Viruses gone, but having trouble with some programs and processes such as Outlook Express and Windows Update. Uninstalled Ad-Aware 6 and installed Ad-Aware SE. Here is the ad-aware log followed by latest HijackThis log. ArchiveData(auto-quarantine- 2006-10-01 14-23-58.bckp) Referencefile : SE1R47 24.05.2005 ====================================================== ISTBAR.DOTCOMTOOLBAR »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[0]=Regkey : interface\{9388907f-82f5-434d-a941-bb802c6dd7c1} ISTBAR »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[1]=Regkey : typelib\{8c752c5e-3c10-4076-af0a-ffc69fa20d1b} obj[38]=Regkey : aspfile\persistenthandler obj[39]=Regkey : software\microsoft\downloadmanager MPGCOM TOOLBAR »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[2]=Regkey : clsid\{39c0d1ad-078d-47bf-aecd-3cd8151d902f} obj[3]=Regkey : iempg.iempgobj obj[4]=Regkey : iempg.iempgobj.1 obj[5]=Regkey : interface\{ffffffff-ffff-ffff-ffff-5f8507c5f4e8} obj[6]=Regkey : typelib\{7280873c-bdf4-429d-a320-f69eeedd8e6d} obj[7]=Regkey : typelib\{ffffffff-ffff-ffff-ffff-5f8507c5f4e7} obj[40]=File : C:\WINDOWS\fonts\iempg.dat obj[41]=File : C:\WINDOWS\fonts\mpgcom.ins ALEXA »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[8]=RegValue : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" obj[9]=RegValue : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" obj[10]=RegValue : S-1-5-21-1801674531-1788223648-725345543-1004\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" TRACKING COOKIE »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[11]=IECache Entry : Cookie:wes@advertising.com/ obj[12]=IECache Entry : Cookie:wes@media.fastclick.net/ obj[13]=IECache Entry : Cookie:wes@mediaplex.com/ obj[14]=IECache Entry : Cookie:wes@overture.com/ obj[15]=IECache Entry : Cookie:wes@atdmt.com/ obj[16]=IECache Entry : Cookie:wes@questionmarket.com/ obj[17]=IECache Entry : Cookie:wes@imrworldwide.com/cgi-bin obj[18]=IECache Entry : Cookie:wes@fastclick.net/ obj[19]=IECache Entry : Cookie:wes@2o7.net/ obj[20]=IECache Entry : Cookie:wes@hitbox.com/ obj[21]=IECache Entry : Cookie:wes@adserver1.teracent.net/ obj[22]=IECache Entry : Cookie:wes@bluestreak.com/ obj[23]=IECache Entry : Cookie:wes@doubleclick.net/ obj[24]=IECache Entry : Cookie:wes@ehg-idgentertainment.hitbox.com/ obj[25]=IECache Entry : Cookie:wes@excite.com/ obj[26]=IECache Entry : Cookie:wes@adrevolver.com/ obj[27]=IECache Entry : Cookie:wes@www1.addfreestats.com/cgi-bin obj[28]=IECache Entry : Cookie:wes@ehg-globalgamingleague.hitbox.com/ obj[29]=IECache Entry : Cookie:wes@tribalfusion.com/ obj[30]=IECache Entry : Cookie:wes@media.adrevolver.com/adrevolver/ obj[31]=IECache Entry : Cookie:wes@bfast.com/ obj[32]=IECache Entry : Cookie:wes@statcounter.com/ obj[33]=IECache Entry : Cookie:wes@engage.everyone.net/ obj[34]=IECache Entry : Cookie:wes@casalemedia.com/ obj[35]=IECache Entry : Cookie:wes@ads.addynamix.com/ obj[36]=IECache Entry : Cookie:wes@ads.pointroll.com/ POSSIBLE BROWSER HIJACK ATTEMPT »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[37]=File : C:\Documents and Settings\wes\Favorites\Entertainment\GameHouse Games.url Logfile of HijackThis v1.99.1 Scan saved at 2:29:37 PM, on 10/1/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\NILaunch.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\KASPER~1\KASPER~2\KASPER~3\OESpamTest.ExE C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\PROGRA~1\AIM\aim.exe C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe C:\Program Files\NuvaTime\NuvaTime(tm).exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WgaTray.exe C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HjT\HijackThis_v1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~2\KASPER~3\OESpamTest.ExE O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\ItBill\itbill.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NuvaTime(tm).lnk = C:\Program Files\NuvaTime\NuvaTime(tm).exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.42/WinSSWebAgent.CA B O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/? LinkID=39204 O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client /muweb_site.cab?1159561026014 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4856/mcfscan.ca b O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
Go here and run ActiveScan. When it finishes, save the results. Note: when you see the HijackThis log in NotePad, click Format and make sure Word Wrap is checked. Post the ActiveScan log along with a new HijackThis log.
Here are the activescan and hijack logs (p.s. Notepad word wrap is on): Incident Status Location Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\wes\Cookies\wes@advertising[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\wes\Cookies\wes@atdmt[2].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\wes\Cookies\wes@burstnet[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\wes\Cookies\wes@doubleclick[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\wes\Cookies\wes@mediaplex[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\wes\Cookies\wes@questionmarket[1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\wes\Cookies\wes@realmedia[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\wes\Cookies\wes@tribalfusion[2].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\wes\Desktop\SmitfraudFix\SmitfraudFix\Process.exe Virus:Eicar.Mod Not disinfected C:\KAV\Personal\CD English\data1.cab[eicar.html] Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\p2pnetworks\mpp2pl.exe Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\p2pnetworks\p2pnetworks.exe Logfile of HijackThis v1.99.1 Scan saved at 8:55:09 PM, on 10/2/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\NILaunch.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\KASPER~1\KASPER~2\KASPER~3\OESpamTest.ExE C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\PROGRA~1\AIM\aim.exe C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe C:\Program Files\NuvaTime\NuvaTime(tm).exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WgaTray.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HjT\HijackThis_v1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~2\KASPER~3\OESpamTest.ExE O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\ItBill\itbill.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NuvaTime(tm).lnk = C:\Program Files\NuvaTime\NuvaTime(tm).exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.42/WinSSWebAgent.CA B O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/? LinkID=39204 O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client /muweb_site.cab?1159561026014 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4856/mcfscan.ca b O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
Uninstall P2PNetworks unless needed. Some consider it adware. Go here and download [bold]CCleaner[/bold]. [bold]Note[/bold]: If you do not want Yahoo! Toolbar uncheck the option when installing. Close all windows. Open CCleaner. Click "Run Cleaner". Should be clean now. Any problems?
It seems my computer is officially clean. However, it didn't help with the problems I am having post-virus. That is, problems using Microsoft products such as Outlook Express, Windows Update, and Excel. I am trying to get help from them. Thanks for all your help!!!
I figured out how to download and reinstall Windows XP Service Pack 2 without using Windows Update. This successfully fixed all my problems!
