLM\..\Run: [Zfkj] C:\WINDOWS\xfqub.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [lfsqbiqafb] C:\WINDOWS\System32\wqupxsmg.exe
O4 - HKLM\..\Run: [kjefel] C:\WINDOWS\kjefel.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [inhttpw] C:\WINDOWS\System32\inhttpw.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [bO²
ùð[×y-¯Œ] C:\WINDOWS\xfqub.exe
O4 - HKLM\..\Run: [bO²
ùðZ×y-¯Œ] C:\WINDOWS\xfqub.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [wshatm] "C:\WINDOWS\system32\wshatm.exe"
O4 - HKCU\..\Run: [wmpencen] "C:\WINDOWS\system32\wmpencen.exe"
O4 - HKCU\..\Run: [wlnotify] "C:\WINDOWS\system32\wlnotify.exe"
O4 - HKCU\..\Run: [vxblock] "C:\WINDOWS\system32\vxblock.exe"
O4 - HKCU\..\Run: [version] C:\WINDOWS\System32\version.exe
O4 - HKCU\..\Run: [SpyTrooper]
O4 - HKCU\..\Run: [shfolder] "C:\WINDOWS\system32\shfolder.exe"
O4 - HKCU\..\Run: [shell32] "C:\WINDOWS\system32\shell32.exe"
O4 - HKCU\..\Run: [shdocvw] "C:\WINDOWS\system32\shdocvw.exe"
O4 - HKCU\..\Run: [s3gnb] "C:\WINDOWS\system32\s3gnb.exe"
O4 - HKCU\..\Run: [raschap] "C:\Documents and Settings\Matthew April\raschap.exe"
O4 - HKCU\..\Run: [netcfgx] "C:\WINDOWS\system32\netcfgx.exe"
O4 - HKCU\..\Run: [netapi] "C:\WINDOWS\system32\netapi.exe"
O4 - HKCU\..\Run: [msxbde40] "C:\WINDOWS\system32\msxbde40.exe"
O4 - HKCU\..\Run: [kbduzb] "C:\WINDOWS\system32\kbduzb.exe"
O4 - HKCU\..\Run: [kbdus] "C:\WINDOWS\system32\kbdus.exe"
O4 - HKCU\..\Run: [kbdinbe1] "C:\WINDOWS\system32\kbdinbe1.exe"
O4 - HKCU\..\Run: [kbdhe] "C:\WINDOWS\system32\kbdhe.exe"
O4 - HKCU\..\Run: [jgmd400] "C:\WINDOWS\system32\jgmd400.exe"
O4 - HKCU\..\Run: [ir41_qcx] "C:\WINDOWS\system32\ir41_qcx.exe"
O4 - HKCU\..\Run: [infosoft] "C:\WINDOWS\system32\infosoft.exe"
O4 - HKCU\..\Run: [inetclnt] "C:\WINDOWS\system32\inetclnt.exe"
O4 - HKCU\..\Run: [hsfcisp2] "C:\WINDOWS\system32\hsfcisp2.exe"
O4 - HKCU\..\Run: [fkfw] C:\PROGRA~1\COMMON~1\fkfw\fkfwm.exe
O4 - HKCU\..\Run: [eventcls] "C:\WINDOWS\system32\eventcls.exe"
O4 - HKCU\..\Run: [dmband] "C:\WINDOWS\system32\dmband.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cscui] "C:\Documents and Settings\Matthew April\cscui.exe"
O4 - HKCU\..\Run: [iprtcnst] "C:\WINDOWS\system32\iprtcnst.exe"
O4 - HKCU\..\Run: [atiicdxx] "C:\WINDOWS\system32\atiicdxx.exe"
O4 - HKCU\..\Run: [rmoc3260] "C:\WINDOWS\system32\rmoc3260.exe"
O4 - HKCU\..\Run: [getuname] "C:\WINDOWS\system32\getuname.exe"
O4 - HKCU\..\Run: [vdmdbg] "C:\WINDOWS\system32\vdmdbg.exe"
O4 - HKCU\..\Run: [resutils] "C:\WINDOWS\system32\resutils.exe"
O4 - HKCU\..\Run: [lftif11n] "C:\WINDOWS\system32\lftif11n.exe"
O4 - HKCU\..\Run: [uniplat] "C:\WINDOWS\system32\uniplat.exe"
O4 - HKCU\..\Run: [msr2cenu] "C:\WINDOWS\system32\msr2cenu.exe"
O4 - HKCU\..\Run: [mmcbase] "C:\WINDOWS\system32\mmcbase.exe"
O4 - HKCU\..\Run: [msorc32r] "C:\WINDOWS\system32\msorc32r.exe"
O4 - HKCU\..\Run: [wmiprop] "C:\WINDOWS\system32\wmiprop.exe"
O4 - HKCU\..\Run: [dmscript] "C:\WINDOWS\system32\dmscript.exe"
O4 - HKCU\..\Run: [wmerror] "C:\WINDOWS\system32\wmerror.exe"
O4 - HKCU\..\Run: [qasf] "C:\WINDOWS\system32\qasf.exe"
O4 - HKCU\..\Run: [6to4svc] "C:\WINDOWS\system32\6to4svc.exe"
O4 - HKCU\..\Run: [dpwsock] "C:\WINDOWS\system32\dpwsock.exe"
O4 - HKCU\..\Run: [kbdir] "C:\WINDOWS\system32\kbdir.exe"
O4 - HKCU\..\Run: [mmutilse] "C:\WINDOWS\system32\mmutilse.exe"
O4 - HKCU\..\Run: [pjlmon] "C:\WINDOWS\system32\pjlmon.exe"
O4 - HKCU\..\Run: [crypt32] "C:\WINDOWS\system32\crypt32.exe"
O4 - HKCU\..\Run: [dispex] "C:\WINDOWS\system32\dispex.exe"
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {563EC66E-5A1B-51D2-1DB0-5080C83DA4EB} - ms-its:mhtml:file://C:ie.mht!http://69.50.164.12/exp/mht/sext02.chm::/MegaInstaller.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\pychdprf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

 

[edifier]

First things first. You have 2 antiviruses running. Get rid of one of them. We'll go straight to cleaning and use HJT later.

Download Ewido http://www.ewido.net/en/download/ then set it up this way http://rstones12.geekstogo.com/ewidosetup.htm You will need this later in safe mode
Make sure to update this program.

Next, download, install and update 'A-squared' here http://www.emsisoft.com/en/software/free/

Download, install and update this excellent freebie- Superantispyware here http://www.superantispyware.com/download.html

Download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ You will need it later in safe mode.

Reboot your computer in Safe Mode by doing the following.

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Very Important:
Make sure all security programs- Your antivirus, Spybot, etc are DISABLED until they are needed. They will interfere with the cleaning process.

Begin running your scans in this order.

Ewido
A-squared
Superantispyware

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Reboot into normal windows, run ATF cleaner, empty the recycle bin and proceed here and run this free online scan from 'Panda' http://www.pandasoftware.com/products/activescan.htm Save the scan log and post it here along with a new HJT log after the Panda scan.

 

[HELP_ME]

Incident Status Location

Adware:adware/kingporn Not disinfected c:\windows\system32\COMMCOSS.DLL
Adware:adware/ilookup Not disinfected c:\windows\system32\mac02.ico
Adware:adware/keenvalue Not disinfected c:\windows\system32\setup_incred_4.exe
Adware:adware/clickalchemy Not disinfected c:\windows\inf\alchem.inf
Adware:adware/twain-tech Not disinfected c:\windows\inf\twaintec.inf
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Matthew April\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/ieplugin Not disinfected c:\windows\kwv2.dat
Dialer:dialer.bny Not disinfected c:\windows\pcconfig.dat
Adware:adware/bookedspace Not disinfected c:\windows\cfgmgr52.ini
Adware:adware/isearch Not disinfected c:\windows\deskbar.ini
Adware:adware/beginto Not disinfected c:\windows\system32\cache32_dsktptr
Adware:adware/transponder Not disinfected c:\windows\inst
Adware:adware/navipromo Not disinfected Windows Registry
Adware:adware/megasearch Not disinfected Windows Registry
Spyware:spyware/clipgenie Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/toolbarshopper Not disinfected Windows Registry
Adware:adware/favoriteman Not disinfected Windows Registry
Adware:adware/spytrooper Not disinfected Windows Registry
Adware:adware/searchexe Not disinfected Windows Registry
Adware:adware/topmoxie Not disinfected Windows Registry
Adware:Adware/Alexa-Toolbar Not disinfected C:\WINDOWS\system32\SSS1.exe
Adware:Adware/Beginto Not disinfected C:\WINDOWS\system32\desktrf.exe[winbbb.dat]
Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\system32\InstallerV23.exe[ExtractDLL.dll]
Adware:Adware/Beginto Not disinfected C:\WINDOWS\system32\desktrf-cat_b2s.exe[winbbb.dat]
Spyware:Spyware/7r7t Not disinfected C:\Documents and Settings\Tim April\Local Settings\Temporary Internet Files\Content.IE5\41IHIFKN\cmmanupd[1].exe
Spyware:Spyware/7r7t Not disinfected C:\Documents and Settings\Tim April\Local Settings\Temporary Internet Files\Content.IE5\S16FWXMN\minisetup2[1].exe
Spyware:Spyware/7r7t Not disinfected C:\Documents and Settings\Tim April\Local Settings\Temporary Internet Files\Content.IE5\S16FWXMN\Tspd[1].exe
Spyware:Spyware/7r7t Not disinfected C:\Documents and Settings\Tim April\Local Settings\Temporary Internet Files\Content.IE5\S16FWXMN\Tspd[2].exe
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Tim April\Cookies\tim april@tickle[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Tim April\Cookies\tim [email protected][1].txt
Spyware:Cookie/TopRebates.com Not disinfected C:\Documents and Settings\Tim April\Cookies\tim [email protected][2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Tim April\Cookies\tim april@888[4].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Tim April\Cookies\tim april@spywarestormer[1].txt
Spyware:Cookie/Abcsearch Not disinfected C:\Documents and Settings\Tim April\Cookies\tim april@abcsearch[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Tim April\Cookies\tim april@888[2].txt
Spyware:Cookie/Centralmedia Not disinfected C:\Documents and Settings\Tim April\Cookies\tim april@centralmedia[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Tim April\Cookies\tim [email protected][1].txt
Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\Tim April\Cookies\tim april@mysearch[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Tim April\Cookies\tim april@888[1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Tim April\Cookies\tim [email protected][3].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Tim April\Cookies\tim april@888[3].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Tim April\Cookies\tim april@com[1].txt
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Documents and Settings\Matthew April\My Documents\My Music\my music\unknown + random\bdcore.dll.updpnd
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Documents and Settings\Matthew April\My Documents\My Music\my music\unknown + random\bdcore.dll
Adware:Adware/TVMedia Not disinfected C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\U20D.tmp
Adware:Adware/Beginto Not disinfected C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\WIN218.tmp
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\twaintec.inf
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV176.tmp[cxtpls_loader.exe]
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV177.tmp[cxtpls_loader.exe]
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV178.tmp[cxtpls_loader.exe]
Spyware:Spyware/7r7t Not disinfected C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV5.tmp
Spyware:Spyware/7r7t Not disinfected C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV6.tmp
Spyware:Spyware/7r7t Not disinfected C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV7.tmp
Spyware:Spyware/7r7t Not disinfected C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV8.tmp
Spyware:Spyware/7r7t Not disinfected C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV9.tmp
Spyware:Spyware/7r7t Not disinfected C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV45.tmp

 

[HELP_ME]

Logfile of HijackThis v1.99.1
Scan saved at 7:47:22 PM, on 9/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Updater.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Matthew April\My Documents\My Received Files\anti-spy\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.computerforum.com/58191-help-hjt-log.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll (file missing)
O3 - Toolbar: Search - {215303D2-42B9-A7EC-7414-5630B3DD8F1A} - C:\WINDOWS\Cagxrcfg.dll (file missing)
O4 - HKLM\..\Run: [Zfkj] C:\WINDOWS\xfqub.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [lfsqbiqafb] C:\WINDOWS\System32\wqupxsmg.exe
O4 - HKLM\..\Run: [kjefel] C:\WINDOWS\kjefel.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [inhttpw] C:\WINDOWS\System32\inhttpw.exe
O4 - HKLM\..\Run: [bO²
ùð[×y-¯Œ] C:\WINDOWS\xfqub.exe
O4 - HKLM\..\Run: [bO²
ùðZ×y-¯Œ] C:\WINDOWS\xfqub.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [wshatm] "C:\WINDOWS\system32\wshatm.exe"
O4 - HKCU\..\Run: [wlnotify] "C:\WINDOWS\system32\wlnotify.exe"
O4 - HKCU\..\Run: [vxblock] "C:\WINDOWS\system32\vxblock.exe"
O4 - HKCU\..\Run: [version] C:\WINDOWS\System32\version.exe
O4 - HKCU\..\Run: [SpyTrooper]
O4 - HKCU\..\Run: [shfolder] "C:\WINDOWS\system32\shfolder.exe"
O4 - HKCU\..\Run: [s3gnb] "C:\WINDOWS\system32\s3gnb.exe"
O4 - HKCU\..\Run: [raschap] "C:\Documents and Settings\Matthew April\raschap.exe"
O4 - HKCU\..\Run: [netcfgx] "C:\WINDOWS\system32\netcfgx.exe"
O4 - HKCU\..\Run: [netapi] "C:\WINDOWS\system32\netapi.exe"
O4 - HKCU\..\Run: [kbduzb] "C:\WINDOWS\system32\kbduzb.exe"
O4 - HKCU\..\Run: [kbdus] "C:\WINDOWS\system32\kbdus.exe"
O4 - HKCU\..\Run: [kbdinbe1] "C:\WINDOWS\system32\kbdinbe1.exe"
O4 - HKCU\..\Run: [kbdhe] "C:\WINDOWS\system32\kbdhe.exe"
O4 - HKCU\..\Run: [jgmd400] "C:\WINDOWS\system32\jgmd400.exe"
O4 - HKCU\..\Run: [ir41_qcx] "C:\WINDOWS\system32\ir41_qcx.exe"
O4 - HKCU\..\Run: [infosoft] "C:\WINDOWS\system32\infosoft.exe"
O4 - HKCU\..\Run: [inetclnt] "C:\WINDOWS\system32\inetclnt.exe"
O4 - HKCU\..\Run: [hsfcisp2] "C:\WINDOWS\system32\hsfcisp2.exe"
O4 - HKCU\..\Run: [fkfw] C:\PROGRA~1\COMMON~1\fkfw\fkfwm.exe
O4 - HKCU\..\Run: [eventcls] "C:\WINDOWS\system32\eventcls.exe"
O4 - HKCU\..\Run: [dmband] "C:\WINDOWS\system32\dmband.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cscui] "C:\Documents and Settings\Matthew April\cscui.exe"
O4 - HKCU\..\Run: [iprtcnst] "C:\WINDOWS\system32\iprtcnst.exe"
O4 - HKCU\..\Run: [atiicdxx] "C:\WINDOWS\system32\atiicdxx.exe"
O4 - HKCU\..\Run: [rmoc3260] "C:\WINDOWS\system32\rmoc3260.exe"
O4 - HKCU\..\Run: [getuname] "C:\WINDOWS\system32\getuname.exe"
O4 - HKCU\..\Run: [vdmdbg] "C:\WINDOWS\system32\vdmdbg.exe"
O4 - HKCU\..\Run: [resutils] "C:\WINDOWS\system32\resutils.exe"
O4 - HKCU\..\Run: [lftif11n] "C:\WINDOWS\system32\lftif11n.exe"
O4 - HKCU\..\Run: [uniplat] "C:\WINDOWS\system32\uniplat.exe"
O4 - HKCU\..\Run: [msr2cenu] "C:\WINDOWS\system32\msr2cenu.exe"
O4 - HKCU\..\Run: [mmcbase] "C:\WINDOWS\system32\mmcbase.exe"
O4 - HKCU\..\Run: [msorc32r] "C:\WINDOWS\system32\msorc32r.exe"
O4 - HKCU\..\Run: [wmiprop] "C:\WINDOWS\system32\wmiprop.exe"
O4 - HKCU\..\Run: [dmscript] "C:\WINDOWS\system32\dmscript.exe"
O4 - HKCU\..\Run: [wmerror] "C:\WINDOWS\system32\wmerror.exe"
O4 - HKCU\..\Run: [qasf] "C:\WINDOWS\system32\qasf.exe"
O4 - HKCU\..\Run: [6to4svc] "C:\WINDOWS\system32\6to4svc.exe"
O4 - HKCU\..\Run: [dpwsock] "C:\WINDOWS\system32\dpwsock.exe"
O4 - HKCU\..\Run: [kbdir] "C:\WINDOWS\system32\kbdir.exe"
O4 - HKCU\..\Run: [pjlmon] "C:\WINDOWS\system32\pjlmon.exe"
O4 - HKCU\..\Run: [dispex] "C:\WINDOWS\system32\dispex.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {563EC66E-5A1B-51D2-1DB0-5080C83DA4EB} - ms-its:mhtml:file://C:ie.mht!http://69.50.164.12/exp/mht/sext02.chm::/MegaInstaller.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\pychdprf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

 

[edifier]

Run hijack this, click the "open misc. tool section" button, click "open uninstall manager>click save list,yes to the prompts, notepad will open with your add/remove programs list.Post that list here.

 

[HELP_ME]

Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
ArcSoft PhotoImpression 3.0
a-squared Free 2.0
ATI Display Driver
Audacity 1.2.4
AVG Free Edition
Canon Digital Camera USB WIA Driver
Canon PhotoRecord
Canon Utilities PhotoStitch 3.1
Canon Utilities RAW Image Converter
Canon Utilities RemoteCapture 2.1
Canon Utilities ZoomBrowser EX
Digidesign Pro Tools® FREE
Digimax 202
Digimax Viewer 2.0
Easy CD Creator 5 Basic
ewido anti-spyware 4.0
Guitar Pro 4.0
Guitar Pro 5.0
Guitar-Online Tools - Metronome, version 2.0
HijackThis 1.99.1
HP OfficeJet G Series
HydraVision
Intel Application Accelerator
iriver Music Manager
iRiver Updater
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Kazaa Lite K++ v2.4.3
Koolbar.net - Toolbar
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Picture It! Photo 7.0
Microsoft PowerPoint Viewer 97
Microsoft Streets and Trips 2002
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft XML Parser and SDK
MSN Messenger 7.5
My DSC
MyDSC_CIF
OpenMG Secure Module 4.1.00
Panda ActiveScan
PartyPoker
PowerDVD
Quicken XG
QuickTax 2002 Standard
QuickTime
RealPlayer Basic
Rogers Self Healing (remove only)
Rogers Self Healing (remove only)
Rogers Update Manager (remove only)
Rogers Yahoo! Applications
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Shockwave
Skype 2.5
SoundMAX
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
Sysnet
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Manager (Remove Only)
Viewpoint Media Player (Remove Only)
WG121 Smart Wizard
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows VisFx Components
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2

 

[edifier]

Go to ADD/REMOVE Programs and get rid of the following.

Koolbar.net - Toolbar
PartyPoker (if you don't use)
Sysnet
Viewpoint Manager (Remove Only)
Viewpoint Media Player (Remove Only)
Windows VisFx Components

Reboot and navigate to C/Program Files and remove any of these folders if still present.

Run ATF cleaner (select all)

Next go here http://forums.majorgeeks.com/showthread.php?t=74265 and follow these removal instructions. It must be run from safemode.Once completed, return to (safemode with networking) and run this online scan here http://www.trendmicro.com/spyware-scan/ .Once finished, reboot into normal windows and post a fresh 'HJT' log.

 

[HELP_ME]

alright i got rid of all except for koolbar.net - toolbar because it doesnt let me remove, nothing happens when i try and remove. that is why i still have it there.

 

[edifier]

Just follow the rest of the instructions and if still present, we'll get rid of it manually.

 

[HELP_ME]

Logfile of HijackThis v1.99.1
Scan saved at 11:24:07 AM, on 9/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Updater.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\Documents and Settings\Matthew April\My Documents\My Received Files\anti-spy\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll (file missing)
O3 - Toolbar: Search - {215303D2-42B9-A7EC-7414-5630B3DD8F1A} - C:\WINDOWS\Cagxrcfg.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [lfsqbiqafb] C:\WINDOWS\System32\wqupxsmg.exe
O4 - HKLM\..\Run: [kjefel] C:\WINDOWS\kjefel.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [inhttpw] C:\WINDOWS\System32\inhttpw.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [wshatm] "C:\WINDOWS\system32\wshatm.exe"
O4 - HKCU\..\Run: [wlnotify] "C:\WINDOWS\system32\wlnotify.exe"
O4 - HKCU\..\Run: [vxblock] "C:\WINDOWS\system32\vxblock.exe"
O4 - HKCU\..\Run: [version] C:\WINDOWS\System32\version.exe
O4 - HKCU\..\Run: [shfolder] "C:\WINDOWS\system32\shfolder.exe"
O4 - HKCU\..\Run: [s3gnb] "C:\WINDOWS\system32\s3gnb.exe"
O4 - HKCU\..\Run: [raschap] "C:\Documents and Settings\Matthew April\raschap.exe"
O4 - HKCU\..\Run: [netcfgx] "C:\WINDOWS\system32\netcfgx.exe"
O4 - HKCU\..\Run: [netapi] "C:\WINDOWS\system32\netapi.exe"
O4 - HKCU\..\Run: [kbduzb] "C:\WINDOWS\system32\kbduzb.exe"
O4 - HKCU\..\Run: [kbdus] "C:\WINDOWS\system32\kbdus.exe"
O4 - HKCU\..\Run: [kbdinbe1] "C:\WINDOWS\system32\kbdinbe1.exe"
O4 - HKCU\..\Run: [kbdhe] "C:\WINDOWS\system32\kbdhe.exe"
O4 - HKCU\..\Run: [jgmd400] "C:\WINDOWS\system32\jgmd400.exe"
O4 - HKCU\..\Run: [ir41_qcx] "C:\WINDOWS\system32\ir41_qcx.exe"
O4 - HKCU\..\Run: [infosoft] "C:\WINDOWS\system32\infosoft.exe"
O4 - HKCU\..\Run: [inetclnt] "C:\WINDOWS\system32\inetclnt.exe"
O4 - HKCU\..\Run: [hsfcisp2] "C:\WINDOWS\system32\hsfcisp2.exe"
O4 - HKCU\..\Run: [fkfw] C:\PROGRA~1\COMMON~1\fkfw\fkfwm.exe
O4 - HKCU\..\Run: [eventcls] "C:\WINDOWS\system32\eventcls.exe"
O4 - HKCU\..\Run: [dmband] "C:\WINDOWS\system32\dmband.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cscui] "C:\Documents and Settings\Matthew April\cscui.exe"
O4 - HKCU\..\Run: [iprtcnst] "C:\WINDOWS\system32\iprtcnst.exe"
O4 - HKCU\..\Run: [atiicdxx] "C:\WINDOWS\system32\atiicdxx.exe"
O4 - HKCU\..\Run: [rmoc3260] "C:\WINDOWS\system32\rmoc3260.exe"
O4 - HKCU\..\Run: [getuname] "C:\WINDOWS\system32\getuname.exe"
O4 - HKCU\..\Run: [vdmdbg] "C:\WINDOWS\system32\vdmdbg.exe"
O4 - HKCU\..\Run: [resutils] "C:\WINDOWS\system32\resutils.exe"
O4 - HKCU\..\Run: [lftif11n] "C:\WINDOWS\system32\lftif11n.exe"
O4 - HKCU\..\Run: [uniplat] "C:\WINDOWS\system32\uniplat.exe"
O4 - HKCU\..\Run: [msr2cenu] "C:\WINDOWS\system32\msr2cenu.exe"
O4 - HKCU\..\Run: [mmcbase] "C:\WINDOWS\system32\mmcbase.exe"
O4 - HKCU\..\Run: [msorc32r] "C:\WINDOWS\system32\msorc32r.exe"
O4 - HKCU\..\Run: [wmiprop] "C:\WINDOWS\system32\wmiprop.exe"
O4 - HKCU\..\Run: [dmscript] "C:\WINDOWS\system32\dmscript.exe"
O4 - HKCU\..\Run: [wmerror] "C:\WINDOWS\system32\wmerror.exe"
O4 - HKCU\..\Run: [qasf] "C:\WINDOWS\system32\qasf.exe"
O4 - HKCU\..\Run: [6to4svc] "C:\WINDOWS\system32\6to4svc.exe"
O4 - HKCU\..\Run: [dpwsock] "C:\WINDOWS\system32\dpwsock.exe"
O4 - HKCU\..\Run: [kbdir] "C:\WINDOWS\system32\kbdir.exe"
O4 - HKCU\..\Run: [pjlmon] "C:\WINDOWS\system32\pjlmon.exe"
O4 - HKCU\..\Run: [dispex] "C:\WINDOWS\system32\dispex.exe"
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {563EC66E-5A1B-51D2-1DB0-5080C83DA4EB} - ms-its:mhtml:file://C:ie.mht!http://69.50.164.12/exp/mht/sext02.chm::/MegaInstaller.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\pychdprf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

 

[edifier]

Okay. Still a mess. Lets try a few specialty tools.

Download VundoFix.exe- http://www.atribune.org/ccount/click.php?id=4 to your desktop.

Double-click VundoFix.exe to run it.
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.

A log called vundofix.txt will be created in your C:\ directory. Please post that log.

 

[HELP_ME]

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 12:34:49 PM 9/23/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...

 

[edifier]

Next One.

Download SmitFraudFix from this link http://siri.urz.free.fr/Fix/SmitfraudFix.zip Then extract the contents to your desktop.

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Post that log.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Do not run any other options as they will damage your desktop if run on an uninfected computer.

 

[HELP_ME]

you already had me fix this... it was one of the fixes under SmitRem and nothing was detected so.... do you still want me to do it?

 

[edifier]

Sorry for that. Very busy this morning and this thread has spanned quite a few days. I want you to do the following dianogstic scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html
Click Accept
When the updates are finished downloading, click Next, Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop. Post a copy of it here.

 

[HELP_ME]

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, September 23, 2006 4:27:48 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/09/2006
Kaspersky Anti-Virus database records: 225954
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 123778
Number of viruses found: 43
Number of infected objects: 137 / 0
Number of suspicious objects: 2
Duration of the scan process: 01:09:31

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\SSS1.exe/AlxRes.dll Infected: not-a-virus:AdWare.Win32.AlexaBar.a skipped
C:\WINDOWS\system32\SSS1.exe InstallCreator: infected - 1 skipped
C:\WINDOWS\system32\SSS1.exe UPX: infected - 1 skipped
C:\WINDOWS\system32\desktrf.exe/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.b skipped
C:\WINDOWS\system32\desktrf.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\lvvkammr.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINDOWS\system32\8jqs4hc1.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{AD3F4645-B27F-42A8-A057-D1B9DBF561F4}.bin Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Megasearch.zip/MegasearchBarSetup.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Megasearch.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tim April\Local Settings\Temporary Internet Files\Content.IE5\S16FWXMN\minisetup2[1].exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
C:\Documents and Settings\Tim April\Local Settings\Temporary Internet Files\Content.IE5\S16FWXMN\minisetup2[1].exe NSIS: infected - 1 skipped
C:\Documents and Settings\Matthew April\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Matthew April\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Matthew April\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matthew April\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matthew April\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Matthew April\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Matthew April\Local Settings\Temp\~DF2BD5.tmp Object is locked skipped
C:\Documents and Settings\Matthew April\My Documents\Downloads\Half-LIfe_PLUS_CS1.5_PLus\Half-Life.zip/Half-Life/hltv.exe Infected: not-a-virus:Server-Proxy.Win32.Hltv skipped
C:\Documents and Settings\Matthew April\My Documents\Downloads\Half-LIfe_PLUS_CS1.5_PLus\Half-Life.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Matthew April\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\Tspd[1].exe.bac_a00168/data0002 Infected: not-a-virus:AdWare.Win32.Agent.e skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\Tspd[1].exe.bac_a00168 NSIS: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\Tspd[1].exe.bac_a00168 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\Tspd[2].exe.bac_a00168/data0002 Infected: not-a-virus:AdWare.Win32.Agent.e skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\Tspd[2].exe.bac_a00168 NSIS: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\Tspd[2].exe.bac_a00168 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0016135.exe.bac_a00168 Infected: Trojan-Dropper.Win32.Agent.tb skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017414.exe.bac_a00168/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017414.exe.bac_a00168/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017414.exe.bac_a00168/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017414.exe.bac_a00168/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017414.exe.bac_a00168/data0008 Infected: Trojan-Downloader.Win32.Keenval.e skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017414.exe.bac_a00168/data0009 Infected: Trojan-Downloader.Win32.Keenval.e skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017414.exe.bac_a00168 NSIS: infected - 6 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017414.exe.bac_a00168 CryptFF.b: infected - 6 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017448.dll.bac_a00168 Infected: not-a-virus:AdWare.Win32.Beginto.b skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0014018.exe.bac_a00168/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0014018.exe.bac_a00168/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0014018.exe.bac_a00168/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0014018.exe.bac_a00168/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.az skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0014018.exe.bac_a00168/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.az skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0014018.exe.bac_a00168 CAB: infected - 5 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0014018.exe.bac_a00168 CryptFF.b: infected - 5 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017451.dll.bac_a00168 Infected: not-a-virus:AdWare.Win32.Sahat.g skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017415.exe.bac_a00168/data0003/data0001 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017415.exe.bac_a00168/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017415.exe.bac_a00168/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.b skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017415.exe.bac_a00168/data0004 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017415.exe.bac_a00168/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.b skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017415.exe.bac_a00168 NSIS: infected - 5 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017415.exe.bac_a00168 CryptFF.b: infected - 5 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\cmmanupd[1].exe.bac_a00168/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.m skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\cmmanupd[1].exe.bac_a00168 NSIS: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\cmmanupd[1].exe.bac_a00168 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017533.exe.bac_a00168/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.m skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017533.exe.bac_a00168 NSIS: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017533.exe.bac_a00168 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017447.exe.bac_a00168/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.a skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017447.exe.bac_a00168/data0003 Infected: not-a-virus:AdWare.Win32.Beginto.a skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017447.exe.bac_a00168 NSIS: infected - 2 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017447.exe.bac_a00168 CryptFF.b: infected - 2 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017455.exe.bac_a00168/data0002 Infected: not-a-virus:AdWare.Win32.BookedSpace.c skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017455.exe.bac_a00168 NSIS: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017455.exe.bac_a00168 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017450.dll.bac_a00168 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\setup[1].exe.bac_a00168/stream/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.n skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\setup[1].exe.bac_a00168/stream/data0003 Infected: not-a-virus:AdWare.Win32.CASClient.f skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\setup[1].exe.bac_a00168/stream Infected: not-a-virus:AdWare.Win32.CASClient.f skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\setup[1].exe.bac_a00168 NSIS: infected - 3 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\setup[1].exe.bac_a00168 CryptFF.b: infected - 3 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017468.exe.bac_a00168 Infected: not-a-virus:AdWare.Win32.CASClient.f skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017411.dll.bac_a00168 Infected: Trojan-Dropper.Win32.Small.abe skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017419.dll.bac_a00168 Infected: not-a-virus:AdWare.Win32.HotSearchBar.b skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017413.exe.bac_a00168/data0001 Infected: Trojan-Downloader.NSIS.Agent.a skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017413.exe.bac_a00168 NSIS: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017413.exe.bac_a00168 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\U20D.tmp/InpB/TvmBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.c skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\U20D.tmp/InpB/TvmCore.dll Infected: not-a-virus:AdWare.Win32.TotalVelocity.aa skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\U20D.tmp/InpB/Tvm.exe Infected: not-a-virus:AdWare.Win32.TotalVelocity.aa skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\U20D.tmp/InpB Infected: not-a-virus:AdWare.Win32.TotalVelocity.aa skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\U20D.tmp CAB: infected - 4 skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\WIN218.tmp Infected: not-a-virus:AdWare.Win32.HotSearchBar.b skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV176.tmp/data0003 Infected: Trojan-Downloader.Win32.Apropo.r skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV176.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV177.tmp/data0003 Infected: Trojan-Downloader.Win32.Apropo.r skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV177.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV178.tmp/data0003 Infected: Trojan-Downloader.Win32.Apropo.r skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV178.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV5.tmp/data0003 Infected: Trojan-Downloader.Win32.Agent.oa skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV5.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV6.tmp/data0003 Infected: not-a-virus:AdWare.Win32.Sahat.al skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV6.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV7.tmp/data0003 Infected: Trojan-Downloader.Win32.Agent.oa skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV7.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV8.tmp/data0003 Infected: not-a-virus:AdWare.Win32.Sahat.al skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV8.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV9.tmp/data0003 Infected: Trojan-Downloader.Win32.Agent.oa skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV9.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV45.tmp/data0003 Infected: Trojan-Downloader.Win32.Agent.oa skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV45.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\cpdef2.exe/data0003 Infected: Trojan-Downloader.Win32.Apropo.r skipped
C:\Documents and Settings\Deborah Revtak\cpdef2.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\ridemgInst.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.oa skipped
C:\Documents and Settings\Deborah Revtak\ridemgInst.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\sahInst.exe/data0003 Infected: not-a-virus:AdWare.Win32.Sahat.al skipped
C:\Documents and Settings\Deborah Revtak\sahInst.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Tiffany April\Desktop\cpdef2.exe/data0003 Infected: Trojan-Downloader.Win32.Apropo.r skipped
C:\Documents and Settings\Tiffany April\Desktop\cpdef2.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Tiffany April\cpdef3.exe/data0003 Infected: Trojan-Downloader.Win32.Apropo.ab skipped
C:\Documents and Settings\Tiffany April\cpdef3.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Tiffany April\ridemgInst.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.oa skipped
C:\Documents and Settings\Tiffany April\ridemgInst.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Tiffany April\sahInst.exe/data0003 Infected: not-a-virus:AdWare.Win32.Sahat.al skipped
C:\Documents and Settings\Tiffany April\sahInst.exe NSIS: infected - 1 skipped
C:\Program Files\a-squared Free\Quarantine\4af56e3cce8a9dafdced624efd46a550.a2q/WINDOWS/inst/3p_2.exe/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\a-squared Free\Quarantine\4af56e3cce8a9dafdced624efd46a550.a2q/WINDOWS/inst/3p_2.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\a-squared Free\Quarantine\4af56e3cce8a9dafdced624efd46a550.a2q/WINDOWS/inst/3p_2.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\a-squared Free\Quarantine\4af56e3cce8a9dafdced624efd46a550.a2q ZIP: infected - 3 skipped
C:\Program Files\a-squared Free\Quarantine\f8fdc8b497924ff43800ef040335728b.a2q/WINDOWS/system32/MegasearchBarSetup.dll Infected: not-a-virus:AdWare.Win32.F1Organizer.n skipped
C:\Program Files\a-squared Free\Quarantine\f8fdc8b497924ff43800ef040335728b.a2q ZIP: infected - 1 skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP74\A0015903.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP74\A0015905.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP74\A0015918.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.35684 skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP77\A0016124.exe Object is locked skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP77\A0016128.exe Object is locked skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP77\A0016133.dll Object is locked skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP77\A0016139.exe Infected: Trojan-Downloader.Win32.Agent.tf skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP78\A0017275.exe/PgSDK.DLL Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.d skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP78\A0017275.exe ViseMan: infected - 1 skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP78\A0017275.exe ViseMan: infected - 1 skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP78\A0017302.exe/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.h skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP78\A0017302.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP78\A0017309.exe/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.a skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP78\A0017309.exe/data0003 Infected: not-a-virus:AdWare.Win32.CASClient.e skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP78\A0017309.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP79\A0017412.dll Infected: Trojan-Dropper.Win32.Small.abe skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP79\A0017418.dll Infected: not-a-virus:AdWare.Win32.Agent.e skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP79\A0017452.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.f skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP79\A0017474.dll Infected: not-a-virus:AdWare.Win32.F1Organizer.n skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP79\A0017604.exe Infected: not-a-virus:Server-Proxy.Win32.Hltv skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP81\A0018939.exe/data0002 Infected: not-a-virus:AdWare.Win32.HotSearchBar.b skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP81\A0018939.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP81\A0018940.exe/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP81\A0018940.exe/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP81\A0018940.exe/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP81\A0018940.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP81\A0018940.exe/data0008 Infected: Trojan-Downloader.Win32.Keenval.e skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP81\A0018940.exe/data0009 Infected: Trojan-Downloader.Win32.Keenval.e skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP81\A0018940.exe NSIS: infected - 6 skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP82\change.log Object is locked skipped

Scan process completed.