Sorry, guys, I am new to the forum. However, following your advice, here's my new thread.
Since I'm not a patient person, I deleted everything I found in my PC with critical time and date. To remind you:
I followed some of advice I found on your site and delete IEeng.exe found in c:\windows. Then I did a RAV scan (results posted below) and after that I deleted wmplayer.exe.tmp. Then I searched my PC for all files created on July 30 2004 and found a folder c:\windows\system32\services containing two files: hesy.exe and dale.exe. I deleted those as well. Additionally, I found two files in C root directory: x.exe and .... I forgot its name but it was dll'somenthing'.exe. I deleted them of course.
However, here's my newest hjt log:
Logfile of HijackThis v1.98.1
Scan saved at 6:09:41, on 6.8.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\1050\msoffice.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Tomo\Osobno\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: G1.GZ - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O5 "LPT1:" /M "Stylus C42"
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1050\OLFSNT40.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11111111-1111-1111-1111-111111113457} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{65DF77D4-D71E-4714-9713-1BF7A2C1EE57}: NameServer = 195.29.150.3 195.29.150.4
And here's mentioned RAV report (done yesterday before deleting services folder and wmplayer file):
Scan started at 5.8.2004 8:26:38
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Program Files\Windows Media Player\wmplayer.exe.tmp - TrojanDownloader:Win32/Small.KR -> Infected
C:\WINDOWS\Downloaded Program Files\IEeng.exe - Trojan:Win32/StartPage.AI -> Infected
Scanned
==
Objects: 35972
Directories: 1958
Archives: 595
Size(Kb): 1128586
Infected files: 2
Found
==
Viruses found: 2
Suspicious files: 0
Disinfected files: 0
Mail files: 75
Bottom line is: everything seems to work fine now except that my PC takes some more time to boot.
Thanks.
