jkill2001

Logfile of HijackThis v1.99.1
Scan saved at 6:10:21 PM, on 3/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
E:\WINDOWS\System32\snmp.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\wdfmgr.exe
E:\Program Files\Common Files\AOL\1103770708\ee\AOLSoftware.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\America Online 9.0c\waol.exe
E:\Program Files\America Online 9.0c\shellmon.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Grisoft\AVG Free\avgcc.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Documents and Settings\Jon\Desktop\hijackthis\HijackThis.exe

O1 - Hosts: localhost 127.0.0.1
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - E:\WINDOWS\system32\gfurc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - E:\WINDOWS\system32\gfurc.dll
O4 - HKLM\..\Run: [HostManager] E:\Program Files\Common Files\AOL\1103770708\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AOL Fast Start] "E:\Program Files\America Online 9.0c\AOL.EXE" -b
O4 - HKCU\..\Run: [UnSpyPC] "E:\Program Files\UnSpyPC\UnSpyPC.exe"
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{47474C52-F2EE-473C-9283-546A0B832899}: NameServer = 85.255.116.171,85.255.112.228
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E7DA7E0-0DA6-44BF-BDDC-A99674E697B3}: NameServer = 85.255.116.171,85.255.112.228
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BA718BC-F239-4F7F-9BAF-EBC7CFF1F80D}: NameServer = 85.255.116.171,85.255.112.228
O20 - Winlogon Notify: igfxcui - E:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, March 05, 2006 18:09:43
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 5/03/2006
Kaspersky Anti-Virus database records: 180327
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 132015
Number of viruses found: 10
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 9216 sec

Infected Object Name - Virus Name
C:\WINDOWS\system32\drivers\etc\hosts Infected: Trojan.Win32.Qhost
C:\System Volume Information\_restore{E52F6E8C-4D5C-493E-9456-C80711178283}\RP31\A0003425.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
E:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\jon\Cache\32C43BD2d01 Infected: Trojan-Clicker.JS.Linker.h
E:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\jon\Cache\6933A524d01 Infected: Trojan-Clicker.JS.Linker.h
E:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\jon\Cache\794D1DF9d01 Infected: Trojan-Clicker.HTML.IFrame.b
E:\Program Files\aim error ace\debug32.dll Infected: not-a-virus:AdWare.Win32.Lop
E:\WINDOWS\Downloaded Program Files\toolbar.dll Infected: not-a-virus:AdWare.Win32.Agent.k
E:\WINDOWS\system32\cacore.dll Infected: not-a-virus:AdWare.Win32.Couponage.a
E:\WINDOWS\system32\desktrf-667279.exe/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.b
E:\WINDOWS\system32\desktrf-667279.exe Infected: not-a-virus:AdWare.Win32.Beginto.b
E:\WINDOWS\system32\gfurc.dll Infected: not-a-virus:AdWare.Win32.SBSoft.h
E:\WINDOWS\system32\winb2s32.dll Infected: not-a-virus:AdWare.Win32.Ilookup.b
E:\WINDOWS\system32\winb2s33.dll Infected: not-a-virus:AdWare.Win32.Ilookup.b

Scan process completed.

Volume in drive E has no label.
Volume Serial Number is BC27-9C30

Directory of E:\Documents and Settings\Administrator\Application Data

11/02/2003 09:56 AM <DIR> Aim
08/25/2003 04:10 PM <DIR> Identities
09/30/2003 07:04 PM <DIR> MSN6
09/10/2003 10:14 PM <DIR> Sun
0 File(s) 0 bytes
4 Dir(s) 17,047,470,080 bytes free
Volume in drive E has no label.
Volume Serial Number is BC27-9C30

Directory of E:\Documents and Settings\All Users\Application Data

11/03/2005 08:04 PM <DIR> Adobe
12/02/2005 09:17 PM <DIR> AOL
12/02/2005 08:40 PM <DIR> AOL Downloads
12/19/2005 10:26 PM <DIR> Apple Computer
09/06/2005 10:56 PM <DIR> Autodesk
03/05/2006 09:14 AM <DIR> avg7
03/05/2006 09:13 AM <DIR> Grisoft
10/12/2004 11:18 PM <DIR> Macrovision
10/22/2004 05:06 PM <DIR> McAfee.com
09/30/2003 07:03 PM <DIR> MSN6
02/10/2004 06:17 PM <DIR> NFS Underground
07/07/2004 11:46 PM <DIR> Pure Networks
02/19/2006 11:34 PM 1,387 QTSBandwidthCache
02/29/2004 06:03 PM <DIR> QuickTime
01/03/2006 01:25 AM <DIR> SecTaskMan
02/17/2006 09:35 PM <DIR> Spybot - Search & Destroy
01/21/2006 11:55 AM <DIR> Symantec
09/19/2005 09:35 PM <DIR> Trymedia
12/19/2004 05:43 PM <DIR> Viewpoint
11/08/2005 12:03 AM <DIR> Yahoo! Companion
1 File(s) 1,387 bytes
19 Dir(s) 17,047,453,696 bytes free
Volume in drive E has no label.
Volume Serial Number is BC27-9C30

Directory of E:\Documents and Settings\fran\Application Data

12/27/2003 10:46 PM <DIR> Adobe
12/17/2004 06:03 PM <DIR> Aim
11/10/2005 05:21 PM <DIR> AOL
11/20/2003 07:59 PM <DIR> Help
11/20/2003 07:58 PM <DIR> Identities
12/17/2004 06:03 PM <DIR> InterMute
12/26/2003 08:55 AM <DIR> Macromedia
08/12/2004 07:14 AM <DIR> Mozilla
12/23/2003 11:06 PM <DIR> Sun
08/12/2004 07:14 AM <DIR> Talkback
0 File(s) 0 bytes
10 Dir(s) 17,047,453,696 bytes free
Volume in drive E has no label.
Volume Serial Number is BC27-9C30

Directory of E:\Documents and Settings\Guest\Application Data

04/03/2004 07:38 AM <DIR> Identities
0 File(s) 0 bytes
1 Dir(s) 17,047,453,696 bytes free
Volume in drive E has no label.
Volume Serial Number is BC27-9C30

Directory of E:\Documents and Settings\Jon\Application Data

03/05/2006 09:13 AM <DIR> .
03/05/2006 09:13 AM <DIR> ..
12/02/2005 08:48 PM <DIR> acccore
01/04/2004 03:41 PM <DIR> ACD Systems
01/04/2004 03:42 PM <DIR> ACDInTouch
11/03/2005 08:04 PM <DIR> Adobe
12/07/2005 11:23 PM <DIR> AdobeUM
11/19/2004 08:16 PM <DIR> Aim
08/01/2005 08:15 PM <DIR> Alibre Design
12/02/2005 08:46 PM <DIR> AOL
01/04/2006 06:47 PM <DIR> Apple Computer
02/25/2005 07:36 PM <DIR> Autodesk
03/05/2006 09:13 AM <DIR> AVG7
06/12/2004 08:00 PM <DIR> Creative
09/20/2005 08:28 PM <DIR> Google
02/27/2004 12:11 AM <DIR> Help
11/21/2003 09:21 PM <DIR> Identities
03/17/2004 02:24 PM <DIR> Kazaa Lite
12/30/2004 12:05 AM <DIR> Keyhole
05/08/2004 10:39 PM <DIR> Lycos
06/12/2004 07:49 PM <DIR> Macromedia
08/05/2004 08:35 AM <DIR> Mozilla
07/02/2004 12:00 PM <DIR> NetMedia Providers
08/16/2004 12:40 AM <DIR> oreu
04/21/2005 07:24 PM <DIR> Publish Providers
10/13/2004 09:33 PM <DIR> RACETHEPROSOnline11
06/26/2004 12:58 PM <DIR> Ratbag
03/22/2004 10:40 PM <DIR> Sonic Foundry
12/12/2003 11:53 PM <DIR> Sun
01/03/2006 06:43 PM <DIR> Symantec
08/05/2004 08:35 AM <DIR> Talkback
05/29/2005 12:14 PM 12 uns.tmp
06/02/2005 09:37 PM <DIR> Webroot
06/02/2005 09:37 PM <DIR> yahoo!
03/02/2004 11:16 PM <DIR> Yahoo! Messenger
07/07/2004 11:46 PM <DIR> You've Got Pictures Screensaver
1 File(s) 12 bytes
35 Dir(s) 17,047,449,600 bytes free
Volume in drive E has no label.
Volume Serial Number is BC27-9C30

Directory of E:\Documents and Settings\Default User\Application Data

08/24/2003 06:51 PM <DIR> .
08/24/2003 06:51 PM <DIR> ..
12/17/2004 06:34 PM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 17,047,449,600 bytes free
Volume in drive E has no label.
Volume Serial Number is BC27-9C30

Directory of E:\Documents and Settings\LocalService\Application Data

Volume in drive E has no label.
Volume Serial Number is BC27-9C30

Directory of E:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'Symantec NetDetect.job'
[TRACE] Printing all job properties

ApplicationName: 'E:\Program Files\Symantec\LiveUpdate\NDETECT.EXE'
Parameters: ''
WorkingDirectory: 'E:\Program Files\Symantec\LiveUpdate'
Comment: 'Symantec NetDetect'
Creator: 'Jon'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 00/00/0000 0:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_DISABLED
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 1
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

2 Triggers

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 01/21/2006
EndDate: 00/00/0000
StartTime: 09:44
MinutesDuration: 1440
MinutesInterval: 5
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 1:
Type: AtLogon
StartDate: 01/21/2006
EndDate: 00/00/0000
StartTime: 09:44
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


right now there are 2 popups that show up. one says windows security and is a actual popup in the center of the screen the other i forget what it says but its down in the bar where the clock is. i tried going into security center to disable the windows security pop up but i can't its grey. i also have a toolbar in every window i open i.e. control panel. i tried undoing that but i can't its in grey also. whats the deal?