Forget the last post. I've done the updates. Here are the logs.
The Trendmicro Scan cleaned everything it picked up.
Panda Active Scan:
Incident Status Location
Adware:adware/gator No disinfected C:\Documents and Settings\Ben Davies\Local Settings\Temp\bundle.inf
Adware:adware/iedriver No disinfected C:\WINDOWS\SYSTEM32\terabyte.exe
Adware:adware/savenow No disinfected Windows Registry
Adware:Adware/MediaBack No disinfected C:\Program Files\HJT\backups\backup-20050922-162706-720.dll
Adware:Adware/IEDriver No disinfected C:\WINDOWS\system32\amstream.exe
Virus:Trj/Qukart.G Disinfected C:\WINDOWS\system32\Bcflfa32.dll
Virus:Trj/Zapchast.D Disinfected C:\WINDOWS\system32\c.bat
Virus:Trj/Qukart.G Disinfected C:\WINDOWS\system32\Cgogjm32.dll
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G5IRCTYF\casino-ico[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G5IRCTYF\dating[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G5IRCTYF\drugs[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTYRKLIV\dating-ico[1].bmp
Virus:Trj/Multidropper.KH Disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UF897VG9\all_files10[1].exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UF897VG9\drugs-ico[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UF897VG9\fav-ico[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UF897VG9\fav[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UF897VG9\virus[2].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WDUZCXQB\casino[1].bmp
Adware:Adware/Sqwire No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WDUZCXQB\tsupdate[1].ini
Virus:Trj/Qukart.G Disinfected C:\WINDOWS\system32\Ebgekgij.dll
Adware:Adware/IEDriver No disinfected C:\WINDOWS\system32\iehost34.exe
Adware:Adware/MediaBack No disinfected C:\WINDOWS\system32\mimecore.dll
Adware:Adware/IEDriver No disinfected C:\WINDOWS\system32\pinstaller.exe
Adware:Adware/IEDriver No disinfected C:\WINDOWS\system32\terabyte.exe
Adware:Adware/IEDriver No disinfected C:\WINDOWS\system32\unwise56.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 12:52:55, 25/09/2005
+ Report-Checksum: F0E56BA5
+ Scan result:
:mozilla.69:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.Googleadservices : Ignored
:mozilla.70:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.Googleadservices : Ignored
:mozilla.71:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.Googleadservices : Ignored
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
HKU\S-1-5-21-1316815812-1565260261-2965699071-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{120E090D-9136-4B78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\phmsgs9j.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\phmsgs9j.Default User\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\phmsgs9j.Default User\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\phmsgs9j.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\phmsgs9j.Default User\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wfk4ghd5wbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wfk4onajgkq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wfkiamd5obo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wfkighcjilq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wfkikkdjgdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wfkiwocpcgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wfkocgd5iko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wfkoepajehp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wfkychcpefo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wflokldjseo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wflooncjigp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wfmichcjwgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wfmichdpggq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wfmiqpczwap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wfmiugczifp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wfmykndzalo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wgkyaocpclo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wgkycoajcgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wjk4cod5odp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wjk4emczmgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wjkosldpshq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wjl4gpcpoao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wjl4shdzibp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wjlikhdjseo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wjlookczskp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wjloqgajiep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wjlougdjekp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wjlycjdzolo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wjmisicpsbq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wjmiumdjmko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wjmiwpczkcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wjmygkcpwdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wjmysgd5wbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben
davies@e-2dj6wjnyond5wlo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@mysearch[1].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
C:\Documents and Settings\Ben Davies\Local Settings\Temp\Cookies\ben
davies@e-2dj6wfkigidpcho.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Local Settings\Temp\Cookies\ben
davies@e-2dj6wfkoahc5iap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Local Settings\Temp\Cookies\ben
davies@e-2dj6wfkoojdjchp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Local Settings\Temp\Cookies\ben
davies@e-2dj6wfkyopajwao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Local Settings\Temp\Cookies\ben
davies@e-2dj6wflokld5kkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Local Settings\Temp\Cookies\ben
davies@e-2dj6wjk4kkdjmcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Local Settings\Temp\Cookies\ben
davies@e-2dj6wjkoohcpieq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Program Files\HJT\backups\backup-20050922-162706-720.dll -> Spyware.MediaBack : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6DFBDCB2-6DC7-4D81-A513-B0B16D\407A3453-F9E7-4985-80E2-4FF97A -> Spyware.MyWay : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\system32\amstream.exe -> Spyware.AdSrve : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WDUZCXQB\clicks[1].dll -> Adware.MidADle : Cleaned with backup
C:\WINDOWS\system32\iehost34.exe -> Spyware.AdSrve : Cleaned with backup
C:\WINDOWS\system32\mimecore.dll -> Spyware.MediaBack : Cleaned with backup
C:\WINDOWS\system32\pinstaller.exe -> Trojan.KillApp.f : Cleaned with backup
C:\WINDOWS\system32\terabyte.exe -> Spyware.AdSrve : Cleaned with backup
C:\WINDOWS\system32\unwise56.exe -> Spyware.AdSrve : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 12:57:35, on 25/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\sony\keyboard closure setup\KSWServ.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\sony\Giga Pocket\ReserveModule.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\sony\giga pocket\gps.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.club-vaio.sony-europe.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ISP] C:\Program Files\sony\ISPselector\ISPselector.exe /SCHEDULER
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LL0sX] C:\windows\temp\LL0sX.exe
O4 - HKLM\..\Run: [NcQVxaCCa] C:\WINDOWS\liirf.exe
O4 - HKLM\..\Run: [NcQVxaCCaüžigÃ