W32.Licum VIrus

[Privte_Ryan]

Norton AntiVirus Virus Alert's keep comming up and saying "Norton has detected and removed a virus from your computer.

Its getting to be constant now 1 after another and really is worrying me.

Heres the scanlog.

Please help me, I dont want to have to reformat again.

[Grove]

Logfile of HijackThis v1.99.1
Scan saved at 8:47:04 PM, on 1/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Ryan\My Documents\My Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1129953112600
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129953094270
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

In the future, please post your log as I have done above. This saves time for the analysts.

[Privte_Ryan]

thanks, im backing up stuff right now just incase anything happens

[Grove]

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

[Privte_Ryan]

Arg...

Another Virus Alert came up, now it says its "Trojan.ByteVerify" Virus...

eTrust Antivirus seem to found it in Java folder..

[Grove]

Thanks for being so patient.

Hello and welcome to TSF

Please ensure that Windows is patched against the WMF exploit. This is a dangerous vulnerability that opens the door to multiple infections. Visit Window's Update to get the KB912919 patch.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

You have multiple antivirus programs installed on your system. This can and will lead to conflicts on your system. Therefore you should only keep one (1) antivirus program on your system and remove/uninstall the rest. It will be YOUR decision as to which antivirus to keep and which one(s) to remove.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (If they still exist)(You must kill them one at a time).

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

MessengerPlus! 3

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

Please remember to close all other windows, including browsers then click Fix checked.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Program Files\ MessengerPlus! 3

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Reboot your system in Normal Mode.

Perform an online scan with Internet Explorer with

Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Take note the names and locations of any file it detects but fails to clean.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

In your next post, please include fresh logs from:

• HijackThis Log
• Online Scan

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now.

[Privte_Ryan]

Can you recommend a free antivirus program that would do the job well?

[Privte_Ryan]

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, January 07, 2006 13:50:33
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 7/01/2006
Kaspersky Anti-Virus database records: 159421
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 113173
Number of viruses found: 6
Number of infected objects: 183
Number of suspicious objects: 0
Duration of the scan process: 5566 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\MSN\db\kellypierson4281-msn-com.4e/[From postman@putnammarket.com][Date Tue, 22 Nov 2005 21:39:26 GMT]/reg_pass.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\MSN\db\kellypierson4281-msn-com.4e/[From postman@putnammarket.com][Date Tue, 22 Nov 2005 21:39:26 GMT]/reg_pass.zip Infected: Email-Worm.Win32.Sober.y
C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\MSN\db\kellypierson4281-msn-com.4e Infected: Email-Worm.Win32.Sober.y
C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\MSN\db\kellypierson4281-msn-com.4f/[From hostmaster@clm.com][Date Wed, 23 Nov 2005 05:17:07 GMT]/reg_pass.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\MSN\db\kellypierson4281-msn-com.4f/[From hostmaster@clm.com][Date Wed, 23 Nov 2005 05:17:07 GMT]/reg_pass.zip Infected: Email-Worm.Win32.Sober.y
C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\MSN\db\kellypierson4281-msn-com.4f Infected: Email-Worm.Win32.Sober.y
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count33.jar-5b7ca364-6f6eedd8.zip/Beyond.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count33.jar-5b7ca364-6f6eedd8.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count33.jar-5b7ca364-6f6eedd8.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.ai
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count33.jar-5b7ca364-6f6eedd8.zip Infected: Trojan.Java.ClassLoader.ai
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-31efef57-139fd8af.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-31efef57-139fd8af.zip Infected: Trojan-Downloader.Java.OpenStream.w
C:\Program Files\Norton AntiVirus\Quarantine\03CD09B7.class Infected: Trojan-Downloader.Java.OpenStream.w
C:\Program Files\Norton AntiVirus\Quarantine\04667CAD.class Infected: Trojan-Downloader.Java.OpenStream.w
C:\Program Files\Norton AntiVirus\Quarantine\10F262E6.tmp Infected: Trojan-Downloader.Java.OpenStream.w
C:\Program Files\Norton AntiVirus\Quarantine\3847490E.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\3B5051B7.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\41326D3E.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\415C0F10.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\4556773F.class Infected: Trojan-Downloader.Java.OpenStream.w
C:\Program Files\Norton AntiVirus\Quarantine\552B58AE.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\553C2A9C.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\557D7254.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\55B1121B.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\55EF2FD6.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5699371B.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\57603840.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\579E55FC.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\57C64DD1.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\58071589.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\58240F69.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\585C592C.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\58D814A3.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\594A5225.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\597B47EF.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\59AF67B6.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\59DA0987.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\59F70367.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5A11534A.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5A3C751B.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5A8410CC.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5AC80281.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5B13482E.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5B346C0A.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5B7C07BB.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5BAD7D85.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5C405EE3.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5C5D58C3.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5C7728A6.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5CBC1A5B.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5CE06833.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5D3F29CB.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5D6F1F95.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5DA43F5C.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5DC80D34.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5DFC2CFB.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5E264ECC.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5EA63440.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5ED3000E.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5EF179ED.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5F1547C6.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5F3241A5.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5FCC76FC.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5FF044D5.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\60310C8D.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\60652C54.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\60897A2C.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\60AA1E08.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\60CA41E4.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\60F80DB2.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\611F0587.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6139556A.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\615A7946.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\61A868F0.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\61D060C5.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6201568F.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\621E506E.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\62357655.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\625C6E2A.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\62860FFB.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\62C857B4.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\63091F6C.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\63610D0B.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\637B5CEE.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\639F2AC6.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\63C3789F.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\63E1727F.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\640E3E4C.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\64320C25.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\646301EF.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\64874FC7.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\64D21575.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\64F33951.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\65242F1B.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\65527AE8.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\658370B3.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\65A06A92.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\65C76267.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\65F20438.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\66237A02.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\66546FCD.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\668B398F.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\66B9055D.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\66E3272E.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\671E1AEE.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\673F3ECA.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\677D5C86.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\679D0062.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\67D22028.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\67FC41F9.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\681611DD.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\684133AE.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\685B0391.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\687F516A.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\68C01922.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\68E466FA.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\692204B6.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6946528E.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\69634C6E.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\69871A47.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\69CF35F7.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6A2E778F.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6A621756.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6A930D20.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6AD454D8.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6B1F1A85.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6B403E61.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6B71342C.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6BC921CA.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6BF0199F.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6C1B3B71.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6C3F0949.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6C692B1A.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6C9776E8.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6CB81AC4.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6CE23C95.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6D1D3055.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6DA613BE.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6DB665AC.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6DF40368.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6E5D42F5.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6E6D14E3.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6E9162BB.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6EB53094.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6EFD4C44.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6F244419.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6F4B3BEE.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6F6F09C7.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6F8959AA.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\6FAA7D86.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\700F1317.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\70230F01.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\70825099.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\70B34663.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\70E33C2D.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\710E5DFE.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\71322BD7.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\715C4DA8.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\718D4372.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\71C26339.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\71E53111.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\720654ED.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\722A22C6.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\725B1890.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\72821065.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\72A65E3D.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\72CD5612.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\730849D1.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\732C17AA.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\7346678D.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\736A3565.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\73980133.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\73B8250F.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\73F318CF.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\740A3EB5.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\742B6291.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\744B066E.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\746C2A4A.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\74892429.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\74AA4805.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\75472759.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP31\A0007185.exe/WISE0018.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP31\A0007185.exe Infected: Trojan-Downloader.Win32.Small.bke

Scan process completed.

[Privte_Ryan]

Logfile of HijackThis v1.99.1
Scan saved at 1:54:59 PM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ryan\My Documents\My Downloads\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1129953112600
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129953094270
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[Privte_Ryan]

bump!!!!!!!~~~~~~~~~

[tetonbob]

Posting Rules


3. Please be considerate of the fact that the people helping you are not being paid for this, and in fact usually have a job, and have a limited amount of time to help, and can only do so much. If no one has replied to your thread within 24hrs after you posted it, please reply in your thread with the word BUMP to move it forward.

DO NOT Bump the thread unless 24 hours has passed. We work from oldest to newest posts... so your wait will be longer if you bump it forward before the 24 hours is up.

I understand your concern. Please understand ours and be patient.

Thank you.

[tetonbob]

Hi Privte_Ryan

Please do this:

Click on Start->Settings->Control Panel->Java Plug-in and click on the Cache tab. Then click on the Clear button and hit OK.
If you have Java 1.5, do this instead. Start->Control Panel->Java->Settings->Delete Files and click OK and OK.

See this page for detailed instructions on how to clear java's cache.

Please use Symantec's guide to remove the Norton Quarantine files.

Search for and delete all instances of these files/folders:

C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\MSN\db\kellypierson4281-msn-com.4f
C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\MSN\db\kellypierson4281-msn-com.4e


It amy prove easier to Backup any known good emails, and delete this folder:

C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\MSN\db

MSN will recreate a fresh db folder upon restarting the application.

Run a new Kaspersky scan, and post the results here. Also post a new HJT log.

How is your system behaving now, please?

[Privte_Ryan]

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, January 08, 2006 18:18:03
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 9/01/2006
Kaspersky Anti-Virus database records: 159646
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 90918
Number of viruses found: 2
Number of infected objects: 167
Number of suspicious objects: 0
Duration of the scan process: 4216 sec

Infected Object Name - Virus Name
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP31\A0007185.exe/WISE0018.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP31\A0007185.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016797.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016798.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016799.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016800.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016801.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016802.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016803.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016804.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016805.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016806.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016807.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016808.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016809.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016810.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016811.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016812.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016813.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016814.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016815.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016816.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016817.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016818.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016819.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016820.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016821.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016822.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016823.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016824.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016825.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016826.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016827.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016828.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016829.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016830.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016831.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016832.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016833.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016834.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016835.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016836.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016837.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016838.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016839.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016840.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016841.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016842.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016843.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016844.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016845.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016846.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016847.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016848.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016849.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016850.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016851.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016852.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016853.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016854.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016855.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016856.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016857.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016858.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016859.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016860.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016861.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016862.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016863.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016864.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016865.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016866.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016867.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016868.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016869.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016870.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016871.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016872.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016873.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016874.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016875.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016876.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016877.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016878.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016879.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016880.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016881.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016882.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016883.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016884.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016885.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016886.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016887.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016888.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016889.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016890.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016891.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016892.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016893.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016894.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016895.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016896.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016897.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016898.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016899.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016900.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016901.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016902.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016903.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016904.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016905.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016906.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016907.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016908.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016909.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016910.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016911.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016912.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016913.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016914.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016915.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016916.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016917.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016918.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016919.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016920.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016921.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016922.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016923.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016924.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016925.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016926.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016927.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016928.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016929.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016930.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016931.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016932.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016933.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016934.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016935.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016936.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016937.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016938.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016939.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016940.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016941.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016942.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016943.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016944.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016945.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016946.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016947.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016948.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016949.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016950.EXE Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016951.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016952.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016953.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016954.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016955.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016956.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016957.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016958.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016959.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016960.exe Infected: Virus.Win32.Tenga.a
C:\System Volume Information\_restore{2738E5FC-DFD1-4E03-81DD-CFC9CC4C379C}\RP72\A0016961.exe Infected: Virus.Win32.Tenga.a

Scan process completed.

[tetonbob]

Those items are easily taken care of.

CLEAR & RESET SYSTEM RESTORE'S CACHE

Go to Start >> Run - type control sysdm.cpl,,4 & press Enter

* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply

Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

Please post a new HJT log as requested, and tell us the condition of your system. Any more issues?

[Privte_Ryan]

Logfile of HijackThis v1.99.1
Scan saved at 10:03:46 PM, on 1/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Ryan\My Documents\My Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1129953112600
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129953094270
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Does everything look fine?

[tetonbob]

I see you chose to uninstall Norton. Good choice.

Run a scan with HJT, and fix these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY... on&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY... on&pf=laptop

Other than that, your logs are clean.

Well done. Any more issues? If not you should be good to go. We still have a few items to address.


Reset hidden/system files and folders

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide file extensions for known types option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Create a new System Restore point

• click Start >> Run - type SYSDM.CPL & press Enter
• select the System Restore Tab
• tick on the checkbox - "Turn off System Restore on all drives"
• click Apply
• then untick the same checkbox & click OK

Enable Windows Auto Update

• Go to Start>Run - type wuaucpl.cpl
• tick on the checkbox - "Keep my computer up to date"
• Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
• Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SpywareGuard to catch and block spyware before it can execute.
• IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

If you do not have a firewall, here are 3 free ones available for personal use:

• Sygate Personal Firewall
• Kerio Personal Firewall
• ZoneAlarm
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. It can be downloaded here - MVPS Hosts file
  
• CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• Winpatrol - Download and install the free version of Winpatrol.
  A tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• THE ANTI-SPYWARE TUTORIAL
• MAKING INTERNET EXPLORER SAFER

Please respond to this thread one more time so we can mark this thread as resolved.

[Privte_Ryan]

Thanks for all your help, everything is doin fine.

I'll be sure to come back here if anything happens in the future.

Thanks,
Ryan