can someone review this log?

[jagzee]

Hi,
I'm at my son in law's and have run adaware and spybot in safe mode. A few hundred entries were removed, also, one of thje entries had to be removed at next boot with spybot S&D. Also have uninstalled a few tool bars and search progs. I fear there will be more nasties hiding in here. Here is the hijack log. Thanks for your help.

Logfile of HijackThis v1.99.1
Scan saved at 2:27:05 PM, on 4/15/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\WINDOWS\vsnpstd.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Tony\Desktop\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stockwatch.com/swnet/util...apshot=default
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZCxdm491YYCA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O18 - Protocol: bw+0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)
O18 - Protocol: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe

[tetonbob]

Looks like you did a pretty good job....let's give your cleaning some more teeth, and see if anything else is lurking:

Download Ewido Security Suite

• Install Ewido Security Suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

• On the left hand side of the main screen click update.
• Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

---------------------------------------------------------------------------------------------

Download and install CleanUp!
NOTE: Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it! Download & run this tool to find out for sure.....http://www.kellys-korner-xp.com/regs...p_whichcpu.exe

---------------------------------------------------------------------------------------------


Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any):

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZCxdm491YYCA

All O18 entries like this one, EXCEPT the first.

O18 - Protocol: bw+0s - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


---------------------------------------------------------------------------------------------

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files (if present)
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.

It may ask you to log-off/reboot at the end, if it does please do so.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click Complete System Scan to begin scanning.
• Click OK when prompted to clean files

With the first file it prompts to clean, select the option:

• "Perform action on all infections"
• Choose clean and click OK.

Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour.

---------------------------------------------------------------------------------------------

Restart in normal mode.

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on the "Free To Use ActiveScan" located on the top right hand corner

1. Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
2. Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting My Computer

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on See report then click Save report

*Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------

Run a new HijackThis scan. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Create an uninstall list:

• Open HiJackThis
• Click on the configure button on the bottom right
• Click on the tab "Misc Tools"
• Click on the Box that says "Open Uninstall Manager"
• Click on the button "Save list"
• Copy and past the List from the notepad file into your post

Please return with results from:

Ewido
Panda
HJT
Uninstall List

[jagzee]

Thanks Bob

Here are the logs.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:35:57 PM, 4/15/06
+ Report-Checksum: 7570F895

+ Scan result:

C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP579\A0054875.exe -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP579\A0054876.exe -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP579\A0054888.exe -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP641\A0068466.dll -> Adware.AmBar : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\wifnlul2.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\wifnlul2.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\wifnlul2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\wifnlul2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\wifnlul2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Bigtoe\Application Data\Mozilla\Firefox\Profiles\cnxy2937.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Bigtoe\Application Data\Mozilla\Firefox\Profiles\cnxy2937.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Bigtoe\Application Data\Mozilla\Firefox\Profiles\cnxy2937.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Bigtoe\Application Data\Mozilla\Firefox\Profiles\cnxy2937.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Bigtoe\Application Data\Mozilla\Firefox\Profiles\cnxy2937.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Bigtoe\Application Data\Mozilla\Firefox\Profiles\cnxy2937.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Bigtoe\Application Data\Mozilla\Firefox\Profiles\cnxy2937.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Bigtoe\Application Data\Mozilla\Firefox\Profiles\cnxy2937.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Bigtoe\Application Data\Mozilla\Firefox\Profiles\cnxy2937.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Bigtoe\Application Data\Mozilla\Firefox\Profiles\cnxy2937.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Bigtoe\Application Data\Mozilla\Firefox\Profiles\cnxy2937.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Bigtoe\Application Data\Mozilla\Firefox\Profiles\cnxy2937.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Bigtoe\Application Data\Mozilla\Firefox\Profiles\cnxy2937.default\cookies.txt -> TrackingCookie.Ad-logics : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Bigtoe\Application Data\Mozilla\Firefox\Profiles\cnxy2937.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Bigtoe\Application Data\Mozilla\Firefox\Profiles\cnxy2937.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Program Files\Midnight Lake Screensaver\ML1Uninstaller.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Midnight Lake Screensaver\MidnightLake.exe -> Adware.GAINNetwork : Cleaned with backup


::Report End


Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected C:\WINDOWS\SYSTEM32\f3PSSavr.scr
Adware:adware/swimsuitnetwork Not disinfected C:\WINDOWS\SYSTEM32\MYDLL.dll
Adware:adware/gator Not disinfected C:\WINDOWS\GatorPdpLoudInstaller.log
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tony\Cookies\tony@tribalfusion[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tony\Cookies\tony@atdmt[2].txt
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\system32\f3PSSavr.scr
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tony\Cookies\tony@tribalfusion[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tony\Cookies\tony@atdmt[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\wifnlul2.default\cookies.txt[]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Bigtoe\Application Data\Mozilla\Firefox\Profiles\cnxy2937.default\cookies.txt[]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\fs9i45h2.default\cookies.txt[]

Logfile of HijackThis v1.99.1
Scan saved at 8:11:09 PM, on 4/15/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tony\Desktop\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stockwatch.com/swnet/util...apshot=default
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: bw+0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.7
AutoCAD 2004
Autodesk Express Viewer
Brother MFL Pro Suite
CARD LINK (for USB) 1.20
CARD LINK 1.20
Chutes and Ladders
CleanUp!
Disney's Mickey Mouse Kindergarten
ewido anti-malware
Google Earth
HijackThis 1.99.1
hp deskjet 990c series
hp deskjet 990c series (Remove only)
iTunes
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Kindergarten v1.0
Lernout & Hauspie TruVoice American English TTS Engine
LimeWire 4.9.28
Logitech Desktop Messenger
Logitech SetPoint
McAfee Personal Firewall Plus
McAfee SecurityCenter
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Office PowerPoint Viewer 2003
Microsoft Windows Journal Viewer
Microsoft Works 7.0
Midnight Lake Screensaver
MP3 Player Utilities
MSN Messenger 7.5
Musicmatch® Jukebox
Nero
Panda ActiveScan
PaperPort 8.0 SE
PHOTOVU LINK & CARD LINK
QuickBooks Pro Edition 2006
QuickTime
RealArcade
Samsung ML-2250 Series
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
SetIP
Shockwave
SiS 900 PCI Fast Ethernet Adapter Driver
SoftK56 Data Fax Voice Speakerphone CARP
Softk56 Data Fax Voice Speakerphone CARP
SpongeBob SquarePants® Operation Krabby Patty
Spybot - Search & Destroy 1.3
Unit Conversion Tool Evaluation Version 5.1
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
USB PC Camera(SN9C102)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2

[tetonbob]

Your version of Spybot is out of date. The latest version is 1.4. You should get the updated version.

Likewise, if Adaware is not version 1.06, it should also be updated.

---------------------------------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4

---------------------------------------------------------------------------------------------

Leave J2SE Runtime Environment 5.0 Update 6 alone, it is the latest, most secure version.

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.


Delete the following if they exist:

C:\WINDOWS\SYSTEM32\f3PSSavr.scr
C:\WINDOWS\SYSTEM32\MYDLL.dll
C:\WINDOWS\GatorPdpLoudInstaller.log

If they resist deletion, boot to safe mode and delete them from there.

---------------------------------------------------------------------------------------------

Be wary of P2P programs like Limewire, they can be a gateway to adware and infections.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Run this online scan for a final opinion, as one may see what the other may miss:

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------


Post a new HJT log as well as the results from Kaspersky.

[jagzee]

Thanks Bob.

Here's the logs

Logfile of HijackThis v1.99.1
Scan saved at 12:56:39 AM, on 4/16/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Tony\Desktop\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stockwatch.com/swnet/util...apshot=default
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: bw+0 - {02C7CF41-895B-4354-98EC-DF2264FAA1C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe


-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, April 16, 2006 00:40:19
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 16/04/2006
Kaspersky Anti-Virus database records: 188321
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: false

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 60375
Number of viruses found: 11
Number of infected objects: 26
Number of suspicious objects: 0
Duration of the scan process: 3438 sec

Infected Object Name - Virus Name
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP640\A0068420.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.p
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP640\A0068421.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP640\A0068423.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP640\A0068424.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.d
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP640\A0068425.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP640\A0068426.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP640\A0068427.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP640\A0068428.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP640\A0068429.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP640\A0068430.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.t
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP640\A0068431.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP640\A0068432.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP640\A0068433.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP640\A0068434.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP640\A0068435.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP640\A0068436.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP640\A0068437.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP640\A0068438.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP640\A0068439.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.q
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP640\A0068440.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP640\A0068441.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP646\A0069352.exe Infected: not-a-virus:AdWare.Win32.Gator.n
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP646\A0069353.exe Infected: not-a-virus:AdWare.Win32.GAINNetwork.b
C:\System Volume Information\_restore{E7D7A82E-A1C4-4A38-8B5D-69BE2FD27968}\RP646\A0069395.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\WINDOWS\Windows Update Setup Files\searchbarsetup.exe/WISE0038.BIN Infected: not-a-virus:AdWare.Win32.AmBar.2159
C:\WINDOWS\Windows Update Setup Files\searchbarsetup.exe Infected: not-a-virus:AdWare.Win32.AmBar.2159

Scan process completed.

[tetonbob]

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any):

R3 - Default URLSearchHook is missing

---------------------------------------------------------------------------------------------

Delete this file:

C:\WINDOWS\Windows Update Setup Files\searchbarsetup.exe

If it resists, boot to safe mode and delete it from there.

The other Kaspersky finds are in System Restore points, which we will address shortly.

Other than that, your logs appear clean. We have some final housekeeping to do.


Reset hidden/system files and folders

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide file extensions for known types option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Create a new System Restore point

• click Start >> Run - type SYSDM.CPL & press Enter
• select the System Restore Tab
• tick on the checkbox - "Turn off System Restore on all drives"
• click Apply
• then untick the same checkbox & click OK

Please ensure that you have already patched your system against the recent WMF exploit.
Go to this page to get the KB912919 patch.

Enable Windows Auto Update

• Go to Start>Run - type wuaucpl.cpl
• tick on the checkbox - "Keep my computer up to date"
• Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
• Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• SpywareGuard to catch and block spyware before it can execute.
  
• SPYBOT - SEARCH & DESTROY
  Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  
• AD-AWARE
  Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
  
• IE-SPYAD
  IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Download IE-SpyAD - Extract the contents to a new folder
    From within the folder, double-click install.bat
    Select Option #2 - Install the new IE-SPYAD list.
    Then return to the main menu.
    Select option #4 - Add the old porn sites domain
  
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  
  
  
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  
  See this link for a listing of some online antivirus scanners:
  
  Anti-Spyware Tutorial
  
  Here are two very good free Antivirus products which are available:
  
• Avast!
  
  
• AVG
  
  
• Winpatrol - Download and install the free version of Winpatrol.
  A tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software

If you do not have a firewall, here are 4 free ones available for personal use:

• ZoneAlarm
• Avast Antivirus/Firewall
• Tiny Personal Firewall
• OutPost Firewall

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• THE ANTI-SPYWARE TUTORIAL
• MAKING INTERNET EXPLORER SAFER

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Any more issues? If not you should be good to go.

Please respond to this thread one more time so we can mark this thread as resolved.

[jagzee]

Thanks very much for your help Bob, very much appreciated