Thank you Corrine!!! This took me awhile following step by step instructions I can only imagine the time you have spent to create them. Here the the many and varied logs.
Original HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 5:37:24 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\winlogon.exe
O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINDOWS\system\ctldlg32.dll (file missing)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20001\winlogon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20001\winlogon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Remote Procedure Call (RPC) Helper (%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\d3ex.exe (file missing)
Contents of the C:\smitfiles.txt log
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Tue 01/03/2006
The current time is: 18:20:04.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003
Craig.Peacock@beyondlogic.org
Killing PID 748 'explorer.exe'
Killing PID 748 'explorer.exe'
Starting registry repairs
Deleting files
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
Ewido Log
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 7:21:01 PM, 1/3/2006
+ Report-Checksum: 32D54A47
+ Scan result:
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\SearchHelp.DLL -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1EA0CE66-D6D5-2CEB-D734-97906011F9A8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{36A41F9E-B433-C078-89AE-486D2624C972} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{551764CC-ABCF-335C-76F6-62283B478A0F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7DFA112F-21B6-72CE-A5DE-09FEAF22C151} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7E2B347A-52AA-597F-9371-80822A8D1263} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{966FA744-197F-E95E-EB31-73BE39619DE2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B33C5B98-F4B9-B550-C81A-4EE9720874BF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CC6B2B65-2D60-CC2D-B4A6-7C0945964771} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DD25AEF3-3DC7-625D-F3C6-DE10B7C6BF82} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DF74F87A-B7C0-F480-1D25-D81A257B3152} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E5E59618-FEBB-174D-3A09-E2EF1B2CDA17} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FC955BB2-DAA2-E394-1DD3-E8A207B823A6} -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E318D698-27B3-44D5-8998-C35EAFB9C034} -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Classes\WinTaskAdX.Installer -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WinTaskAdX.Installer\CLSID -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\ClickSpring -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\MemoryWatcher -> Spyware.MemoryWatcher : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\70tovmto -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\midADdle -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\WildMedia -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\WildMedia\LicenseStores -> Spyware.MidAddle : Cleaned with backup
HKU\S-1-5-21-1645522239-1409082233-1801674531-1003\Software\Bundles -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-1645522239-1409082233-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1645522239-1409082233-1801674531-1003\Software\SerG -> Spyware.EZ-Finder : Cleaned with backup
C:\Documents and Settings\Barney\Application Data\cdac.exe -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\Barney\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-22395e63-3c7dc423.class -> Trojan.Nocheat : Cleaned with backup
C:\Documents and Settings\Barney\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ok.class-26e95bb1-38689955.class -> Trojan.Nocheat : Cleaned with backup
C:\Documents and Settings\Barney\Cookies\barney@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Barney\Cookies\barney@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Barney\Cookies\barney@adtech[1].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Barney\Cookies\barney@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Barney\Cookies\barney@highbeam.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Barney\Cookies\barney@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Barney\Cookies\barney@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Barney\Cookies\barney@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Barney\Cookies\barney@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Barney\Cookies\barney@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\ezStub.exe -> Adware.eZula : Cleaned with backup
C:\Program Files\STC\bundles.exe -> Trojan.SecondThought.al : Cleaned with backup
C:\Program Files\STC\bundles53.exe -> Trojan.SecondThought.bg : Cleaned with backup
C:\Program Files\Windows ServeAd\WinServAd.exe -> Spyware.WinAD : Cleaned with backup
C:\SEPinst.exe -> Trojan.Septic.a : Cleaned with backup
C:\WINDOWS\70tovmto.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\bundles\bs5-vwqouc.exe -> Spyware.BookedSpace.c : Cleaned with backup
C:\WINDOWS\bxxs5.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cxtpls_loader.exe -> Spyware.AproposMedia : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\webdlg32.dll -> Spyware.SBSoft : Cleaned with backup
C:\WINDOWS\inet20001\3.00.12.dll -> Spyware.Ihbo : Cleaned with backup
C:\WINDOWS\inet20001\3.00.13.dll -> Spyware.Ihbo : Cleaned with backup
C:\WINDOWS\inet20001\alg.exe.bak -> Worm.Delf.i : Cleaned with backup
C:\WINDOWS\inet20001\mm4.exe -> Proxy.Delf.an : Cleaned with backup
C:\WINDOWS\inet20001\mm4.exe.bak -> Proxy.Delf.an : Cleaned with backup
C:\WINDOWS\inet20001\services.exe -> Downloader.CWS.r : Cleaned with backup
C:\WINDOWS\Oknoaqux.dll -> Spyware.SearchBand : Cleaned with backup
C:\WINDOWS\system32\2b3fsk0h.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\2ndsrch.dll -> Trojan.SecondThought.ag : Cleaned with backup
C:\WINDOWS\system32\449166.exe -> Spyware.Beginto.a : Cleaned with backup
C:\WINDOWS\system32\70tovmto.ini -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\abetterinternet.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\bln02nqv.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\exdl1.exe -> Adware.eXact : Cleaned with backup
C:\WINDOWS\system32\gah95on6.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\IdleUI.dll -> Logger.Idly.c : Cleaned with backup
C:\WINDOWS\system32\kernels64.exe -> Downloader.Tibs.ai : Cleaned with backup
C:\WINDOWS\system32\lsp.dll_tobedeleted -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\maxd64.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\system32\newdevin.exe -> Spyware.BookedSpace.c : Cleaned with backup
C:\WINDOWS\system32\SahAgent.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\SuiteInstall.exe -> Downloader.NSIS.Gen : Cleaned with backup
C:\WINDOWS\WildApp.dll -> Spyware.MetaDirect : Cleaned with backup
K:\Program Files\Altnet\Download Manager\asm.exe -> Spyware.Altnet : Cleaned with backup
K:\Program Files\Altnet\Download Manager\asmps.dll -> Spyware.Altnet : Cleaned with backup
::Report End
Second HijackThis log
Logfile of HijackThis v1.99.1
Scan saved at 8:07:18 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\winlogon.exe
O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINDOWS\system\ctldlg32.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20001\winlogon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20001\winlogon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Remote Procedure Call (RPC) Helper (%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\d3ex.exe (file missing)
Again huge thanks, I will let you know if I have been sucessful.