desktop background hijacked

lanstylez · Oct 11, 2005

hi, sorry if this has been posted before. I'm definitely no guruMy desktop is blue with a giant message in the middle saying "WINDOWS ERROR", with some text beneath it. ran spybot and adaware, they found some problems but this one persists. This computer is my family's and it looks like someone has been getting into some junk and inadvertantly allowing a ton of junk onto this computer. It's extremely messy and not well protected at all. Does not even have windows updates installed. I'll post the Hijackthis log.
Any help at all would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 8:15:06 PM, on 23/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://unimax.us/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://unimax.us/clickpps.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://unimax.us/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://unimax.us/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://unimax.us/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://unimax.us/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://unimax.us/clickpps.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://unimax.us/clickpps.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://unimax.us/clickpps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://unimax.us/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://unimax.us/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://unimax.us/clickpps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://unimax.us/clickpps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://unimax.us/clickpps.php
R3 - URLSearchHook: (no name) - _{20929603-21DB-477C-BA6F-0B8E70B3C8A0} - (no file)
O1 - Hosts: auto.search.msn.com 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - http://advnt01.com/dialer/int_ver30.CAB
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

sUBs · Oct 11, 2005

Hello and Welcome to TSF!

Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.

You do not appear to have an anti-virus application installed on this machine. Let's start off by getting you a free but yet effective antivirus program. Please choose one from any of these 3 programs which are free for home use:

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Please download these additional files/programs. Do not run them unless instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

smitRem.exe - extract it to it's own folder.

KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)

CleanUp!.exe - Install

Ewido Security Suite

Install Ewido Security Suite
When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

On the left hand side of the main screen click update.
Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING

This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.

If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Select all the filenames below & then right-click & select Copy

C:\WINDOWS\System32\syst1.exe
C:\WINDOWS\System32\syst2.exe
C:\WINDOWS\System32\syst3.exe
C:\WINDOWS\System32\cidft.dll
C:\WINDOWS\System32\cidpoq32.dll
C:\WINDOWS\System32\gupd.dll
C:\WINDOWS\System32\hst32.dll
C:\WINDOWS\System32\icnfe.dll
C:\WINDOWS\System32\icqrt.dll
C:\WINDOWS\System32\icvbr.dll
C:\WINDOWS\System32\sdfup.dll
C:\WINDOWS\System32\thun.dll
C:\WINDOWS\System32\wcnl32.dll
C:\WINDOWS\System32\wecxg32.dll
C:\WINDOWS\System32\wirl.dll
C:\WINDOWS\System32\xcwer32.dll
C:\WINDOWS\System32\zxmsn.dll

Launch KillBox.exe & select the following options:

delete on Reboot

* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Next, reboot your computer in SafeMode :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

CLOSE ALL OTHER PROGRAMS & ALL OPENED WINDOWS

Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://unimax.us/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://unimax.us/clickpps.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://unimax.us/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://unimax.us/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://unimax.us/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://unimax.us/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://unimax.us/clickpps.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://unimax.us/clickpps.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://unimax.us/clickpps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://unimax.us/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://unimax.us/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://unimax.us/clickpps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://unimax.us/clickpps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://unimax.us/clickpps.php
R3 - URLSearchHook: (no name) - _{20929603-21DB-477C-BA6F-0B8E70B3C8A0} - (no file)
O1 - Hosts: auto.search.msn.com 127.0.0.1
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - http://advnt01.com/dialer/int_ver30.CAB
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:

Delete Newsgroup cache
[*]Delete Newsgroup Subscriptions
[*]Scan local drives for temporary files

4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Run Ewido with it's updated definitions

...it's important that all windows must be closed)

Click Scanner
Click Complete System Scan to begin scanning.
Click OK when prompted to clean files

With the first file it prompts to clean, select the option:

"Perform action on all infections"
.Choose clean and click OK.

Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Next go to Control Panel click Display>Desktop>Customize Desktop>Website>Uncheck "Security Info" if present.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

REBOOT TO NORMAL MODE

Perform an online scan with Internet Explorer with Panda ActiveScan

Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Click Scan Now
Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.
Click on see report. Then click Save report

Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

In your next post, please include fresh copies of:

HiJackThis log
[*] Online scan
[*] Smitfiles.txt
[*] Ewido's log

Let us know if any problems persist.

lanstylez · Oct 12, 2005

Desktop Hijack Update

Thanks for your help sUBs. I followed your instructions to the letter and I can now have control of the desktop background again. However, one thing that didn't work is smitRem. I ran the app but when it was scanning through the files they were all saying "error file not found". The end result was it didn't create any log file. Did I miss something simple or is there another problem?

Anyway Here's the HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:49:55 PM, on 24/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & De
stroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Here's the Ewido scan report:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:08:44 PM, 24/10/2005
+ Report-Checksum: 5B6CEDFA

+ Scan result:

C:\HiJackThis\backups\backup-20051024-202237-964.dll -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWAS5LP_0001_0811NetInstaller.exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
C:\WINDOWS\q1188781.dll -> TrojanDownloader.Delf.wp : Cleaned with backup
C:\WINDOWS\system32\Axtucn.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\ca2.dll -> Spyware.SearchIt : Cleaned with backup
C:\WINDOWS\system32\drivers\df_kmd.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup
C:\WINDOWS\system32\dun.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\tmp.exe -> TrojanDownloader.Delf.uj : Cleaned with backup
:mozilla.8:E:\Documents and Settings\Guest\Application Data\Phoenix\Profiles\default\7j9vuq7g.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.13:E:\Documents and Settings\Guest\Application Data\Phoenix\Profiles\default\7j9vuq7g.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.19:E:\Documents and Settings\Guest\Application Data\Phoenix\Profiles\default\7j9vuq7g.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.20:E:\Documents and Settings\Guest\Application Data\Phoenix\Profiles\default\7j9vuq7g.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.23:E:\Documents and Settings\Guest\Application Data\Phoenix\Profiles\default\7j9vuq7g.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.24:E:\Documents and Settings\Guest\Application Data\Phoenix\Profiles\default\7j9vuq7g.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.26:E:\Documents and Settings\Guest\Application Data\Phoenix\Profiles\default\7j9vuq7g.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.27:E:\Documents and Settings\Guest\Application Data\Phoenix\Profiles\default\7j9vuq7g.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.28:E:\Documents and Settings\Guest\Application Data\Phoenix\Profiles\default\7j9vuq7g.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.29:E:\Documents and Settings\Guest\Application Data\Phoenix\Profiles\default\7j9vuq7g.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.30:E:\Documents and Settings\Guest\Application Data\Phoenix\Profiles\default\7j9vuq7g.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.31:E:\Documents and Settings\Guest\Application Data\Phoenix\Profiles\default\7j9vuq7g.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.32:E:\Documents and Settings\Guest\Application Data\Phoenix\Profiles\default\7j9vuq7g.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.33:E:\Documents and Settings\Guest\Application Data\Phoenix\Profiles\default\7j9vuq7g.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:E:\Documents and Settings\Guest\Application Data\Phoenix\Profiles\default\7j9vuq7g.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.35:E:\Documents and Settings\Guest\Application Data\Phoenix\Profiles\default\7j9vuq7g.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
E:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
E:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
E:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> Spyware.Cookie.Lop : Cleaned with backup
:mozilla.6:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.35:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.36:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.37:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.38:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.102:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.103:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.108:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.109:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.120:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.121:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.122:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.123:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.124:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.125:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.134:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.135:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.136:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.137:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.151:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.163:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.164:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.183:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\default\5lat6g81.slt\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.6:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.7:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.8:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.11:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.12:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.13:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.14:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.15:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.19:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.20:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.21:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.22:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.23:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.24:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.25:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.31:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.47:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.60:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.92:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.93:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.97:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.115:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.116:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.117:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.118:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.119:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.130:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.131:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.133:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.134:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.135:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.163:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.169:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.170:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.171:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.178:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.179:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.180:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.181:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.182:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.183:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.184:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.185:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.186:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.187:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.188:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.189:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.190:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.191:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.192:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.193:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.195:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.196:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.197:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.198:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.202:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.209:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.210:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.211:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.212:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.214:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.215:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.216:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.228:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.229:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.230:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.250:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.262:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.266:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.267:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.268:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.285:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.286:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.289:E:\Documents and Settings\Jude\Application Data\Phoenix\Profiles\peter1\7ho4pnol.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
E:\Documents and Settings\Jude\Cookies\[email protected][2].txt -> Spyware.Cookie.66.220.17.154 : Cleaned with backup
E:\Documents and Settings\Jude\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
E:\Documents and Settings\Jude\Cookies\[email protected][1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
E:\Documents and Settings\Jude\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
E:\Documents and Settings\Jude\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
E:\Documents and Settings\Jude\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
E:\Documents and Settings\Jude\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
E:\Documents and Settings\Jude\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
E:\Documents and Settings\Jude\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
E:\Documents and Settings\Jude\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
E:\Documents and Settings\Jude\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
E:\Documents and Settings\Jude\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
E:\Documents and Settings\Jude\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
E:\Documents and Settings\Jude\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
E:\Documents and Settings\Jude\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
E:\Documents and Settings\Jude\My Documents\My Received Files\Messenger Plus! - Setup.exe/Sponsor.exe -> TrojanDownloader.Swizzor.bt : Cleaned with backup
:mozilla.8:E:\Documents and Settings\Jude5\Application Data\Phoenix\Profiles\default\klt165lu.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.17:E:\Documents and Settings\Jude5\Application Data\Phoenix\Profiles\default\klt165lu.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.18:E:\Documents and Settings\Jude5\Application Data\Phoenix\Profiles\default\klt165lu.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.19:E:\Documents and Settings\Jude5\Application Data\Phoenix\Profiles\default\klt165lu.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.20:E:\Documents and Settings\Jude5\Application Data\Phoenix\Profiles\default\klt165lu.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.27:E:\Documents and Settings\Jude5\Application Data\Phoenix\Profiles\default\klt165lu.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.30:E:\Documents and Settings\Jude5\Application Data\Phoenix\Profiles\default\klt165lu.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.32:E:\Documents and Settings\Jude5\Application Data\Phoenix\Profiles\default\klt165lu.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
E:\Documents and Settings\Jude5\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
E:\Documents and Settings\Jude5\Local Settings\Temporary Internet Files\Content.IE5\CR0JGVEN\exitpoplight1[1].htm -> Trojan.NoClose.i : Cleaned with backup
E:\Documents and Settings\Peter\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
E:\Documents and Settings\Peter\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
E:\Documents and Settings\Peter\Cookies\[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
E:\Documents and Settings\Peter\Cookies\[email protected][1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
E:\WINDOWS\system32\bcoret.exe/explorer.sys -> Worm.Tzet : Cleaned with backup
E:\WINDOWS\Temp\ClrSch\FNuninstaller.EXE -> Spyware.ClearSearch : Cleaned with backup

::Report End

Here's the Panda Activescan report:

Incident Status Location

Adware:Adware/Searchterror No disinfected C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Desktop.htt
Adware:adware/cws No disinfected C:\Documents and Settings\Admin\Favorites\Forbidden Conversations.url
Possible Virus. No disinfected C:\Games\Legends\Legends.exe
Virus:Trj/Topor.A Disinfected C:\prog.pif
Adware:Adware/eZula No disinfected C:\WINDOWS\system32\ezPopStub.exe
Adware:adware/craft No disinfected C:\WINDOWS\system32\mscnf.dll
Spyware:Spyware/LinkReplacer No disinfected C:\WINDOWS\system32\PreUninstallQL.exe
Virus:W32/Parite.B Disinfected E:\Documents and Settings\Administrator.FENWICK0\Local Settings\Temp\Deltmp.RB0
Adware:Adware/Lop No disinfected E:\Documents and Settings\All Users\Application Data\soft poke platform pop\ante surf.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\All Users\Application Data\soft poke platform pop\Knobbend.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\All Users\Application Data\soft poke platform pop\Style free.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\All Users\Application Data\soft poke platform pop\Trans Close.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\All Users\Application Data\soft poke platform pop\Wavebags.exe
Virus:W32/Parite.B Disinfected E:\Documents and Settings\All Users\Documents\DivXPro505GAINBundle.RB0
Virus:W32/Parite.B Disinfected E:\Documents and Settings\All Users\Documents\klcodec204f.RB0
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Application Data\Beep wave help\ecrfsdas.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Application Data\Beep wave help\jugs manager aim mfcd.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Application Data\Beep wave help\kowtjrvw.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Application Data\Beep wave help\mags stop chin.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Application Data\Beep wave help\nlpubcwn.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Application Data\Beep wave help\roxjbgzn.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Application Data\Beep wave help\SetupTrayDefy.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Application Data\Beep wave help\zmcphxgc.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Local Settings\Temp\85db6305.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Local Settings\Temp\8fb1457a.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Local Settings\Temp\9ab89ae9.exe
Adware:Adware/IPInsight No disinfected E:\Documents and Settings\Jude\Local Settings\Temp\alchem.inf
Adware:Adware/IPInsight No disinfected E:\Documents and Settings\Jude\Local Settings\Temp\alchem.ini
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Local Settings\Temp\bawvdnwz.exe
Spyware:Spyware/BetterInet No disinfected E:\Documents and Settings\Jude\Local Settings\Temp\II247.tmp
Spyware:Spyware/BetterInet No disinfected E:\Documents and Settings\Jude\Local Settings\Temp\II248.tmp
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Local Settings\Temp\Inside Program.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Local Settings\Temp\jbijxqhu.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Local Settings\Temp\jryvpfbk.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Local Settings\Temp\lhppnzdf.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Local Settings\Temp\ppqmqpgf.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Local Settings\Temp\qfsvyqgb.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Local Settings\Temp\sta4ED.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Local Settings\Temp\sta525.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Local Settings\Temp\staC3.exe
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Local Settings\Temp\staC5.exe
Adware:Adware/Twain-Tech No disinfected E:\Documents and Settings\Jude\Local Settings\Temp\twaintec.inf
Adware:Adware/Lop No disinfected E:\Documents and Settings\Jude\Local Settings\Temp\wjmfvarj.exe
Virus:W32/Parite.B Disinfected E:\Documents and Settings\Jude\My Documents\My Received Files\bittorrent-3.2.1.RB0
Virus:W32/Parite.B Disinfected E:\Documents and Settings\Peter\Local Settings\Temp\p2psetup.RB0
Virus:W32/Parite.B Disinfected E:\Downloads\30.82_winxp.RB0
Virus:W32/Parite.B Disinfected E:\Downloads\AcroReader51_ENU_full.RB0
Virus:W32/Parite.B Disinfected E:\Downloads\BIEsetup.RB0
Virus:W32/Parite.B Disinfected E:\Downloads\daemon333.RB0
Virus:W32/Parite.B Disinfected E:\Downloads\DAMN_NFO_Viewer_v2.10.0031.RC3_Setup.RB0
Virus:W32/Parite.B Disinfected E:\Downloads\DivXPro505GAINBundle.RB0
Virus:W32/Parite.B Disinfected E:\Downloads\dk25inst.RB0
Virus:W32/Parite.B Disinfected E:\Downloads\FileZilla_2_2_4f_setup.RB0
Virus:W32/Parite.B Disinfected E:\Downloads\HijackThis.RB0
Virus:W32/Parite.B Disinfected E:\Downloads\kazza.RB0
Virus:W32/Parite.B Disinfected E:\Downloads\klcodec224f.RB0
Virus:W32/Parite.B Disinfected E:\Downloads\kmd.RB0
Virus:W32/Parite.B Disinfected E:\Downloads\SLPhotoBasic.RB0
Virus:W32/Parite.B Disinfected E:\Downloads\spellcraft-full-v1.3f\Spellcraft.RB0
Virus:W32/Parite.B Disinfected E:\Downloads\ts2_client_rc2_2029.RB0
Virus:W32/Parite.B Disinfected E:\Downloads\ventrilo-2.2.0-Windows-i386.RB0
Virus:W32/Parite.B Disinfected E:\Downloads\wace25.RB0
Virus:W32/Parite.B Disinfected E:\Downloads\winamp291_full.RB0
Virus:W32/Parite.B Disinfected E:\Downloads\winamp502_snowpatrol.RB0
Virus:W32/Parite.B Disinfected E:\Downloads\wrar320.RB0
Virus:W32/Parite.B Disinfected E:\MIRC\DOWNLOAD\DefilerPak-1.09.RB0
Virus:W32/Parite.B Disinfected E:\MIRC\DOWNLOAD\Tribes\lizExtra\lizExtraDatetime_date.RB0
Virus:W32/Parite.B Disinfected E:\MIRC\DOWNLOAD\Tribes\lizExtra\lizExtraDatetime_sleep.RB0
Virus:W32/Parite.B Disinfected E:\MIRC\mirc32.RB0
Virus:W32/Parite.B Disinfected E:\MIRC\mlink32.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Batch Image Editor\BatchImageEditor.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\BitTorrent\btdownloadgui.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Common Files\Adobe\ESD\uninst.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Common Files\Microsoft Shared\Artgalry\ARTGALRY.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Common Files\Microsoft Shared\Artgalry\CAG.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Common Files\Microsoft Shared\MSInfo\OFFPROV.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Common Files\Real\Update\rnuninst.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\AUDIO\CTSetup\ctsetup.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\Installation\FireNet\FireNIns.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\Product Registration\English\InetReg.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\AudioHQ\Ahqrun.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\AudioHQ\AHQTbU.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\AudioHQ\AudioHQU.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\Demo\CTSBAXP.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\Demo\data\demoplay.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\Demo\data\eacontrol.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\Demo\data\eaplayer.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\Demo\data\ldemo.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\Diagnostics\CTCplFW.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\MiniDisc\CTMDCen.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\PlayCenter2\CTDBMig.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\PlayCenter2\CTP2Wiz.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\PlayCenter2\CTPlay2.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\PlayCenter2\MDBUtil.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\PlayCenter2\MDEntry.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\Program\ADGJDet.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\Program\CTZAPXX.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\Program\demo32.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\QuickStart\demo32.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\QuickStart\QuickStart.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\Sound Blaster Audigy Manual\English\CTPdfErr.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\Sound Blaster Audigy Manual\English\CTPdflnk.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\SurMix2\SurMix2.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\SBAudigy\WaveStudio\CTWave32.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\ShareDLL\CTNotify.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\ShareDLL\Mediadet.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\Uninstall\CTUninst.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Creative\Uninstall\_ISDel.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\D-Tools\daemon.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Dacris Benchmarks 5.0\BMark.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\DAMN NFO Viewer\DAMN NFO Viewer.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\DAMN NFO Viewer\UnInstall.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\DivX\DivX Pro Codec\config.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\DivX\DivX Pro Codec\DivX EKG.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\FileZilla\filezilla.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\FileZilla\FzSFtp.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\FileZilla\uninstall.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\GameSpy Arcade\ArcadePatch13c_13d.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\GameSpy Arcade\ArcadePatch13d_13e.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\GameSpy Arcade\ArcadePatch13e_13f.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\GlobalSCAPE\CuteFTP\newstub.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\ICQLite\AOD\aod_install.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\ICQLite\ICQLite.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\ICQLite\ICQLiteDBConverter.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\ICQLite\ICQLiteUninstall.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\ICQLite\ICQLRun.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\ICQLite\ICQLSRP.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\ICQLite\Unwise32.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\InstallShield Installation Information\{18DF995F-2ACC-47E4-A33B-A703F4D39E92}\IS6.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Internet Explorer\IE Uninstall\w2kexcp.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Internet Explorer\ie6setup.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Internet Explorer\W2K\expinst.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Java\j2re1.4.1_02\bin\javaw.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Java\j2re1.4.1_02\bin\jpicpl32.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Java\j2re1.4.1_02\bin\keytool.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Java\j2re1.4.1_02\bin\kinit.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Java\j2re1.4.1_02\bin\klist.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Java\j2re1.4.1_02\bin\ktab.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Java\j2re1.4.1_02\bin\orbd.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Java\j2re1.4.1_02\bin\policytool.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Java\j2re1.4.1_02\bin\rmid.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Java\j2re1.4.1_02\bin\rmiregistry.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Java\j2re1.4.1_02\bin\servertool.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Java\j2re1.4.1_02\bin\tnameserv.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Java\j2re1.4.1_02\javaws-1_2_0_02-windows-i586-i.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Java Web Start\helper.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Java Web Start\javaws.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Java Web Start\uninst-javaws.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\K-Lite Codec Pack\3ivxConfig.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\K-Lite Codec Pack\fourcc.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\K-Lite Codec Pack\gspot.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\K-Lite Codec Pack\LSMpgCfg.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\K-Lite Codec Pack\unins000.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Messenger\msmsgs.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Messenger\msmsgsin.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Microsoft Office\Office\GRAPH9.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Microsoft Office\Office\MSOHTMED.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Microsoft Office\Office\OSA9.RB0
Virus:W32/Parite.B Disinfected E:\Program Files\Microsoft Office\Office\POWERPNT.RB0
Adware:Adware/SAHAgent No disinfected E:\WINDOWS\system32\xmltok.dll
Spyware:Spyware/ClearSearch No disinfected E:\WINDOWS\Temp\ClrSch\FNuninstaller.EX_[FNuninstaller.EXe]

End Report.

I think that's everything, hopefully I did what you told me correctly. Any feedback would be appreciated. Thanks very much.

Peter.

sUBs · Oct 12, 2005

Peter,

Do you have a multiple operating systems in your machine? It appears that there's another OS in drive E.
That OS seems to be infected with a different infection. Kindly let me know.

Please delete these files/folders:

C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Desktop.htt
C:\Documents and Settings\Admin\Favorites\Forbidden Conversations.url
C:\WINDOWS\system32\ezPopStub.exe
C:\WINDOWS\system32\mscnf.dll
C:\WINDOWS\system32\PreUninstallQL.exe
E:\WINDOWS\system32\xmltok.dll
E:\Documents and Settings\All Users\Application Data\soft poke platform pop\
E:\Documents and Settings\Jude\Application Data\Beep wave help\
E:\Documents and Settings\Jude\Local Settings\Temp\ >> delete the contents of this folder
E:\WINDOWS\Temp\ >> delete the contents of this folder

Then re-do the Panda scan & post the results & a new HJT log.

lanstylez · Oct 12, 2005

Desktop Hijack Update

Sorry sUBs, I had totally forgotten. Drive E: is a 20gb hard drive with Windows XP Pro, from their old computer which wasn't reformatted before being added to this one. Apparently it had music/movies they couldn't do away with. But I know for a fact they were careless and it was full of spyware. Too many users with full access = bad. I fixed that now though and only I have full access to it. I did what you told me and here are the logfiles.

Logfile of HijackThis v1.99.1
Scan saved at 1:19:58 PM, on 25/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Results for latest Panda Activescan:

Incident Status Location

Adware:adware/spysheriff No disinfected Windows Registry
Possible Virus. No disinfected C:\Games\Legends\Legends.exe
Adware:Adware/eZula No disinfected C:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\Dc5.exe
Spyware:Spyware/LinkReplacer No disinfected C:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\Dc7.exe
Adware:Adware/SAHAgent No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De1.dll
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De1009.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De1011.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De1028.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De1029.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De1030.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De1031.exe
Adware:Adware/Twain-Tech No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De1054.inf
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De1079.exe
Spyware:Spyware/ClearSearch No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De1108\FNuninstaller.EX_[FNuninstaller.EXe]
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De2\ante surf.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De2\Knobbend.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De2\Style free.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De2\Trans Close.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De2\Wavebags.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De3\ecrfsdas.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De3\jugs manager aim mfcd.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De3\kowtjrvw.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De3\mags stop chin.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De3\nlpubcwn.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De3\roxjbgzn.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De3\SetupTrayDefy.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De3\zmcphxgc.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De877.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De878.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De880.exe
Adware:Adware/IPInsight No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De897.inf
Adware:Adware/IPInsight No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De898.ini
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De903.exe
Spyware:Spyware/BetterInet No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De951.tmp
Spyware:Spyware/BetterInet No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De952.tmp
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De961.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De963.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De964.exe
Adware:Adware/Lop No disinfected E:\RECYCLER\S-1-5-21-1651310785-3051322793-1425347200-1005\De968.exe

Thanks,

Peter

sUBs · Oct 12, 2005

Do they intend to keep using the OS in Drive E? If so, boot up into that OS afterwards & give me a HJT log from there.

From the current OS, delete the entire content of this folder - E:\RECYCLER\

Empty the recycle Bin of this current OS

This entry may be fixed using Adaware to do a deep scan of the Registry.

Adware:adware/spysheriff No disinfected Windows Registry

Other than that, this OS is clean.

lanstylez · Oct 12, 2005

I can't find a folder in E drive named RECYCLER. I did the other stuff, I'll load up the other OS and give ya a HJT from there.

lanstylez · Oct 14, 2005

sUBs, I'm having trouble booting up the other OS that's on E:. When I boot up with F8 it doesn't show the alternate. Do I have to physically set the other hard drive to be primary or is there a way I can do so without it (Sorry, still learning this stuff). Thanks

Peter

sUBs · Oct 15, 2005

You have to configure Bios to boot up from that hard disk.

lanstylez · Oct 16, 2005

Oops, I knew that. Ok I did it and as soon as it begins to load Windows I get an error message and a blue screen. I tried running safe mode instead, same problem. I could probably remove all of their movies/music/pictures and save them on this HD. Then format that entire HD. Is that a viable option?

Thanks,

Peter

sUBs · Oct 16, 2005

LOL..unless they need a multi-boot system, that wouldnt be necessary. Otherwise Microsoft would be demanding twice the money for the extra OS. If it were me, I'll just delete all the directories except the movies/music & 'My Documents'.

Do you require me to post some tips on security before we conclude this thread?

lanstylez · Oct 16, 2005

Yes please, any tips would be greatly appreciated.

sUBs · Oct 16, 2005

Please follow these simple steps in order to keep your computer clean and secure:

CLEAR & RESET SYSTEM RESTORE'S CACHE
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter
- Tick on the checkbox - Turn off System Restore on all drives
- Click Apply
Turn it back 'On' by unticking the same checkbox & click OK
DISABLE THE VIEWING OF SYSTEM FILES
From Windows Explorer, go to Tools>Folder Options> View tab.
- Untick - Show hidden files and folder
- Tick - Hide file extensions for known types
- Tick - Hide protected operating system files
Click Yes to confirm & then click OK
SECURING INTERNET EXPLORER
From within Internet Explorer click on the Tools menu and then click on Internet Options.
- Select the Security tab
  - Click once on the Internet icon so it becomes highlighted.
  - Select Custom Level .
    - Change 'Download signed ActiveX controls' to Prompt
    - Change 'Download unsigned ActiveX controls' to Disable
    - Change 'Initialize and script ActiveX controls not marked as safe' to Disable
    - Change 'Installation of desktop items' to Prompt
    - Change 'Launching programs and files in an IFRAME' to Prompt
    - Change 'Navigate sub-frames across different domains' to Prompt
    - When all these changes have been made, click on the OK button.
  - If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Select OK to exit the Internet Properties page.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
FIREWALL
Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here.
Microsoft Windows Update
Visit windowsupdate.com regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
SPYBOT - SEARCH & DESTROY
Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
AD-AWARE
Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
SPYWAREBLASTER
SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.

Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here
IE-SPYAD
IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. It can be downloaded here - MVPS Hosts file

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.

Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
Weather Watcher - Free taskbar weather program that is free, malware free, and resource light.
Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
Google Toolbar - Get the free google toolbar to help stop pop up windows.
CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.
Winpatrol - Download and install the free version of Winpatrol.
A tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.

desktop background hijacked

lanstylez

Registered

sUBs

TSF Security Team, Emeritus

lanstylez

Registered

sUBs

TSF Security Team, Emeritus

lanstylez

Registered

sUBs

TSF Security Team, Emeritus

lanstylez

Registered

lanstylez

Registered

sUBs

TSF Security Team, Emeritus

lanstylez

Registered

sUBs

TSF Security Team, Emeritus

lanstylez

Registered

sUBs

TSF Security Team, Emeritus