About two days ago, after turning on my laptop I was informed that I had a virus. It said in order for it to be deleted I would need to reboot my computer. Ever since I did that it seems my computer has been running on the slow side. I did a few different virus scans and they came up with nothing. The virus I was orginally informed about was win32/gorman.b. When trying to do research on that specific virus I couldn't find anything. Hope you guys can help, here is my HJT log file:

Logfile of HijackThis v1.99.1
Scan saved at 10:50:52 PM, on 9/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Elantech\Ktp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\AOL\1150342297\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\netmedia.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BitLord\BitLord.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Opera\Opera.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.verizon.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\Ktp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150342297\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSSoft\RSEDNClient.exe
O4 - HKCU\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.goldenram.com/upgradedetect/upgradedetect.cab?3875
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142276066953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142279699390
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://join-test.webex.com/client/T23L/webex/ieatgpc.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40E9F00E-0A5D-4200-B33D-602418545CF8}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2902379-0415-4A2F-A846-9A006678AAEE}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Just giving this a bump!

Hi and welcome...

Please download, update and run (one at a time of course!) Spybot Search & Destroy v1.4 and Ad-aware SE v1.06 . Fix whatever they suggest.

If you would like to learn more about how to use these two programs with the proper settings you can read the tutorials below:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer:

Using Spybot - Search & Destroy to remove Spyware, Malware, & Hijackers from Your Computer.

Anti-trojan
Please download, update and run the A2 (A squared) anti-trojan. Let it fix whatever it wants to.

Anti-virus
Also, run this pc through the...
Panda Online virus scanner
or
Trend Micro Housecall Online virus scanner

Let it delete whatever it finds. If it cannot delete it, then post the log and we will delete it manually.

Post a new HJT log when done.

Alright, I'm working on those scans now. A2 is still running and the Panda Scan (which looks like it may take a while). I'll post the logs here when done.

Ok, everythings done. Adaware found only tracking cookies, spybot found nothing. And here are the logs from A2(found 125 instances and deleted them all), Panda Active Scan (which found 16 spywares, all seem to be tracking cookies) and a fresh HJT log:

a-squared Free - Version 2.0

Scan settings:

Objects: Memory, Traces, Cookies, C:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 9/11/2006 12:46:20 PM

C:\Program Files\ares\ares.exe detected: Trace.File.Ares
Value: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run --> red swoosh edn client detected: Trace.Registry.RedSwoosh
Key: HKEY_CLASSES_ROOT\.vnc detected: Trace.Registry.VNC.CommonComponents
Key: HKEY_LOCAL_MACHINE\software\orl\winvnc3 detected: Trace.Registry.VNC.CommonComponents
Key: HKEY_CLASSES_ROOT\.vnc detected: Trace.Registry.VNC
C:\Documents and Settings\Anthony\Desktop\ares.lnk detected: Trace.File.Ares
C:\Program Files\ares\data\anonproxies.txt.sample detected: Trace.File.Ares
C:\Program Files\ares\data\blocked.txt.sample detected: Trace.File.Ares
C:\Program Files\ares\data\blocked_keywords.txt.sample detected: Trace.File.Ares
C:\Program Files\ares\data\chanlistfilter.txt detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\chat.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\emotic.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\libbig.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\logo.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\mimesmall.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\mshareset.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\player.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\playlistbtns.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\prefs.txt detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\searchpnl.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\searchstars.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\tabsbig.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\tabssmall.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\transfer.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\gui\general\webanim.bmp detected: Trace.File.Ares
C:\Program Files\ares\data\homepage.dat detected: Trace.File.Ares
C:\Program Files\ares\data\p2pfilter.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\arabic.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\chinese_cn.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\chinese_tw.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\czech.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\dutch.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\finland.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\french.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\german.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\italian.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\japanese.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\kurdish.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\kyrgyz.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\polish.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\portugues.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\slovak.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\spanish.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\spanishla.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\swedish.txt detected: Trace.File.Ares
C:\Program Files\ares\lang\turkish.txt detected: Trace.File.Ares
C:\Program Files\ares\tcpip_patcher.sys detected: Trace.File.Ares
C:\Program Files\ares\tcpippatcherdll.dll detected: Trace.File.Ares
C:\Documents and Settings\Anthony\Start Menu\Programs\ares\ares.lnk detected: Trace.File.Ares
Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Height detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Left detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Maximized detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Top detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Width detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Download detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Queue detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Upload detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Data --> AresNet1 detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Data --> JI.AresNet1 detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Download detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Queue detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Upload detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> ChatRoom.ServerPort detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> ChatRoom.ShowJP detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Extra.ShowActiveCaption detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> General.AutoConnect detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> General.AutoStartUp detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> General.LastLibraryMode detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastChatRoomBrowse detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastLibrary detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastPMBrowse detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastSearch detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Network.DHTID detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Personal.GUID detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Privacy.SendRegularPath detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> PrivateMessage.AllowBrowse detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> PrivateMessage.AwayMessage detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Start Menu Folder detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CAvgTime detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CDnSpeed detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CFRTime detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CTtUptime detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CUpSpeed detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.HasLQCa detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.LstCaQuery detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.LstCaQueryInt detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Transfer.MaximizeUpBandOnIdle detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Transfer.ServerPort detected: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> DisplayName detected: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> DisplayVersion detected: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> Publisher detected: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> UninstallString detected: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> URLInfoAbout detected: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> URLUpdateInfo detected: Trace.Registry.Ares
C:\Documents and Settings\Anthony\Cookies\anthony@2o7[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Anthony\Cookies\anthony@cgi-bin[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Anthony\Cookies\anthony@questionmarket[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Anthony\Cookies\anthony@realmedia[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Anthony\Cookies\anthony@statcounter[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Anthony\Cookies\anthony@trafficmp[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Anthony\Cookies\anthony@zedo[2].txt detected: Trace.TrackingCookie
C:\Program Files\Windows Plus\Party Mode\Crystal_Clockwork.wmz/a_main_dis.png detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Energy.wmz/skin.wms detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Energy.wmz/background_800.jpg detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Energy.wmz/background_960.jpg detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Energy.wmz/background_1024.jpg detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Energy.wmz/background_1280.jpg detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Energy.wmz/background_1600.jpg detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Energy.wmz/skin.js detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Energy.wmz/b_bot_left.png detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Energy.wmz/b_bot_right.png detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Energy.wmz/b_top_left.png detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Energy.wmz/b_top_right.png detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Energy.wmz/error.png detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Party_Mode.wmz/viz_control_mask.bmp detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Party_Mode.wmz/viz_control_normal.bmp detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Party_Mode.wmz/viz_topbar_middle.bmp detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Party_Mode.wmz/viz_topbar_right.bmp detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Party_Mode.wmz/warning_down.bmp detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Party_Mode.wmz/warning_hover.bmp detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Party_Mode.wmz/warning_mask.bmp detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Party_Mode.wmz/warning_normal.bmp detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Party_Mode.wmz/partymodeskins.htm detected: Heuristic.ArchiveBomb
C:\Program Files\Windows Plus\Party Mode\Party_Mode.wmz/background_1600.jpg detected: Heuristic.ArchiveBomb

Scanned

Files: 79779
Traces: 71394
Cookies: 144
Processes: 59

Found

Files: 23
Traces: 95
Cookies: 7
Processes: 0
Registry keys: 0

Scan end: 9/11/2006 4:37:52 PM
Scan time: 3:51:32 AM


Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Anthony\Cookies\anthony@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Anthony\Cookies\anthony@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Anthony\Cookies\anthony@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Anthony\Cookies\anthony@adrevolver[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Anthony\Cookies\anthony@as-eu.falkag[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Anthony\Cookies\anthony@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Anthony\Cookies\anthony@belnk[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Anthony\Cookies\anthony@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Anthony\Cookies\anthony@cgi-bin[3].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Anthony\Cookies\anthony@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Anthony\Cookies\anthony@dist.belnk[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Anthony\Cookies\anthony@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Anthony\Cookies\anthony@realmedia[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Anthony\Cookies\anthony@statcounter[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Anthony\Cookies\anthony@trafficmp[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Anthony\Cookies\anthony@zedo[2].txt

Logfile of HijackThis v1.99.1
Scan saved at 5:07:59 PM, on 9/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Elantech\Ktp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\AOL\1150342297\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BitLord\BitLord.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\explorer.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\PROGRA~1\MICROS~2\Office10\WINWORD.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.verizon.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\Ktp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150342297\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.goldenram.com/upgradedetect/upgradedetect.cab?3875
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142276066953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142279699390
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://join-test.webex.com/client/T23L/webex/ieatgpc.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40E9F00E-0A5D-4200-B33D-602418545CF8}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2902379-0415-4A2F-A846-9A006678AAEE}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hi....

Just this last bit to cleanup.

To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe
O4 - HKCU\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe

Open Windows Explorer and delete the following highlighted file/s

C:\WINDOWS\netmedia.exe
C:\WINDOWS\netmedia.ini


Copy and paste all this from within the box into Notebook then go to FILE and SAVE AS. "All Files" must be selected in the "Save as Type" box. In that box type Fix.reg and save it to your Desktop.Double click to merge it to the registry

Here ya go, thanks again:

Logfile of HijackThis v1.99.1
Scan saved at 9:48:25 PM, on 9/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Elantech\Ktp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\AOL\1150342297\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Anthony\Desktop\ATF-Cleaner.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.verizon.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\Ktp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150342297\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.goldenram.com/upgradedetect/upgradedetect.cab?3875
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142276066953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142279699390
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://join-test.webex.com/client/T23L/webex/ieatgpc.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40E9F00E-0A5D-4200-B33D-602418545CF8}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2902379-0415-4A2F-A846-9A006678AAEE}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

I dont see anymore problems.You should now be good to go.




If you wish to do so, here are a few things that you can do that will help keep your computer a bit more clean and secure..

Now that you are clean its now is a good time to flush out your restored files.

To flush the XP System Restore Points:
(Using XP, you must be logged in as Administrator to do this.)
Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn Off System Restore.

Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.

How Do I Protect My Computer Against Future Malware Now I'm Clean.

NOTE:You may have already taken some of these steps.

Update your anti-virus software & Windows operating system on a daily or weekly basis. Microsoft also distributes updates to its operating systems. These updates fix security holes or other problems that make a computer susceptible to security breaches. How to update your Windows operating system

Know What You're Installing
Check the source.
To avoid malware, make sure your software comes from a reputable source. Be particularly suspicious of sponsored software (software that relies on advertising) or software that claims to speed up your Internet connection.

Use Custom Install.
If you feel comfortable with software installation, you can choose Custom Install (as opposed to Typical Install). Custom Install allows you to select only the software components you wish to install, and leave out others (such as potential spyware).

Modify Security Settings (Internet Explorer 6)
To reduce the risk of installing malware, you can set Internet Explorer to high security mode. To do so:

Open Internet Explorer. Go to Tools > Internet Options….
On the Internet Options screen, select the Security tab, then select the Internet icon (if it is not already selected).
Under Security level for this zone, click Default Level. Set the slider to High.
Note: You may have to lower the security level to view certain Web sites.
Next, select the Trusted Sites icon. Under Security level for this zone, click Default Level. Set the slider to Medium.
Click Apply, then OK to save the changes.

Some Recommended Protection Programs

Each tool has its own strengths for identifying and removing specific types of malware. To thoroughly check your computer, its recommend that you use more than one malware removal program. Don't forget to back up your data files before starting a scan!

Some available programs are:

Ad-Aware
SpyBot Search & Destroy

Now that you are clean, to help protect your system I recommend that you get the following free programs:
SpywareBlaster to help prevent spyware from installing.
SpywareGuard to catch and block spyware .
IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
WinPatrol to monitor any changes that programs make to the registry.

If you do not have a firewall, here is a free one for personal use:

ZoneAlarm
http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?lid=home_freedownloads
http://www.zonelabs.com/store/content/company/products/znalm/comparison.jsp?dc=12bms&ctry=US&lang=en&lid=ho_za



Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link:

http://www.spywarewarrior.com/rogue_anti-spyware.htm
If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs:

http://www.spywarewarrior.com/asw-test-guide.htm


Here is a helpful article:
"So how did I get infected in the first place?"

http://computercops.biz/postlite7736-.html

http://www.pchelpforum.com/tutorials/21566-protect-your-pc.html

Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!

Thank you, all seems to be resolved.

Ok..great

Before we close off........

It is very important not only to keep Sun Java up to date but also to remove older versions which have security holes and can be exploited by malware such as Vundo .

Please follow the steps to remove older version Java components
1. Close any open programs you may have running, especially your web
browser
2. Click Start > Control Panel
* Depending on your OS or configuration, you may have to click Start
> Settings > Control Panel
3. Open Add or Remove Programs
* If you have Windows 98 or Windows 2000, open Add/Remove Programs
4. Click once on any item listing Java Runtime Environment in the name
* Not every version of Java will begin with "Java" so be sure to read each entry in the list
5. Click the Remove or Change/Remove button
6. Follow steps 4 and 5 as many times as necessary to remove all versions of Java. ** If you are asked to reboot at any point during the uninstallations, please do so. Then go back to Add/Remove and continue with the removals.
7. Next, navigate to and delete:

C:\Program Files\Java <<<<<<this folder if found

I've locked this thread since the issue is resolved.

Glad we were able to help

NOTE: This thread is now closed. Should you need it reopened, please e-mail a moderator.
Everyone else who is having a similar issue, please begin a new topic.

_________________

Microsoft MVP - Consumer Security

"To teach is to learn twice." -- Joseph Joub