Thank you very much for your help. Here's the logs that you requested after perfoming the steps.
Panda log
Incident Status Location
Adware:adware/adsmart Not disinfected c:\winnt\system32\dlh9jkdq8.exe
Potentially unwanted tool:application/bestoffer Not disinfected c:\winnt\smdat32m.sys
Adware:adware/keenvalue Not disinfected c:\winnt\browserxtras\pn\remove.exe
Adware:adware/cydoor Not disinfected c:\winnt\cdmxtras
Spyware:spyware/apropos Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt[.apmebf.com/]
smitfiles.txt
smitRem © log file
version 3.0
by noahdfear
Microsoft Windows 2000 [Version 5.00.2195]
"IE"="6.0000"
The current date is: Sun 06/11/2006
The current time is: 4:53:04.32
Running from
C:\Documents and Settings\gomer\Desktop\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{B29BE267-3A64-4F7E-8A57-75FB5E900503}"="Windows Updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B29BE267-3A64-4F7E-8A57-75FB5E900503}\InProcServer32]
@="C:\WINNT\system32\cfgmngr32.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
checking for drsmartload2 key
drsmartload2 key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003
Craig.Peacock@beyondlogic.org
Killing PID 684 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{B29BE267-3A64-4F7E-8A57-75FB5E900503}"="Windows Updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B29BE267-3A64-4F7E-8A57-75FB5E900503}\InProcServer32]
@="C:\WINNT\system32\cfgmngr32.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN! :)
Ewido
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 5:10:11 AM, 6/11/2006
+ Report-Checksum: 4A72C5A2
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{00000000-15D9-4736-AB29-131578A45F2B} -> Adware.Wordsonweb : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocajjum8.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup
C:\Documents and Settings\Administrator\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup
C:\Documents and Settings\Administrator\Start Menu\Programs\Power Scan\Power Scan.lnk -> Adware.PowerScan : Cleaned with backup
C:\Program Files\Aprps -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\ace.dll -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_01-06-2006.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_02-06-2006.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_03-06-2006.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_04-06-2006.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_05-06-2006.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_06-06-2006.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_07-06-2006.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\atl.dll -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\CxtPls.dll -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\CxtPls.exe -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\libexpat.dll -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\plg0 -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\plg0\cxtpls.dll -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\ProxyStub.dll -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\pstub0 -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\pstub0\proxystub.dll -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\uninstaller.exe -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\WinGenerics.dll -> Adware.Apropos : Cleaned with backup
C:\WINNT\file1.exe -> Backdoor.Small : Cleaned with backup
C:\WINNT\OEM.exe -> Proxy.Agent.jw : Cleaned with backup
C:\WINNT\OEM.exe.bak -> Proxy.Agent.jw : Cleaned with backup
C:\WINNT\system32\directprt.sys -> Backdoor.Haxdoor.io : Cleaned with backup
C:\WINNT\system32\dlh9jkdq2.exe -> Trojan.Small : Cleaned with backup
C:\WINNT\system32\dlh9jkdq6.exe -> Trojan.Small : Cleaned with backup
C:\WINNT\system32\dlh9jkdq7.exe -> Trojan.Small : Cleaned with backup
C:\WINNT\system32\HLInstaller1.exe -> Adware.MDH : Cleaned with backup
C:\WINNT\system32\HyperLinker1.exe -> Adware.MDH : Cleaned with backup
C:\WINNT\system32\ib14.dll -> Logger.Bancos : Cleaned with backup
C:\WINNT\system32\ipod.raw.exe -> Proxy.Lager.bi : Cleaned with backup
C:\WINNT\system32\jsssvc.exe -> Backdoor.Rbot.aeu : Cleaned with backup
C:\WINNT\system32\mpcsvc.exe -> Proxy.Small.du : Cleaned with backup
C:\WINNT\system32\vxgame6.exe3072.exe -> Downloader.Tiny.cp : Cleaned with backup
D:\TopSearch.dll -> Adware.Altnet : Cleaned with backup
::Report End
New HijackThis log
Logfile of HijackThis v1.99.1
Scan saved at 5:19:49 AM, on 6/11/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\gomer\Desktop\HijackThis.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] D:\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
There you go, and thank you so very much for your help.
-=small edit=-
Ok. After doing all of that in Safemode with networking and posting all the logs I tried to log in normally. No restart!! Here's a Hijack this log from a normal login (not safemode)
Logfile of HijackThis v1.99.1
Scan saved at 5:33:23 AM, on 6/11/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
D:\Surround Mixer\CTSysVol.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\gomer\Desktop\HijackThis.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] D:\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe