Hi! I have some problems with spyware in this folder. I've ran hijackthis and kapersky and here are the logs. I would appreciate any input. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 932 PM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Ewido Anti-Malware\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Kyle\Desktop\Desktop\Virus Spyware\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Kyle\Desktop\CWShredder.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido Anti-Malware\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe



-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, April 24, 2006 8:53:12 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 25/04/2006
Kaspersky Anti-Virus database records: 189743
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 59618
Number of viruses found: 7
Number of infected objects: 30
Number of suspicious objects: 0
Duration of the scan process: 00:39:38

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0025035.exe Infected: Trojan.Win32.Small.ev skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0025036.exe Infected: Trojan.Win32.Small.ev skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pif:awrpdv:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pif:jcwqxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pifcqgcu:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pif:qxqvbs:$DATA Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pif:rkdldt:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pif:txjvxx:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025813.exe Infected: Trojan-PSW.Win32.Sinowal.k skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026095.exe Infected: Trojan.Win32.Small.ev skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026097.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026098.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026101.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026101.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026101.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026120.dll Infected: Trojan-PSW.Win32.Sinowal.k skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026121.dll Infected: Trojan-PSW.Win32.Sinowal.k skipped
C:\WINDOWS\nattc.dat:fykghk:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\WINDOWS\pss\system.ini.backup:rtyhmy:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\WINDOWS\Soap Bubbles.bmp:zsgusv:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\WINDOWS\system32\oleext.dll Infected: Trojan.Win32.Small.ev skipped
C:\WINDOWS\vb.ini:jdhulq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\WINDOWS\vbaddin.ini:ktrmoi:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\WINDOWS\wiaservc.log:hvilee:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\WINDOWS\winnt.bmp:snvcbx:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\WINDOWS\_default.pif:awrpdv:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\WINDOWS\_default.pif:jcwqxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\WINDOWS\_default.pifcqgcu:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\WINDOWS\_default.pif:rkdldt:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\WINDOWS\_default.pif:txjvxx:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped

Scan process completed.

Welcome to DAL,


Don't worry about those under system restore we will get those as a very last step.


Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.



Now scan with Ewido again and save the log and post it back here please. Thanks.

thanks neal. here's the ewido report:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:14:53 PM, 4/25/2006
+ Report-Checksum: 9B323AD7

+ Scan result:

C:\Documents and Settings\Kyle\Cookies\kyle@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@counter10.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@counter12.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@counter16.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@counter7.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@sexlist[2].txt -> TrackingCookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned with backup


::Report End

Thanks for that,







Please download WebRoot SpySweeper from HERE (It's a 14-day trial):

* Click Download Now to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits
o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply along with a fresh HJT log.

thanks. here they are.

********
6:27 PM: | Start of Session, Wednesday, April 26, 2006 |
6:27 PM: Spy Sweeper started
6:27 PM: Sweep initiated using definitions version 665
6:27 PM: Starting Memory Sweep
6:30 PM: Memory Sweep Complete, Elapsed Time: 00:02:36
6:30 PM: Starting Registry Sweep
6:30 PM: Found Adware: security2k hijacker
6:30 PM: HKLM\software\microsoft\windows\currentversion\exp lorer\browser helper objecta\ (ID = 735573)
6:30 PM: Found Trojan Horse: trojan-downloader-zlob
6:30 PM: HKLM\software\microsoft\windows\currentversion\pol icies\explorer\run\ || wininet.dll (ID = 797671)
6:30 PM: Registry Sweep Complete, Elapsed Time:00:00:08
6:30 PM: Starting Cookie Sweep
6:30 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:30 PM: Starting File Sweep
6:32 PM: Found Adware: cws_tiny0
6:32 PM: system.ini.backup:rtyhmy (ID = 56997)
6:33 PM: dc929.ini:jdhulq (ID = 57116)
6:36 PM: dc931.bmp:snvcbx (ID = 56997)
6:36 PM: dc930.ini:ktrmoi (ID = 57116)
6:39 PM: dc924.bmp:zsgusv (ID = 56997)
6:40 PM: _default.pifcqgcu (ID = 56997)
6:41 PM: a0025812.pif:txjvxx (ID = 57116)
6:42 PM: dc925.dat:fykghk (ID = 56997)
6:42 PM: Found Adware: psguard\winhound fakealert
6:42 PM: a0026095.exe (ID = 280102)
6:43 PM: wiaservc.log:hvilee (ID = 57116)
6:43 PM: _default.pif:awrpdv (ID = 56997)
6:45 PM: a0025036.exe (ID = 281463)
6:48 PM: _default.pif:txjvxx (ID = 57116)
6:49 PM: a0025812.pif:rkdldt (ID = 56997)
6:50 PM: Found Adware: cws-aboutblank
6:50 PM: a0025812.pif:qxqvbs (ID = 54882)
6:55 PM: File Sweep Complete, Elapsed Time: 00:24:41
6:55 PM: Full Sweep has completed. Elapsed time 00:27:34
6:55 PM: Traces Found: 17
7:20 PM: Removal process initiated
7:20 PM: Quarantining All Traces: cws-aboutblank
7:20 PM: Quarantining All Traces: psguard\winhound fakealert
7:20 PM: Quarantining All Traces: security2k hijacker
7:20 PM: Quarantining All Traces: trojan-downloader-zlob
7:20 PM: Quarantining All Traces: cws_tiny0
7:20 PM: Removal process completed. Elapsed time 00:00:21
********
6:25 PM: | Start of Session, Wednesday, April 26, 2006 |
6:25 PM: Spy Sweeper started
6:25 PM: Sweep initiated using definitions version 665
6:25 PM: Starting Memory Sweep
6:25 PM: Sweep Canceled
6:25 PM: Memory Sweep Complete, Elapsed Time: 00:00:09
6:25 PM: Traces Found: 0
6:27 PM: | End of Session, Wednesday, April 26, 2006 |
********
6:24 PM: | Start of Session, Wednesday, April 26, 2006 |
6:24 PM: Spy Sweeper started
6:25 PM: Your spyware definitions have been updated.
6:25 PM: | End of Session, Wednesday, April 26, 2006 |

Logfile of HijackThis v1.99.1
Scan saved at 7:22:33 PM, on 4/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Ewido Anti-Malware\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Documents and Settings\Kyle\Desktop\Desktop\Virus Spyware\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Kyle\Desktop\CWShredder.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido Anti-Malware\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Hi,


Your hijackthis log is clean.


How is your computer behaving now?

My computer runs a little faster but it still lags a bit. I ran Kapersky, Ad-aware and Spy Sweeper. Ad-aware came up clean, Spy Sweeper just had one file and Kapersky had quite a few. Here's there logs with a Hijackthis log as well. THanks.

********
7:17 PM: | Start of Session, Thursday, April 27, 2006 |
7:17 PM: Spy Sweeper started
7:17 PM: Sweep initiated using definitions version 667
7:17 PM: Starting Memory Sweep
7:20 PM: Memory Sweep Complete, Elapsed Time: 00:03:03
7:20 PM: Starting Registry Sweep
7:20 PM: Registry Sweep Complete, Elapsed Time:00:00:09
7:20 PM: Starting Cookie Sweep
7:20 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
7:20 PM: Starting File Sweep
7:22 PM: Found Adware: cws_tiny0
7:22 PM: a0026183.pif:rkdldt (ID = 56997)
7:26 PM: a0026183.pif:txjvxx (ID = 57116)
7:26 PM: a0026184.ini:ktrmoi (ID = 57116)
7:26 PM: a0026185.ini:jdhulq (ID = 57116)
7:33 PM: wiaservc.log:hvilee (ID = 57116)
7:42 PM: File Sweep Complete, Elapsed Time: 0054
7:42 PM: Full Sweep has completed. Elapsed time 00:25:12
7:42 PM: Traces Found: 5
7:54 PM: Removal process initiated
7:54 PM: Quarantining All Traces: cws_tiny0
7:54 PM: Removal process completed. Elapsed time 00:00:06
********
6:27 PM: | Start of Session, Wednesday, April 26, 2006 |
6:27 PM: Spy Sweeper started
6:27 PM: Sweep initiated using definitions version 665
6:27 PM: Starting Memory Sweep
6:30 PM: Memory Sweep Complete, Elapsed Time: 00:02:36
6:30 PM: Starting Registry Sweep
6:30 PM: Found Adware: security2k hijacker
6:30 PM: HKLM\software\microsoft\windows\currentversion\exp lorer\browser helper objecta\ (ID = 735573)
6:30 PM: Found Trojan Horse: trojan-downloader-zlob
6:30 PM: HKLM\software\microsoft\windows\currentversion\pol icies\explorer\run\ || wininet.dll (ID = 797671)
6:30 PM: Registry Sweep Complete, Elapsed Time:00:00:08
6:30 PM: Starting Cookie Sweep
6:30 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:30 PM: Starting File Sweep
6:32 PM: Found Adware: cws_tiny0
6:32 PM: system.ini.backup:rtyhmy (ID = 56997)
6:33 PM: dc929.ini:jdhulq (ID = 57116)
6:36 PM: dc931.bmp:snvcbx (ID = 56997)
6:36 PM: dc930.ini:ktrmoi (ID = 57116)
6:39 PM: dc924.bmp:zsgusv (ID = 56997)
6:40 PM: _default.pifcqgcu (ID = 56997)
6:41 PM: a0025812.pif:txjvxx (ID = 57116)
6:42 PM: dc925.dat:fykghk (ID = 56997)
6:42 PM: Found Adware: psguard\winhound fakealert
6:42 PM: a0026095.exe (ID = 280102)
6:43 PM: wiaservc.log:hvilee (ID = 57116)
6:43 PM: _default.pif:awrpdv (ID = 56997)
6:45 PM: a0025036.exe (ID = 281463)
6:48 PM: _default.pif:txjvxx (ID = 57116)
6:49 PM: a0025812.pif:rkdldt (ID = 56997)
6:50 PM: Found Adware: cws-aboutblank
6:50 PM: a0025812.pif:qxqvbs (ID = 54882)
6:55 PM: File Sweep Complete, Elapsed Time: 00:24:41
6:55 PM: Full Sweep has completed. Elapsed time 00:27:34
6:55 PM: Traces Found: 17
7:20 PM: Removal process initiated
7:20 PM: Quarantining All Traces: cws-aboutblank
7:20 PM: Quarantining All Traces: psguard\winhound fakealert
7:20 PM: Quarantining All Traces: security2k hijacker
7:20 PM: Quarantining All Traces: trojan-downloader-zlob
7:20 PM: Quarantining All Traces: cws_tiny0
7:20 PM: Removal process completed. Elapsed time 00:00:21
7:17 PM: Your spyware definitions have been updated.
7:17 PM: | End of Session, Thursday, April 27, 2006 |
********
6:25 PM: | Start of Session, Wednesday, April 26, 2006 |
6:25 PM: Spy Sweeper started
6:25 PM: Sweep initiated using definitions version 665
6:25 PM: Starting Memory Sweep
6:25 PM: Sweep Canceled
6:25 PM: Memory Sweep Complete, Elapsed Time: 00:00:09
6:25 PM: Traces Found: 0
6:27 PM: | End of Session, Wednesday, April 26, 2006 |
********
6:24 PM: | Start of Session, Wednesday, April 26, 2006 |
6:24 PM: Spy Sweeper started
6:25 PM: Your spyware definitions have been updated.
6:25 PM: | End of Session, Wednesday, April 26, 2006 |

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, April 27, 2006 6:54:00 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 28/04/2006
Kaspersky Anti-Virus database records: 190325
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 61490
Number of viruses found: 6
Number of infected objects: 23
Number of suspicious objects: 0
Duration of the scan process: 00:49:12

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0025035.exe Infected: Trojan.Win32.Small.ev skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pif:awrpdv:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pif:jcwqxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pifcqgcu:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025813.exe Infected: Trojan-PSW.Win32.Sinowal.k skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026097.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026098.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026101.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026101.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026101.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026120.dll Infected: Trojan-PSW.Win32.Sinowal.k skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026121.dll Infected: Trojan-PSW.Win32.Sinowal.k skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026183.pif:awrpdv:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026183.pif:jcwqxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026183.pifcqgcu:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026183.pif:rkdldt:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026183.pif:txjvxx:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026184.ini:ktrmoi:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026185.ini:jdhulq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026189.dll Infected: Trojan.Win32.Small.ev skipped
C:\WINDOWS\wiaservc.log:hvilee:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\WINDOWS\_default.pif:jcwqxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\WINDOWS\_default.pif:rkdldt:$DATA Infected: Trojan.Win32.Agent.bi skipped

Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 8:01:00 PM, on 4/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Ewido Anti-Malware\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kyle\Desktop\Desktop\Virus Spyware\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Kyle\Desktop\CWShredder.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido Anti-Malware\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Hi,


Your Sun Java is way out of date and needs to be updated now as there are infections exploiting that vulnerability on a regular basis.


Updating Java:

* Go to Start > Control Panel double-click on the Software icon > add/remove programs.
* Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
It should have next icon next to it: Looks like a coffee cup
Select it and click Remove.
* Then Download and install the newest version from here:
http://www.java.com/en/download/manual.jsp


Most of that Kaspersky scan results is under system restore and can be flushed as a very last step.



*Click Here to download KillBox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:


C:\WINDOWS\wiaservc.log:hvilee:$DATA
C:\WINDOWS\_default.pif:jcwqxv:$DATA
C:\WINDOWS\_default.pif:rkdldt:$DATA



*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
Let the computer reboot.



www.ccleaner.com/downloadbuilds.asp

To clean your temp folder, recycle bin, etc..please download this free tool:
CCleaner
Don't install any Toolbars, or other programs, should it ask you!Just uncheck the option of installing the Yahoo toolbar.
It will put a shortcut on your Desktop.
Click on CCleaner to start it. Then click "Run Cleaner", just use the windows tab up front by default.

Then Reboot (Exit)


Then tell me how your computer is running now please. Please post a new hijackthis log also just in case. Thanks.

thanks. i think that did it. it runs smooth now. i did another kaspersky scan and my virus software got triggered regarding the system volume folder stuff. That has never happened before so I thought I'd bring that up. Here's the HJT log and the Kasperky log anyhow. Those files that you said to copyclip into that killbox program came back i believe as well. Here is that log first.
-------------------------------------------------------------------------------------------------
Pocket Killbox version 2.0.0.588
Running on Windows XP as Kyle(Administrator)
was started @ Thursday, April 27, 2006, 11:03 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\wiaservc.log:hvilee:$DATA


# 2 [Delete on Reboot]
Path = C:\WINDOWS\_default.pif:jcwqxv:$DATA


# 3 [Delete on Reboot]
Path = C:\WINDOWS\_default.pif:rkdldt:$DATA


Killbox Closed(Exit) @ 11:04:50 PM
----------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:05:46 AM, on 4/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Ewido Anti-Malware\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kyle\Desktop\Desktop\Virus Spyware\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Kyle\Desktop\CWShredder.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido Anti-Malware\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, April 28, 2006 12:00:36 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 28/04/2006
Kaspersky Anti-Virus database records: 190348
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 60455
Number of viruses found: 5
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 00:46:44

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0025035.exe Infected: Trojan.Win32.Small.ev skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pif:awrpdv:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pif:jcwqxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pifcqgcu:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026097.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026098.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026101.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026101.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026101.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026183.pif:awrpdv:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026183.pif:jcwqxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026183.pifcqgcu:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026189.dll Infected: Trojan.Win32.Small.ev skipped
C:\WINDOWS\wiaservc.log:hvilee:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\WINDOWS\_default.pif:jcwqxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\WINDOWS\_default.pif:rkdldt:$DATA Infected: Trojan.Win32.Agent.bi skipped

Scan process completed.