LPV3AGNT.EXE-Bad Image

[whatthe@#$]

I keep getting this warning message:

The application or DLL C:/Program Files/Ahnlab/V3/System/302/V3Pro32e.dll is not a valid windows image. Please check this against your installation diskette.

Here is my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:59:14 AM, on 11/30/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LPAGENT\LPAUUPDT.exe
C:\Program Files\Ahnlab\V3\MonSvcNT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LPAGENT\LPV3AGNT.EXE
C:\WINNT\system32\LPAGENT\LPISACTV.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe
C:\Program Files\Ahnlab\V3\MonSysNT.exe
C:\Program Files\Ahnlab\V3\V3P3AT.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\system32\internat.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
C:\WINNT\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assist...mpaign=efc0605
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assist...mpaign=efc0605
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: V3 - {76EAE03C-F2B1-4397-97E8-390920B7C2DC} - C:\Program Files\Ahnlab\V3\V3Bar.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\Program Files\Ahnlab\V3\V3Bar.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Configuration Loader2] mix32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunServices: [Configuration Loader2] mix32.exe
O4 - HKCU\..\Run: [Configuration Loader2] mix32.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128623549010
O16 - DPF: {741509F4-A5F2-478F-A84C-EBEF12041F45} (TvOnline Control) - http://www.everyzone.com/TvOnline/TvOnline.cab
O16 - DPF: {7C65E65F-5ACA-409E-9D44-79AD833919F8} (ExpressViewer Class) - http://download.softforum.co.kr/Xecu...ei_install.cab
O16 - DPF: {91FE1800-3646-49D4-A4D0-98C2EEE26B8C} (XFileControl Control) - http://qbic.hanafos.com/component/QbicControl.CAB
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_6us.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/BugsLoader20041018.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/game...utLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326
O16 - DPF: {F36BB72B-9876-4C6D-B22F-D68E480A39B5} (XFileUploadListDown.ListDownCTL) - http://www.blueyoyo.com/archives/XFi...ad_OnlyOne.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6555BC8-7326-4868-90B7-568E065874AB}: NameServer = 168.126.63.1
O23 - Service: Ahnlab Task Scheduler - Ahnlab, Inc. - C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: kcuao - Unknown owner - \\211.213.34.84\admin$\Navapsvcc.exe" -service (file missing)
O23 - Service: AhnLab V3EDM Active Agent (LPACTAgent) - (?)?????, (?)?????? - C:\WINNT\system32\LPAGENT\LPISACTV.EXE
O23 - Service: AhnLab V3EDM AutoUpdate Update Agent (LPAUUAgent) - (?)?????, (?)?????? - C:\WINNT\system32\LPAGENT\LPAUUPDT.exe
O23 - Service: AhnLab V3EDM V3 Management Agent (LPV3MAgent) - (?)?????, (?)?????? - C:\WINNT\system32\LPAGENT\LPV3AGNT.EXE
O23 - Service: MonSvcNT - Ahnlab, Inc. - C:\Program Files\Ahnlab\V3\MonSvcNT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Windows Systemtray (Systr32) - Unknown owner - C:\WINNT\system32\systr32.exe (file missing)
O23 - Service: ydaobyf - Unknown owner - \\211.213.34.84\admin$\Navapsvcc.exe" -service (file missing)

So, what's going on here?
Thanks for helping

[MicroBell]

Hi and Welcome to TSF

The message your getting is likely related to your AhnLab product and may need reinstalled...but you have several bad guys we need to address first.

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.

• Ad-Aware® SE Personal Edition
  *Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
  
• Spybot Search & Destroy
• CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Please go to at least two of these sites and run an online Virus Scan.
Be sure to have the AutoFix box(s) checked if the site has that option.

http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/actives..._principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/d...d=ie&venid=sym
http://www3.ca.com/virusinfo/virusscan.aspx

Download and install CleanUp! but do not run it yet.

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Download, install, and update Ewido Security Suite

• Install ewido security suite
• Launch ewido, there should be a big E icon on your desktop, double-click it.
• The program will prompt you to update click the OK button
• The program will now go to the main screen

You will need to update ewido to the latest definition files.

• On the left hand side of the main screen click update
• Click on Start

The update will start and a progress bar will show the updates being installed.
After the updates are installed, exit Ewido

Open My Computer-->Tools-->Folder Options-->View-->Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files and click YES and then OK..

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

• Empty Recycle Bins
• Delete Cookies
  [X]Scan local drives for temporary files (Please uncheck this option)
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove the following IF listed.

Accoona Search Assistant
Viewpoint\Viewpoint Manager

Go to Start->Run and type Services.msc then hit Ok

Scroll down and find the service called: kcuao - Unknown owner

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.

Repeat that same procedure for the following services:

Windows Systemtray (Systr32)
ydaobyf - Unknown owner

Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assist...mpaign=efc0605
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assist...mpaign=efc0605
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll
O4 - HKLM\..\Run: [Configuration Loader2] mix32.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunServices: [Configuration Loader2] mix32.exe
O4 - HKCU\..\Run: [Configuration Loader2] mix32.exe
O16 - DPF: {741509F4-A5F2-478F-A84C-EBEF12041F45} (TvOnline Control) - http://www.everyzone.com/TvOnline/TvOnline.cab
O16 - DPF: {7C65E65F-5ACA-409E-9D44-79AD833919F8} (ExpressViewer Class) - http://download.softforum.co.kr/Xecu...ei_install.cab
O16 - DPF: {91FE1800-3646-49D4-A4D0-98C2EEE26B8C} (XFileControl Control) - http://qbic.hanafos.com/component/QbicControl.CAB
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/BugsLoader20041018.cab
O23 - Service: kcuao - Unknown owner - \\211.213.34.84\admin$\Navapsvcc.exe" -service (file missing)
O23 - Service: Windows Systemtray (Systr32) - Unknown owner - C:\WINNT\system32\systr32.exe (file missing)
O23 - Service: ydaobyf - Unknown owner - \\211.213.34.84\admin$\Navapsvcc.exe" -service (file missing)

Delete the following Files/Folders in RED (delete folders if no filename is specified or if they are highlighted in RED) according to their directory (If you can't find them...do a search for them…make sure you have search hidden files, folders, sub directory’s ect enabled if it apply’s to your OS)

C:\Program Files\ Accoona\ASearchAssist.dll
C:\Program Files\ Viewpoint\Viewpoint Manager\ViewMgr.exe
mix32.exe
Navapsvcc.exe <--locate and delete these 2

Run Ewido:

• Click [Scanner]
• Click [Complete System Scan] to begin scanning.
• Click [OK] when prompted to clean files
• With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
• Once finished, click the [Save report] button
• Save the report to your desktop

Close Ewido

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
  [X]Scan local drives for temporary files (Please uncheck this option)
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Once back to normal windows......

Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
2. Click Scan Now
3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

• If it finds any malware, it will offer you a report.
• Click on see report. Then click Save report

Please post that log in your next reply along with the Ewido log and a new hijackthis log.

*Note*

Please let me know in which directory you found this file...Navapsvcc.exe

Also..please use a zipping utility like "WinZip" and ZIP up and attach this file to your next post. C:\WINNT\system32\systr32.exe I need to have a look at the file.

[whatthe@#$]

MicroBell - thanks so much for your help!

Since I only aspire to technical enlightenment; it took me a while to do all the scans and cleaners you recommended.

I'm sorry, but it seems that I removed Navapsvcc.exe with a scan before I found out where it was hiding.

I couldn't find mix32.exe.
I found ENSMIX32.EXE in the D:/ drive. Should I get rid of ENSMIX32.EXE?

I also couldn't find ydaobyf on any logs, scans, or searches.

Also, is the systr32.exe you asked to view -possibly systray32.exe on my computer? I'll include it in the zipped files just in case.

I apologize in advance for any silly mistakes I've made, believe it or not this is the first time I've ever zipped a file.

Well, thanks again for your help.

[whatthe@#$]

This is from my spybot search and destroy log:

11/30/2005 7:36:05 AM Downloaded update info file. (http://security.kolla.de/updates/spybotsd.ini)
11/30/2005 7:36:33 AM downloaded update Detection rules
11/30/2005 7:36:33 AM - URL: http://www.see-cure.de/updates/files/includes.zip
11/30/2005 7:36:33 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
11/30/2005 7:36:33 AM - FILE REJECTED because of bad checksum
11/30/2005 7:39:48 AM downloaded update English language
11/30/2005 7:39:48 AM - URL: http://www.see-cure.de/updates/files/lang.english.zip
11/30/2005 7:39:48 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
11/30/2005 7:39:48 AM - FILE REJECTED because of bad checksum
11/30/2005 8:42:48 AM downloaded update Detection rules
11/30/2005 8:42:48 AM - URL: http://www.see-cure.de/updates/files/includes.zip
11/30/2005 8:42:48 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
11/30/2005 8:42:48 AM - FILE REJECTED because of bad checksum
11/30/2005 8:43:09 AM downloaded update English language
11/30/2005 8:43:09 AM - URL: http://www.see-cure.de/updates/files/lang.english.zip
11/30/2005 8:43:09 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
11/30/2005 8:43:09 AM - FILE REJECTED because of bad checksum
11/30/2005 8:45:48 AM Downloaded update info file. (http://security.kolla.de/updates/spybotsd.ini)
11/30/2005 8:46:20 AM downloaded update Detection rules
11/30/2005 8:46:20 AM - URL: http://www.see-cure.de/updates/files/includes.zip
11/30/2005 8:46:20 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
11/30/2005 8:46:20 AM - FILE REJECTED because of bad checksum
11/30/2005 8:52:44 AM downloaded update English language
11/30/2005 8:52:44 AM - URL: http://www.see-cure.de/updates/files/lang.english.zip
11/30/2005 8:52:44 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
11/30/2005 8:52:44 AM - FILE REJECTED because of bad checksum
12/1/2005 7:07:40 AM Downloaded update info file. (http://security.kolla.de/updates/spybotsd.ini)
12/1/2005 7:14:10 AM downloaded update Detection rules
12/1/2005 7:14:10 AM - URL: http://www.see-cure.de/updates/files/includes.zip
12/1/2005 7:14:10 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
12/1/2005 7:14:10 AM - FILE REJECTED because of bad checksum
12/1/2005 7:20:34 AM downloaded update English language
12/1/2005 7:20:34 AM - URL: http://www.see-cure.de/updates/files/lang.english.zip
12/1/2005 7:20:34 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
12/1/2005 7:20:34 AM - FILE REJECTED because of bad checksum
12/2/2005 9:49:17 AM Downloaded update info file. (http://security.kolla.de/updates/spybotsd.ini)
12/2/2005 9:55:47 AM downloaded update Detection rules
12/2/2005 9:55:47 AM - URL: http://www.see-cure.de/updates/files/includes.zip
12/2/2005 9:55:47 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
12/2/2005 9:55:47 AM - FILE REJECTED because of bad checksum

what does bad checksum mean?
Thanks

[whatthe@#$]

I found out how to use another mirror to get around the bad checksum.

Here are my logs unzipped.
Sorry for being so techno-backward.

Active Scan
Incident Status Location

Spyware:spyware/new.net Not desinfected Windows Registry
Trend Micro Housecall Virus Scan0 virus cleaned, 9 viruses deleted


Results:
We have detected 6 infected file(s) with 9 virus(es) on your
computer. Only 0 out of 0 infected files are displayed:
- 0 virus(es) passed, 0 virus(es) no action available
- 0 virus(es) cleaned, 0 virus(es) uncleanable
- 9 virus(es) deleted, 0 virus(es) undeletable
- 0 virus(es) not found, 0 virus(es) unaccessible
Detected FileAssociated Virus NameAction Taken
C:\Documents and Settings\tom\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-136d4cdc-2d180f00.zip
- binny\binny.classJAVA_BYTEVER.ADeletion
successful
C:\Documents and Settings\tom\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-2576a7e-4586157d.zip
- binny\binny.classJAVA_BYTEVER.ADeletion
successful
C:\Documents and Settings\tom\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-2b30e51b-7f0100bb.zip
- Dummy.classJAVA_BYTEVER.ADeletion successful
C:\Documents and Settings\tom\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-40236c77-75169955.zip
- Beyond.classJAVA_BYTEVER.FDeletion successful
C:\Documents and Settings\tom\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-34a7e20d-474da216.zip
- BlackBox.classJAVA_BYTEVER.ACDeletion successful
- VerifierBug.classJAVA_BYTEVER.ABDeletion
successful
- Dummy.classJAVA_BYTEVER.ABDeletion successful
- Beyond.classJAVA_BYTEVER.ADeletion successful
C:\Program Files\Edonkey v0.50.1 + overnet +
Crack\Overnet & Edonkey Pack
(Docs,Cracks,Serial,Register Etc) By Camj.rar
- Layer2 OverNet Upload Crack Patch (disable
uploads for version
0.30)\OverNet_crack.datBAT_OVERNETCRK.ADeletion
successful




Trojan/Worm Check0 worm/Trojan horse deleted

What we checked:
Malicious activity by a Trojan horse program. Although a
Trojan seems like a harmless program, it contains malicious
code and once installed can cause damage to your computer.
Results:
We have detected 0 Trojan horse program(s) and worm(s) on your
computer. Only 0 out of 0 Trojan horse programs and worms are
displayed: - 0 worm(s)/Trojan(s) passed, 0
worm(s)/Trojan(s) no action available
- 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s)
undeletable
Trojan/Worm NameTrojan/Worm TypeAction Taken




Spyware Check0 spyware program removed

What we checked:
Whether personal information was tracked and reported by
spyware. Spyware is often installed secretly with legitimate
programs downloaded from the Internet.
Results:
We have detected 2 spyware(s) on your computer. Only 0 out of
0 spywares are displayed: - 2 spyware(s) passed, 0
spyware(s) no action available
- 0 spyware(s) removed, 0 spyware(s) unremovable
Spyware NameSpyware TypeAction Taken
COOKIE_45CookiePass
COOKIE_2842CookiePass




Microsoft Vulnerability CheckNo vulnerability detected

What we checked:
Microsoft known security vulnerabilities. These are issues
Microsoft has identified and released Critical Updates to fix.

Results:
We have detected 0 vulnerability/vulnerabilities on your
computer. Only 0 out of 0 vulnerabilities are displayed.
Risk LevelIssueHow to Fix

Logfile of HijackThis v1.99.1
Scan saved at 10:19:11 PM, on 12/1/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\LPAGENT\LPAUUPDT.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINNT\system32\LPAGENT\LPV3AGNT.EXE
C:\WINNT\system32\LPAGENT\LPISACTV.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128623549010
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_6us.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/game...utLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...35/mcfscan.cab
O16 - DPF: {F36BB72B-9876-4C6D-B22F-D68E480A39B5} (XFileUploadListDown.ListDownCTL) - http://www.blueyoyo.com/archives/XFi...ad_OnlyOne.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6555BC8-7326-4868-90B7-568E065874AB}: NameServer = 168.126.63.1
O23 - Service: Ahnlab Task Scheduler - Ahnlab, Inc. - C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: AhnLab V3EDM Active Agent (LPACTAgent) - (?)?????, (?)?????? - C:\WINNT\system32\LPAGENT\LPISACTV.EXE
O23 - Service: AhnLab V3EDM AutoUpdate Update Agent (LPAUUAgent) - (?)?????, (?)?????? - C:\WINNT\system32\LPAGENT\LPAUUPDT.exe
O23 - Service: AhnLab V3EDM V3 Management Agent (LPV3MAgent) - (?)?????, (?)?????? - C:\WINNT\system32\LPAGENT\LPV3AGNT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:17:33 PM, 12/1/2005
+ Report-Checksum: 2B2F861A

+ Scan result:

C:\Documents and Settings\tom\Cookies\tom@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\tom\Cookies\tom@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\tom\Cookies\tom@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup


::Report End

Thanks for your help

[MicroBell]

Perform an online scan with Internet Explorer with

Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Take note the names and locations of any file it detects but fails to clean.

* Turn off the real time scanner of any existing antivirus program while performing the online scan


Let me know how things are running.

[whatthe@#$]

KASPERSKY ON-LINE SCANNER REPORT
Tuesday, December 06, 2005 1111
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 5/12/2005
Kaspersky Anti-Virus database records: 153537


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 42099
Number of viruses found 4
Number of infected objects 23
Number of suspicious objects 0
Duration of the scan process 6795 sec

Infected Object Name Virus Name
C:\Documents and Settings\tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3f8f4c-282ac0b1.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k

C:\Documents and Settings\tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3f8f4c-282ac0b1.zip Infected: Trojan.Java.ClassLoader.k

C:\Documents and Settings\tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-136d4cdc-2d180f00.RB0/binny/binny.class Infected: Trojan-Dropper.Java.Beyond.d

C:\Documents and Settings\tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-136d4cdc-2d180f00.RB0 Infected: Trojan-Dropper.Java.Beyond.d

C:\Documents and Settings\tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-2576a7e-4586157d.RB0/binny/binny.class Infected: Trojan-Dropper.Java.Beyond.d

C:\Documents and Settings\tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-2576a7e-4586157d.RB0 Infected: Trojan-Dropper.Java.Beyond.d

C:\Documents and Settings\tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-410b44c8-225e7ea8.RB0/binny/binny.class Infected: Trojan-Dropper.Java.Beyond.d

C:\Documents and Settings\tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-410b44c8-225e7ea8.RB0 Infected: Trojan-Dropper.Java.Beyond.d

C:\Documents and Settings\tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-410b44c8-225e7ea8.zip/binny/binny.class Infected: Trojan-Dropper.Java.Beyond.d

C:\Documents and Settings\tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-410b44c8-225e7ea8.zip Infected: Trojan-Dropper.Java.Beyond.d

C:\Documents and Settings\tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4e6e5df4-42ef5cd6.RB0/binny/binny.class Infected: Trojan-Dropper.Java.Beyond.d

C:\Documents and Settings\tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4e6e5df4-42ef5cd6.RB0 Infected: Trojan-Dropper.Java.Beyond.d

C:\Documents and Settings\tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4e6e5df4-42ef5cd6.zip/binny/binny.class Infected: Trojan-Dropper.Java.Beyond.d

C:\Documents and Settings\tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4e6e5df4-42ef5cd6.zip Infected: Trojan-Dropper.Java.Beyond.d

C:\Documents and Settings\tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-1c4eb649-6eaae19c.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k

C:\Documents and Settings\tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-1c4eb649-6eaae19c.zip Infected: Trojan.Java.ClassLoader.k

C:\Program Files\shareware\Edonkey v0.50.1 + overnet + Crack.exe/data.rar/Edonkey v0.50.1 + overnet + Crack/Overnet & Edonkey Pack (Docs,Cracks,Serial,Register Etc) By Camj.rar/Overnet & Edonkey Pack (Docs,Cracks,serial,register etc)/OverNet Upload Crack Patch (disable uploads for version 0.30).rar/OverNet Upload Crack Patch (disable uploads for version 0.30)/OverNet_crack.dat Infected: Trojan.BAT.OvernetCrk

C:\Program Files\shareware\Edonkey v0.50.1 + overnet + Crack.exe/data.rar/Edonkey v0.50.1 + overnet + Crack/Overnet & Edonkey Pack (Docs,Cracks,Serial,Register Etc) By Camj.rar/Overnet & Edonkey Pack (Docs,Cracks,serial,register etc)/OverNet Upload Crack Patch (disable uploads for version 0.30).rar Infected: Trojan.BAT.OvernetCrk

C:\Program Files\shareware\Edonkey v0.50.1 + overnet + Crack.exe/data.rar/Edonkey v0.50.1 + overnet + Crack/Overnet & Edonkey Pack (Docs,Cracks,Serial,Register Etc) By Camj.rar Infected: Trojan.BAT.OvernetCrk

C:\Program Files\shareware\Edonkey v0.50.1 + overnet + Crack.exe/data.rar Infected: Trojan.BAT.OvernetCrk

C:\Program Files\shareware\Edonkey v0.50.1 + overnet + Crack.exe Infected: Trojan.BAT.OvernetCrk

D:\Downloads\Joiners\setup.exe/data0002 Infected: Trojan-Downloader.Win32.Wren.d

D:\Downloads\Joiners\setup.exe Infected: Trojan-Downloader.Win32.Wren.d

Scan process completed.

[MicroBell]

Please follow the instuctions here for clearing your java cache..
http://www.java.com/en/download/help/cache_virus.xml

C:\Program Files\shareware\Edonkey v0.50.1 + overnet + Crack.exe <--delete that file

D:\Downloads\Joiners\setup.exe <--delete that file

Post another hijackthis log and le me know how things are running.

[whatthe@#$]

Logfile of HijackThis v1.99.1
Scan saved at 12:12:00 AM, on 12/7/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\LPAGENT\LPAUUPDT.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LPAGENT\LPV3AGNT.EXE
C:\WINNT\system32\LPAGENT\LPISACTV.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128623549010
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_6us.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/game...utLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...35/mcfscan.cab
O16 - DPF: {F36BB72B-9876-4C6D-B22F-D68E480A39B5} (XFileUploadListDown.ListDownCTL) - http://www.blueyoyo.com/archives/XFi...ad_OnlyOne.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6555BC8-7326-4868-90B7-568E065874AB}: NameServer = 168.126.63.1
O23 - Service: Ahnlab Task Scheduler - Ahnlab, Inc. - C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: AhnLab V3EDM Active Agent (LPACTAgent) - (?)?????, (?)?????? - C:\WINNT\system32\LPAGENT\LPISACTV.EXE
O23 - Service: AhnLab V3EDM AutoUpdate Update Agent (LPAUUAgent) - (?)?????, (?)?????? - C:\WINNT\system32\LPAGENT\LPAUUPDT.exe
O23 - Service: AhnLab V3EDM V3 Management Agent (LPV3MAgent) - (?)?????, (?)?????? - C:\WINNT\system32\LPAGENT\LPV3AGNT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Overnet, Edonkey and joiners have been deleted.
Thanks the help

[MicroBell]

Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few more items to address so please follow the instructions below.


Reset hidden/system files and folders

Windows XP
===============

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide file extensions for known types option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Windows 2000
===============

• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Select the Advanced settings box option.
• Select the Hidden files Folders.
• Deselect the Show all files option.
• Click Yes to confirm.
• Click OK.

Windows ME
===============

• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Windows 95/98/98SE
===============

• Open My Computer.
• Select the View
• Select the Folder Options option.
• Select the View tab. option.
• Select the Advance Advanced settings box option.
• Select the Hidden files folder.
• Deselect the Show all files option
• Click Apply to confirm.
• Click OK.

Create a new System Restore point

Windows XP
===============

• Click Start >> Run - type SYSDM.CPL & press Enter
• Select the System Restore Tab
• Tick on the checkbox - "Turn off System Restore on all drives"
• Click Apply
• Then untick the same checkbox & click OK
• This deletes ALL restore points that had the infection and creates a clean one

Windows ME
===============

• Click the Start tab.
• Select the Settings option.
• Select the Control Panel option.
• Double Click the System icon Performance tab option.
• Select File System
• Select the Troubleshooting tab
• Check the Disable System Restore box
• Click Apply to confirm.
• Click OK.

Reboot the PC and repeat the above procedure again
When you get to this option

• Uncheck the Disable System Restore box

For Windows ME..we MUST create a new restore point now as Windows ME will not create one automatically until the computer has been on for 10 hours or 24 hours has passed. To create a new restore point follow the procedure below.

• Click the Start button.
• Point to Programs, point to Accessories, point to System Tools, and then click System Restore.
• Choose Create a restore point, and then click Next.
• In the Restore point description box, type a name for your restore point, and then click Next.
  Click OK

Enable Windows Auto Update

• Go to Start>Run - type wuaucpl.cpl
• Tick on the checkbox - "Keep my computer up to date"
• Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
• Click on "OK".

Please visit Microsoft's Window's Update Page and install the latest service packs, patch’s and security updates for your system.


Recommended Protection Programs

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SpywareGuard to catch and block spyware before it can execute.
• IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
• WinPatrol to monitor any changes that programs make to the registry.

If you do not have a firewall, here are 4 free ones available for personal use:

• ZoneAlarm
• Avast Antivirus/firewall
• Tiny Personal Firewall
• OutPost Firewall

In today’s world you MUST have an Antivirus program. If you do not have one, here are 3 FREE ones available for personal use:

• Grisoft AVG Anti-Virus System
• Alwil Avast 4 Home Edition
• Softwin BitDefender Free Edition Version 7

In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• THE ANTI-SPYWARE TUTORIAL
• MAKING INTERNET EXPLORER SAFER

Please stay safe out there and take the helpful advice that’s been given. The goal here is to prevent the adware/spyware/virus/worms from getting on the system in the first place.

Please respond to this thread one more time so we can mark this thread as resolved.

[whatthe@#$]

All techies must be revered!!!
I did everything you recommended.
My system is running great. I learned a lot, too.
Thanks for all your help, Microbell.