Jump to content

andyj46

Members
  • Content Count

    18
  • Joined

  • Last visited

About andyj46

  • Rank
    Member

Previous Fields

  • System Specifications:
    P4 2.6GHZ 40GB HDD Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  1. Hi Aaflac, I am not seeing any popups or spyware related issues per se, however, the same problem of the pc getting stuck for a few seconds persists. While writing this sentence or scrolling webpages or clicking on links, everything practically gets halted for a couple of seconds and then back to normal again. And its very often and very troublesome. Please advise. Thanks and regards, Andy.
  2. Thanks Aaflac. Here is the log for Ad-aware - Ad-Aware SE Build 1.06r1 Logfile Created on:Monday, June 04, 2007 7:40:40 AM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R174 04.06.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie(TAC index:3):2 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 6-4-2007 7:40:40 AM - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 1580 ThreadCreationTime : 6-4-2007 12:33:16 PM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 1688 ThreadCreationTime : 6-4-2007 12:33:18 PM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 1712 ThreadCreationTime : 6-4-2007 12:33:20 PM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1756 ThreadCreationTime : 6-4-2007 12:33:20 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1768 ThreadCreationTime : 6-4-2007 12:33:20 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1944 ThreadCreationTime : 6-4-2007 12:33:21 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1992 ThreadCreationTime : 6-4-2007 12:33:21 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 300 ThreadCreationTime : 6-4-2007 12:33:21 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [evteng.exe] FilePath : C:\Program Files\Intel\Wireless\Bin\ ProcessID : 352 ThreadCreationTime : 6-4-2007 12:33:21 PM BasePriority : Normal FileVersion : 10.5.0.20 ProductVersion : 10.5.0.0 ProductName : Intel® PROSet/Wireless Event Log CompanyName : Intel Corporation FileDescription : Intel® PROSet/Wireless Event Log InternalName : EvtEng LegalCopyright : Copyright © Intel Corporation 1999-2006 OriginalFilename : EvtEng.EXE #:10 [s24evmon.exe] FilePath : C:\Program Files\Intel\Wireless\Bin\ ProcessID : 584 ThreadCreationTime : 6-4-2007 12:33:23 PM BasePriority : Normal FileVersion : 10.5.0.34 ProductVersion : 10.5.0.0 ProductName : Intel® PROSet/Wireless Service CompanyName : Intel Corporation FileDescription : Wireless Management Service InternalName : S24EvMon LegalCopyright : Copyright © Intel Corporation 1999-2006 OriginalFilename : S24EvMon.exe #:11 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1028 ThreadCreationTime : 6-4-2007 12:33:23 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1064 ThreadCreationTime : 6-4-2007 12:33:23 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:13 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1176 ThreadCreationTime : 6-4-2007 12:33:23 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:14 [ccsetmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1440 ThreadCreationTime : 6-4-2007 12:33:23 PM BasePriority : Normal FileVersion : 2.0.0.635 ProductVersion : 2.0.0.635 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:15 [ccevtmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1464 ThreadCreationTime : 6-4-2007 12:33:24 PM BasePriority : Normal FileVersion : 2.0.0.635 ProductVersion : 2.0.0.635 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:16 [lexbces.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1912 ThreadCreationTime : 6-4-2007 12:33:24 PM BasePriority : Normal FileVersion : 9.41 ProductVersion : 9.41 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LexBce Service InternalName : LexBce Service LegalCopyright : © 1993 - 2003 Lexmark International, Inc. OriginalFilename : LexBceS.exe #:17 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2044 ThreadCreationTime : 6-4-2007 12:33:24 PM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:18 [lexpps.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 136 ThreadCreationTime : 6-4-2007 12:33:24 PM BasePriority : Normal FileVersion : 9.41 ProductVersion : 9.41 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LEXPPS.EXE InternalName : LEXPPS LegalCopyright : © 1993 - 2003 Lexmark International, Inc. OriginalFilename : LEXPPS.EXE Comments : MarkVision for Windows '95 New P2P Server (32-bit) #:19 [guard.exe] FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\ ProcessID : 348 ThreadCreationTime : 6-4-2007 12:33:24 PM BasePriority : Normal FileVersion : 7, 5, 0, 47 ProductVersion : 7, 5, 0, 47 ProductName : AVG Anti-Spyware CompanyName : Anti-Malware Development a.s. FileDescription : AVG Anti-Spyware guard InternalName : AVG Anti-Spyware guard LegalCopyright : Copyright © 2006 Anti-Malware Development a.s. OriginalFilename : guard.exe #:20 [cfsvcs.exe] FilePath : C:\Program Files\TOSHIBA\ConfigFree\ ProcessID : 340 ThreadCreationTime : 6-4-2007 12:33:24 PM BasePriority : Normal FileVersion : 6, 0, 0, 1 ProductVersion : 6, 0, 0, 0 ProductName : ConfigFree CompanyName : TOSHIBA CORPORATION FileDescription : Service of ConfigFree. InternalName : CFSvcs.exe LegalCopyright : ©copyright TOSHIBA CORPORATION 2003-2005 LegalTrademarks : ConfigFree OriginalFilename : CFSvcs.exe Comments : Service of ConfigFree. #:21 [dvdramsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 388 ThreadCreationTime : 6-4-2007 12:33:24 PM BasePriority : Normal FileVersion : 3, 0, 0, 0 ProductVersion : 3, 0, 0, 0 CompanyName : Matsushita Electric Industrial Co., Ltd. FileDescription : DVD-RAM Utility Helper Service LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2004 OriginalFilename : DVDRAMSV.EXE #:22 [ehrecvr.exe] FilePath : C:\WINDOWS\eHome\ ProcessID : 564 ThreadCreationTime : 6-4-2007 12:33:24 PM BasePriority : Above Normal FileVersion : 5.1.2715.2883 (xpsp(wmbla).060409-2023) ProductVersion : 5.1.2715.2883 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Media Center Receiver Service InternalName : ehRecvr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ehRecvr.exe #:23 [ehsched.exe] FilePath : C:\WINDOWS\eHome\ ProcessID : 600 ThreadCreationTime : 6-4-2007 12:33:24 PM BasePriority : Normal FileVersion : 5.1.2710.2732 (xpsp(wmbla).050805-1239) ProductVersion : 5.1.2710.2732 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Media Center Scheduler Service InternalName : ehSched LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ehSched.exe #:24 [navapsvc.exe] FilePath : C:\Program Files\Norton AntiVirus\ ProcessID : 744 ThreadCreationTime : 6-4-2007 12:33:24 PM BasePriority : Normal FileVersion : 10.00.109 ProductVersion : 10.00.109 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:25 [regsrvc.exe] FilePath : C:\Program Files\Intel\Wireless\Bin\ ProcessID : 888 ThreadCreationTime : 6-4-2007 12:33:24 PM BasePriority : Normal FileVersion : 10.5.0.4 ProductVersion : 10.5.0.0 ProductName : Intel® PROSet/Wireless Registry Service CompanyName : Intel Corporation FileDescription : Intel® PROSet/Wireless Registry Service InternalName : RegSrvc LegalCopyright : Copyright © Intel Corporation 1999-2006 OriginalFilename : RegSrvc.EXE Comments : Registry Interface for Intel Wireless Products #:26 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1216 ThreadCreationTime : 6-4-2007 12:33:24 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:27 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1392 ThreadCreationTime : 6-4-2007 12:33:25 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:28 [swupdtmr.exe] FilePath : c:\TOSHIBA\IVP\swupdate\ ProcessID : 1076 ThreadCreationTime : 6-4-2007 12:33:25 PM BasePriority : Normal #:29 [tappsrv.exe] FilePath : C:\Program Files\TOSHIBA\TOSHIBA Applet\ ProcessID : 2132 ThreadCreationTime : 6-4-2007 12:33:25 PM BasePriority : Normal FileVersion : 1, 0, 0, 14M ProductVersion : 1.0.0.14M ProductName : TOSHIBA TAPPSRV CompanyName : TOSHIBA Corp. FileDescription : TOSHIBA TAPPSRV InternalName : TOSHIBA LegalCopyright : Copyright © 2006 LegalTrademarks : TOSHIBA® is a registered trademark of TOSHIBA Corporation. OriginalFilename : TAPPSRV.EXE Comments : Written by Inventec ODM Software Team #:30 [toddsrv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2180 ThreadCreationTime : 6-4-2007 12:33:25 PM BasePriority : Normal FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 ProductName : TDCSrv Application CompanyName : TOSHIBA Corporation FileDescription : TDCSrv Application InternalName : TDCSrv LegalCopyright : Copyright © 2006 TOSHIBA Corporation. All rights reserved. OriginalFilename : TDCSrv.exe #:31 [mcrdsvc.exe] FilePath : C:\WINDOWS\ehome\ ProcessID : 2436 ThreadCreationTime : 6-4-2007 12:33:26 PM BasePriority : Normal FileVersion : 4.1.2710.2732 (xpsp(wmbla).050805-1239) ProductVersion : 4.1.2710.2732 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : MCRD Device Service InternalName : McrdSvc.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : McrdSvc.exe #:32 [dllhost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3780 ThreadCreationTime : 6-4-2007 12:33:28 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : COM Surrogate InternalName : dllhost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : dllhost.exe #:33 [wmiprvse.exe] FilePath : C:\WINDOWS\system32\wbem\ ProcessID : 3800 ThreadCreationTime : 6-4-2007 12:33:28 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : WMI InternalName : Wmiprvse.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : Wmiprvse.exe #:34 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 980 ThreadCreationTime : 6-4-2007 12:33:29 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:35 [thotkey.exe] FilePath : C:\Program Files\Toshiba\Toshiba Applet\ ProcessID : 3052 ThreadCreationTime : 6-4-2007 12:33:39 PM BasePriority : Normal FileVersion : 1.00.0005 ProductVersion : 1.00.0005 ProductName : THotkey CompanyName : TOSHIBA FileDescription : Hotkey Utility InternalName : THotkey LegalCopyright : 2006 LegalTrademarks : TOSHIBA Corporation OriginalFilename : THotkey.exe #:36 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3060 ThreadCreationTime : 6-4-2007 12:33:39 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:37 [ddwmon.exe] FilePath : C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ ProcessID : 3068 ThreadCreationTime : 6-4-2007 12:33:39 PM BasePriority : Normal FileVersion : 1.0.0.9 ProductVersion : 1.0.0.9 ProductName : TOSHIBA Direct Disc Writer CompanyName : TOSHIBA Corporation FileDescription : TOSHIBA Direct Disc Writer - Event Monitor InternalName : DDWMon.exe LegalCopyright : Copyright©2006 TOSHIBA Corporation. All rights reserved. OriginalFilename : DDWMon.exe #:38 [syntpenh.exe] FilePath : C:\Program Files\Synaptics\SynTP\ ProcessID : 616 ThreadCreationTime : 6-4-2007 12:33:40 PM BasePriority : Normal FileVersion : 8.2.13.2 02Mar06 ProductVersion : 8.2.13.2 02Mar06 ProductName : Synaptics Pointing Device Driver CompanyName : Synaptics, Inc. FileDescription : Synaptics TouchPad Enhancements InternalName : Synaptics Enhancements Application LegalCopyright : Copyright © Synaptics, Inc. 1996-2006 OriginalFilename : SynTPEnh.exe #:39 [agrsmmsg.exe] FilePath : C:\WINDOWS\ ProcessID : 1144 ThreadCreationTime : 6-4-2007 12:33:40 PM BasePriority : Normal FileVersion : 2.1.68 2.1.68 03/17/2006 15:22:25 ProductVersion : 2.1.68 2.1.68 03/17/2006 15:22:25 ProductName : Agere SoftModem Messaging Applet CompanyName : Agere Systems FileDescription : SoftModem Messaging Applet InternalName : smdmstat.exe LegalCopyright : Copyright © Agere Systems 1998-2000 OriginalFilename : smdmstat.exe #:40 [tpsmain.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1312 ThreadCreationTime : 6-4-2007 12:33:42 PM BasePriority : Normal FileVersion : 1, 0, 15, 0 ProductVersion : 7, 0, 0, 0 ProductName : TOSHIBA Power Saver CompanyName : TOSHIBA Corporation InternalName : TPSMain LegalCopyright : Copyright © 1998-2004 TOSHIBA Corporation OriginalFilename : TPSMain.EXE #:41 [toshiba.exe] FilePath : C:\Program Files\Synaptics\SynTP\ ProcessID : 2064 ThreadCreationTime : 6-4-2007 12:33:42 PM BasePriority : Normal FileVersion : 8.2.13.2 02Mar06 ProductVersion : 8.2.13.2 02Mar06 ProductName : Synaptics Pointing Device Driver CompanyName : Synaptics, Inc. FileDescription : Toshiba Custom PlugIn Application InternalName : Toshiba LegalCopyright : Copyright © Synaptics, Inc. 1996-2006 OriginalFilename : Toshiba.exe #:42 [padexe.exe] FilePath : C:\Program Files\TOSHIBA\Touch and Launch\ ProcessID : 3632 ThreadCreationTime : 6-4-2007 12:33:43 PM BasePriority : Normal FileVersion : 1, 2, 10, 0 ProductVersion : 1, 2, 10, 0 ProductName : PadTouch CompanyName : TOSHIBA FileDescription : PadTouch Main InternalName : PadExe LegalCopyright : Copyright © 2003-2005 TOSHIBA Corporation OriginalFilename : PadExe.exe #:43 [tpsbattm.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3656 ThreadCreationTime : 6-4-2007 12:33:44 PM BasePriority : Normal FileVersion : 1, 0, 2, 0 ProductVersion : 7, 0, 0, 0 ProductName : TOSHIBA Power Saver CompanyName : TOSHIBA Corporation InternalName : TPSBattM LegalCopyright : Copyright © 1998-2004 TOSHIBA Corporation OriginalFilename : TPSBattM.exe #:44 [tfncky.exe] FilePath : C:\Program Files\TOSHIBA\TOSHIBA Controls\ ProcessID : 3232 ThreadCreationTime : 6-4-2007 12:33:44 PM BasePriority : Normal FileVersion : 3.21.02 ProductVersion : 3.21.00 ProductName : TFncKy CompanyName : TOSHIBA Corporation FileDescription : TFncKy InternalName : TFncKy LegalCopyright : Copyright © 2001-2005 TOSHIBA Corporation. All rights reserved. OriginalFilename : TFncKy.EXE #:45 [tvstray.exe] FilePath : C:\Program Files\Toshiba\Tvs\ ProcessID : 3224 ThreadCreationTime : 6-4-2007 12:33:45 PM BasePriority : Normal FileVersion : 1, 0, 0, 7 ProductVersion : 1, 0, 0, 7 ProductName : TOSHIBA Virtual Sound CompanyName : TOSHIBA Corporation FileDescription : TOSHIBA Virtual Sound Taskbar Module InternalName : TvsTray LegalCopyright : Copyright © 2004-2006 TOSHIBA Corporation. OriginalFilename : TvsTray.exe Comments : TOSHIBA Virtual Sound Taskbar Module #:46 [smoothview.exe] FilePath : C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\ ProcessID : 4000 ThreadCreationTime : 6-4-2007 12:33:46 PM BasePriority : Normal FileVersion : 2, 0, 0, 23 ProductVersion : 2, 0, 0, 23 ProductName : TOSHIBA Zooming Utility CompanyName : TOSHIBA Corporation FileDescription : SmoothView InternalName : SmoothView LegalCopyright : Copyright © 2003 TOSHIBA Corporation. All rights reserved. OriginalFilename : SmoothView.exe Comments : TOSHIBA Zooming Utility #:47 [pinger.exe] FilePath : C:\toshiba\ivp\ism\ ProcessID : 3296 ThreadCreationTime : 6-4-2007 12:33:46 PM BasePriority : Normal FileVersion : 3.7.0.0 ProductVersion : 3.7.0.0 ProductName : Software Upgrades CompanyName : TOSHIBA Corporation FileDescription : TOSHIBA Pinger InternalName : PINGER LegalCopyright : © 1997-2005 TOSHIBA Corporation OriginalFilename : PINGER.EXE #:48 [zcfgsvc.exe] FilePath : C:\Program Files\Intel\Wireless\bin\ ProcessID : 3280 ThreadCreationTime : 6-4-2007 12:33:47 PM BasePriority : Normal FileVersion : 10.5.0.5 ProductVersion : 10.5.0.0 ProductName : ZeroCfgSvc Application CompanyName : Intel Corporation FileDescription : ZeroCfgSvc MFC Application InternalName : ZeroCfgSvc LegalCopyright : Copyright © Intel Corporation 1999-2006 OriginalFilename : ZeroCfgSvc.EXE #:49 [ifrmewrk.exe] FilePath : C:\Program Files\Intel\Wireless\Bin\ ProcessID : 392 ThreadCreationTime : 6-4-2007 12:33:48 PM BasePriority : Normal FileVersion : 10.5.0.1 ProductVersion : 10.5.0.0 ProductName : Intel® PROSet/Wireless CompanyName : Intel Corporation FileDescription : Intel Framework MFC Application InternalName : Framework LegalCopyright : Copyright © Intel Corporation 1999-2006 OriginalFilename : iFramewrk.exe #:50 [ccapp.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1112 ThreadCreationTime : 6-4-2007 12:33:48 PM BasePriority : Normal FileVersion : 2.0.0.635 ProductVersion : 2.0.0.635 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Symantec Common Client User Session InternalName : ccApp LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:51 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3020 ThreadCreationTime : 6-4-2007 12:33:55 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:52 [googletoolbarnotifier.exe] FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\ ProcessID : 3160 ThreadCreationTime : 6-4-2007 12:33:56 PM BasePriority : Normal FileVersion : 1, 2, 1128, 5462 ProductVersion : 1, 2, 1128, 5462 ProductName : GoogleToolbarNotifier CompanyName : Google Inc. FileDescription : GoogleToolbarNotifier LegalCopyright : Copyright © 2005-2006 OriginalFilename : GoogleToolbarNotifier.exe #:53 [psnlite.exe] FilePath : C:\Program Files\3M\PSNLite\ ProcessID : 856 ThreadCreationTime : 6-4-2007 12:34:00 PM BasePriority : Normal FileVersion : 3, 0, 1, 1069 ProductVersion : 3, 0, 1, 1069 ProductName : Post-it® Software Notes Lite CompanyName : 3M FileDescription : Post-it® Software Notes: System InternalName : PSN LegalCopyright : © 1995-2002 3M Company. All Rights Reserved. LegalTrademarks : "Post-it" and canary yellow are registered trademarks of 3M. OriginalFilename : PSN2VIEW.EXE #:54 [ramasst.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2300 ThreadCreationTime : 6-4-2007 12:34:01 PM BasePriority : Normal FileVersion : 1, 1, 0, 0 ProductVersion : 1, 1, 0, 0 CompanyName : Matsushita Electric Industrial Co., Ltd. FileDescription : CD Burning of Windows XP disabling tool for DVD MULTI Drive LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2004 OriginalFilename : RAMASST.EXE #:55 [psngive.exe] FilePath : C:\PROGRA~1\3M\PSNLite\ ProcessID : 2692 ThreadCreationTime : 6-4-2007 12:34:02 PM BasePriority : Normal FileVersion : 3, 0, 2, 2069 ProductVersion : 3, 0, 2, 2069 ProductName : Post-it® Software Notes CompanyName : 3M FileDescription : Post-it® Software Notes: GiveNote InternalName : PSN LegalCopyright : © 1995-2002 3M Company. All Rights Reserved. LegalTrademarks : "Post-it" and canary yellow are registered trademarks of 3M. OriginalFilename : PSN.EXE #:56 [dot1xcfg.exe] FilePath : C:\Program Files\Intel\Wireless\Bin\ ProcessID : 1284 ThreadCreationTime : 6-4-2007 12:34:03 PM BasePriority : Normal FileVersion : 10.5.0.3 ProductVersion : 10.5.0.0 ProductName : Intel PROSet/Wireless CompanyName : Intel Corporation FileDescription : Intel 802.1x Server InternalName : Dot1xCfg LegalCopyright : Copyright © Intel Corporation 2006 OriginalFilename : Dot1xCfg.exe #:57 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1280 ThreadCreationTime : 6-4-2007 12:34:11 PM BasePriority : Normal FileVersion : 5.8.0.2469 built by: lab01_n(wmbla) ProductVersion : 5.8.0.2469 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:58 [firefox.exe] FilePath : C:\Program Files\Mozilla Firefox\ ProcessID : 408 ThreadCreationTime : 6-4-2007 12:35:56 PM BasePriority : Normal #:59 [wmiprvse.exe] FilePath : C:\WINDOWS\system32\wbem\ ProcessID : 2468 ThreadCreationTime : 6-4-2007 12:37:28 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : WMI InternalName : Wmiprvse.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : Wmiprvse.exe #:60 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 3496 ThreadCreationTime : 6-4-2007 12:37:57 PM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:[email protected]/ Expires : 5-31-2012 12:44:16 AM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:[email protected]/ Expires : 5-29-2012 1:43:56 PM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 2 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 2 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 7:56:11 AM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:15:30.672 Objects scanned:185882 Objects identified:2 Objects ignored:0 New critical objects:2 Regards, Andy
  3. Had forgotten to add the Bitdefender log. Here it is - BitDefender Online Scanner - Real Time Virus Report Generated at: Sat, Jun 02, 2007 - 07:49:57 Scan Info Scanned Files 243469 Infected Files 2 Virus Detected Trojan.Purityad.O 1 Trojan.Downloader.Harnig.XB 1 This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world. Thanks and regards, Andy
  4. Hi, Sorry for the delay, was on vacation past the memorial day weekend. Well I just said that based of the Kaspersky scan report. The popups have disappeared, however, the computer is really slow. More specifically, for example, while Im typing this sentence, the words dont appear immediately as if there is another process which is using the memory and then the entire line appears. Yes, I had downloaded a crack for the MS Office and Norton Antivirus since I lost my activation keys while moving from the old place. Big mistake, I didnt even get them to work and instead my PC is infected. I performed the actions you suggested and here are the logs - AVG Report - --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 6:11:40 PM 6/2/2007 + Scan result: C:\Dowloads\OiUninstaller.exe -> Adware.PurityScan : Cleaned. C:\Program Files\Hijackthis\backups\backup-20070527-093551-337.dll -> Adware.PurityScan : Cleaned. C:\Dowloads\Astalavista\Office_2003_CD-Key_.rar/crack.exe -> Downloader.Small.edb : Cleaned. C:\Dowloads\Astalavista\Office_2003_CD-Key_.rar/keygen.exe -> Dropper.Agent.azk : Cleaned. :mozilla.151:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Anand\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Anand\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. :mozilla.106:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned. :mozilla.92:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.100:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.103:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.104:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.105:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.98:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.21:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.38:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned. :mozilla.39:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.40:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.46:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.41:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.42:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.43:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.44:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.45:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.107:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.108:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.109:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.110:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.58:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Anand\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.56:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.57:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.150:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.71:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.72:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.73:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.74:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.102:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Anand\Cookies\[email protected][1].txt -> TrackingCookie.Netflame : Cleaned. :mozilla.137:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.138:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.139:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.140:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.131:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.132:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.86:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.95:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.96:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.97:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.47:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.48:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.51:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.54:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.55:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.59:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.60:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.61:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.62:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.63:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.64:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.101:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.49:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.50:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.52:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.53:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.65:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.99:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.7:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.22:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.80:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.81:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.82:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.83:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.84:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.85:C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. ::Report end Hijackthis - Logfile of HijackThis v1.99.1 Scan saved at 10:37:48 PM, on 6/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\TODDSrv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\toshiba\ivp\ism\pinger.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\WINDOWS\system32\RAMASST.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = in.rediff.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v45/bejeweled/bejeweled.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Motorola MVP\Extranet_serv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe Thanks again for your help! Regards, Andy.
  5. Thanks Aaflac, I performed all those tasks but still seems there is some infection in the PC. Here is the Activescan report - Incident Status Location Dialer:Dialer.KGF Not disinfected C:\!KillBox\winpsa32.dll Virus:W32/Netsky.P.worm Disinfected Personal Folders\Inbox\Re: Old photos\old_photos.scr Hacktool:Exploit/iFrame Not disinfected Personal Folders\Inbox\Mail Delivery (failure [email protected]) Virus:W32/Netsky.P.worm Disinfected Personal Folders\Inbox\Mail Delivery (failure [email protected])\message.scr Virus:W32/Netsky.P.worm Disinfected Personal Folders\Inbox\Fwd: Warning again\abuses.zip[document.txt .exe] Hacktool:Exploit/iFrame Not disinfected Personal Folders\Inbox\Mail Delivery (failure [email protected]) Virus:W32/Netsky.P.worm Disinfected Personal Folders\Inbox\Mail Delivery (failure [email protected])\message.scr Hacktool:Exploit/iFrame Not disinfected Personal Folders\Inbox\Mail Delivery (failure [email protected]) Virus:W32/Netsky.P.worm Disinfected Personal Folders\Inbox\Mail Delivery (failure [email protected])\message.scr Virus:W32/Netsky.P.worm Disinfected Personal Folders\Inbox\Thank you!\confirm.pif Virus:W32/Netsky.P.worm Disinfected Personal Folders\Inbox\Re: Free porn\www.myx4free_janefalkar.zip[details.txt .pif] Virus:W32/Netsky.P.worm Disinfected Personal Folders\Inbox\Re: Question\my_list01_janefalkar.zip[document.txt .exe] Hacktool:Exploit/iFrame Not disinfected Personal Folders\Inbox\Mail Delivery (failure [email protected]) Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.atdmt.com/] Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.ads.addynamix.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.hitbox.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.advertising.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.zedo.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[server.iad.liveperson.net/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[server.iad.liveperson.net/hc/13644240] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[server.iad.liveperson.net/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.2o7.net/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.overture.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.247realmedia.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.xiti.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.burstnet.com/] Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[www.burstbeacon.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.go.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[.ehg-dig.hitbox.com/] Spyware:Cookie/Clicktracks Not disinfected C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cookies.txt[stats1.clicktracks.com/] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Anand\Desktop\SmitfraudFix\Process.exe Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Anand\Desktop\SmitfraudFix\restart.exe Virus:Trj/Downloader.MNN Not disinfected C:\Dowloads\Astalavista\Office_2003_CD-Key_.rar[crack.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Dowloads\ComboFix.exe[ComboFixT\nircmd.exe] Virus:Trj/SpaBot.AI Disinfected C:\Dowloads\Limewire\Uniblue.Registry.Booster.v1.3.WinALL.CRACKED-NGEN.zip[uniblue.Registry.Booster.v1.3.WinALL.CRACKED-NGEN/crack/registrybooster.exe] Virus:Trj/SpaBot.AI Disinfected C:\Dowloads\Limewire\Uniblue.Registry.Booster.v1.3.WinALL.CRACKED-NGEN.zip[uniblue.Registry.Booster.v1.3.WinALL.CRACKED-NGEN/registrybooster.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe Thanks and regards, Andy.
  6. Hi! Many thanks again, those directions fixed the windows security issue. However, it seems that there is still some infection in the PC, logs as follows - Combofix - "Anand" - 2007-05-28 10:44:19 Service Pack 2 ComboFix 07-05.27.V - Running from: "C:\Dowloads\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-28 )))))))))))))))))))))))))))))))))) 2007-05-27 23:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-05-27 23:57 <DIR> d-------- C:\WINDOWS\LastGood 2007-05-27 09:49 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-25 20:13 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-05-25 20:11 <DIR> d-------- C:\fe592e6e954a0199db5ea1ad81b1b6 2007-05-25 20:10 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-05-25 20:10 <DIR> d-------- C:\fbbeb8f6341a6d9cd92cdfb9 2007-05-23 22:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-05-23 22:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-05-23 22:16 <DIR> d-------- C:\DOCUME~1\Anand\APPLIC~1\SUPERAntiSpyware.com 2007-05-22 21:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-05-22 20:37 <DIR> d-------- C:\DOCUME~1\Anand\APPLIC~1\Lavasoft 2007-05-22 20:36 <DIR> d-------- C:\Program Files\Lavasoft 2007-05-22 20:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-22 20:26 <DIR> d-------- C:\Program Files\PCPitstop 2007-05-20 22:50 3,360 --a------ C:\WINDOWS\system32\tmp.reg 2007-05-20 19:25 <DIR> d-------- C:\VundoFix Backups 2007-05-20 17:33 1,499,390 ---hs---- C:\WINDOWS\system32\ststv.bak1 2007-05-20 17:25 19,456 --a------ C:\WINDOWS\system32\winpsa32.dll 2007-05-20 16:36 <DIR> d-------- C:\Program Files\Uniblue 2007-05-20 16:36 <DIR> d-------- C:\DOCUME~1\Anand\APPLIC~1\Uniblue 2007-05-13 20:45 <DIR> d-------- C:\Program Files\SymNetDrv 2007-05-13 19:59 <DIR> d-------- C:\Program Files\Norton AntiVirus 2007-05-13 19:58 83,208 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-05-13 19:58 82,136 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-05-13 19:58 <DIR> d-------- C:\Program Files\Symantec 2007-05-10 23:19 89,184 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2007-05-10 23:18 569,344 --a------ C:\WINDOWS\system32\imagr5.dll 2007-05-10 23:18 544,768 --a------ C:\WINDOWS\system32\imagx5.dll 2007-05-10 23:18 38,912 --a------ C:\WINDOWS\system32\picn20.dll 2007-05-10 23:18 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll 2007-05-10 23:18 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-05-10 23:18 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-05-10 23:18 <DIR> d-------- C:\Program Files\Ahead 2007-05-10 23:17 <DIR> d-a------ C:\TEMP\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial 2007-05-10 22:14 <DIR> d-------- C:\TomTom (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-21 00:09:14 -------- d-----w C:\Program Files\mIRC 2007-05-19 00:03:02 16 ----a-w C:\WINDOWS\popcinfo.dat 2007-05-14 01:45:18 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-04-20 19:34:44 -------- d-----w C:\Program Files\Microsoft Office Communicator 2007-04-13 01:46:38 -------- d-----w C:\Program Files\Advanced PDF Tools v2.0 2007-04-13 01:16:53 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-04-13 01:15:05 -------- d-----w C:\Program Files\Kinko's 2007-04-13 01:14:46 -------- d-----w C:\DOCUME~1\Anand\APPLIC~1\Downloaded Installations 2007-04-06 02:50:54 -------- d-----w C:\DOCUME~1\Anand\APPLIC~1\AdobeUM 2007-03-31 21:29:55 -------- d-----w C:\Program Files\Bejeweled 2 Deluxe 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55] {BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2003-08-17 18:34] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-02 18:52] "DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-25 19:57] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 18:02] "AGRSMMSG"="AGRSMMSG.exe" [] "TPSMain"="TPSMain.exe" [2005-05-31 23:00 C:\WINDOWS\system32\TPSMain.exe] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 00:06] "TFncKy"="TFncKy.exe" [] "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 14:11] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 18:13] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 19:37] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-07-03 04:07] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-07-03 00:50] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-14 19:59] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-05-13 20:45] "SkyTel"="SkyTel.EXE" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-31 00:21] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-26 09:25] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup] rundll32.exe "C:\WINDOWS\system32\evknuddk.dll",realset [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet *Newly Created Service* -PROCEXP90 *Newly Created Service* -SASDIFSV Contents of the 'Scheduled Tasks' folder 2007-05-28 15:38:19 C:\WINDOWS\tasks\Symantec NetDetect.job ******************************************************************** catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-28 10:46:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-28 10:46:57 C:\ComboFix2.txt ... 2007-05-27 09:49 --- E O F --- Kaspersky - KASPERSKY ONLINE SCANNER REPORT Monday, May 28, 2007 12:57:04 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 28/05/2007 Kaspersky Anti-Virus database records: 330728 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ Scan Statistics Total number of scanned objects 67991 Number of viruses found 14 Number of infected objects 38 / 0 Number of suspicious objects 0 Duration of the scan process 00:50:31 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\Anand\Application Data\3M\PSNotes\PSNData Object is locked skipped C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\cert8.db Object is locked skipped C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\history.dat Object is locked skipped C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\key3.db Object is locked skipped C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\parent.lock Object is locked skipped C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\search.sqlite Object is locked skipped C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Anand\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped C:\Documents and Settings\Anand\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Anand\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Anand\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Anand\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Anand\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped C:\Documents and Settings\Anand\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Anand\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Anand\Local Settings\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\Cache\92941175d01/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.:filtered: skipped C:\Documents and Settings\Anand\Local Settings\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\Cache\92941175d01/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped C:\Documents and Settings\Anand\Local Settings\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\Cache\92941175d01 NSIS: infected - 2 skipped C:\Documents and Settings\Anand\Local Settings\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Anand\Local Settings\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Anand\Local Settings\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Anand\Local Settings\Application Data\Mozilla\Firefox\Profiles\sdd30jei.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Anand\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Anand\Local Settings\Temp\~DF276D.tmp Object is locked skipped C:\Documents and Settings\Anand\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Anand\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Anand\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Dowloads\Astalavista\Office_2003_CD-Key_.rar/keygen.exe Infected: Trojan-Dropper.Win32.Agent.azk skipped C:\Dowloads\Astalavista\Office_2003_CD-Key_.rar/crack.exe Infected: Trojan-Downloader.Win32.Small.edb skipped C:\Dowloads\Astalavista\Office_2003_CD-Key_.rar RAR: infected - 2 skipped C:\Dowloads\Limewire\Uniblue.Registry.Booster.v1.3.WinALL.CRACKED-NGEN.zip/Uniblue.Registry.Booster.v1.3.WinALL.CRACKED-NGEN/crack/registrybooster.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped C:\Dowloads\Limewire\Uniblue.Registry.Booster.v1.3.WinALL.CRACKED-NGEN.zip/Uniblue.Registry.Booster.v1.3.WinALL.CRACKED-NGEN/registrybooster.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped C:\Dowloads\Limewire\Uniblue.Registry.Booster.v1.3.WinALL.CRACKED-NGEN.zip ZIP: infected - 2 skipped C:\Dowloads\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped C:\Dowloads\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped C:\Dowloads\mirc621.exe NSIS: infected - 2 skipped C:\Dowloads\OiUninstaller.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.:filtered: skipped C:\Dowloads\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped C:\Dowloads\OiUninstaller.exe NSIS: infected - 2 skipped C:\Program Files\Hijackthis\backups\backup-20070527-093551-337.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program Files\Norton AntiVirus\Quarantine\3329348A.dll Infected: Trojan.Win32.BHO.g skipped C:\Program Files\Norton AntiVirus\Quarantine\353D7040.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\Program Files\Norton AntiVirus\Quarantine\378C1FB6.dll Infected: Trojan-Spy.Win32.VBStat.h skipped C:\Program Files\Norton AntiVirus\Quarantine\47432E6B.dll Infected: Trojan.Win32.BHO.g skipped C:\Program Files\Norton AntiVirus\Quarantine\47A943FB.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\Program Files\Norton AntiVirus\Quarantine\47CC11D4.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\Program Files\Norton AntiVirus\Quarantine\56FE671C.DLL Infected: Trojan.Win32.BHO.g skipped C:\Program Files\Norton AntiVirus\Quarantine\573530DF.DLL Infected: Trojan.Win32.BHO.g skipped C:\Program Files\Norton AntiVirus\Quarantine\592C72B5.BAD Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\Program Files\Norton AntiVirus\Quarantine\5ECF2BAB/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped C:\Program Files\Norton AntiVirus\Quarantine\5ECF2BAB NSIS: infected - 1 skipped C:\Program Files\Norton AntiVirus\Quarantine\5ECF2BAB CryptFF: infected - 1 skipped C:\Program Files\Norton AntiVirus\Quarantine\5EDC539D/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped C:\Program Files\Norton AntiVirus\Quarantine\5EDC539D NSIS: infected - 1 skipped C:\Program Files\Norton AntiVirus\Quarantine\5EDC539D CryptFF: infected - 1 skipped C:\Program Files\Norton AntiVirus\Quarantine\61C374FA.dll Infected: Trojan-Spy.Win32.VBStat.h skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{1ECC49D9-E619-4D06-8D7E-58E56CCBA9ED}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{430B8D89-B766-485B-A5A8-82C65EF43537}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\winpsa32.dll Infected: Trojan.Win32.Dialer.qn skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Thanks again, Andy.
  7. Hi, Many thanks again, I did your procedure and the popups havent shown up since about an hour of use. I have one new question, in the system tray, there is a Windows Security Alert and it has the Virus Protection tab as check status, havent been able to change it. Is that a concern? Please advise. Here are the logs for HJT and Combofix. HJT - Logfile of HijackThis v1.99.1 Scan saved at 9:51:43 AM, on 5/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\TODDSrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\toshiba\ivp\ism\pinger.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\WINDOWS\system32\RAMASST.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = in.rediff.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v45/bejeweled/bejeweled.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Motorola MVP\Extranet_serv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe Combofix - "Anand" - 2007-05-27 9:45:32 Service Pack 2 ComboFix 07-05.27.V - Running from: "C:\Dowloads\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) Purity Folders: C:\WINDOWS\SSTEM3~1 C:\DOCUME~1\Anand\APPLIC~1\SMBOLS~1 C:\DOCUME~1\Anand\MYDOCU~1\YSTEM~1 ((((((((((((((((((((((((((((((( Files Created from 2007-04-27 to 2007-05-27 )))))))))))))))))))))))))))))))))) 2007-05-25 20:13 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-05-25 20:11 <DIR> d-------- C:\fe592e6e954a0199db5ea1ad81b1b6 2007-05-25 20:10 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-05-25 20:10 <DIR> d-------- C:\fbbeb8f6341a6d9cd92cdfb9 2007-05-23 22:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-05-23 22:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-05-23 22:16 <DIR> d-------- C:\DOCUME~1\Anand\APPLIC~1\SUPERAntiSpyware.com 2007-05-22 21:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-05-22 20:37 <DIR> d-------- C:\DOCUME~1\Anand\APPLIC~1\Lavasoft 2007-05-22 20:36 <DIR> d-------- C:\Program Files\Lavasoft 2007-05-22 20:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-22 20:26 <DIR> d-------- C:\Program Files\PCPitstop 2007-05-20 22:50 3,360 --a------ C:\WINDOWS\system32\tmp.reg 2007-05-20 19:25 <DIR> d-------- C:\VundoFix Backups 2007-05-20 17:33 1,499,390 ---hs---- C:\WINDOWS\system32\ststv.bak1 2007-05-20 17:25 19,456 --a------ C:\WINDOWS\system32\winpsa32.dll 2007-05-20 16:36 <DIR> d-------- C:\Program Files\Uniblue 2007-05-20 16:36 <DIR> d-------- C:\DOCUME~1\Anand\APPLIC~1\Uniblue 2007-05-13 20:45 <DIR> d-------- C:\Program Files\SymNetDrv 2007-05-13 19:59 <DIR> d-------- C:\Program Files\Norton AntiVirus 2007-05-13 19:58 83,208 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-05-13 19:58 82,136 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-05-13 19:58 <DIR> d-------- C:\Program Files\Symantec 2007-05-10 23:19 89,184 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2007-05-10 23:18 569,344 --a------ C:\WINDOWS\system32\imagr5.dll 2007-05-10 23:18 544,768 --a------ C:\WINDOWS\system32\imagx5.dll 2007-05-10 23:18 38,912 --a------ C:\WINDOWS\system32\picn20.dll 2007-05-10 23:18 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll 2007-05-10 23:18 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-05-10 23:18 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-05-10 23:18 <DIR> d-------- C:\Program Files\Ahead 2007-05-10 23:17 <DIR> d-a------ C:\TEMP\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial 2007-05-10 22:14 <DIR> d-------- C:\TomTom (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-21 00:09:14 -------- d-----w C:\Program Files\mIRC 2007-05-19 00:03:02 16 ----a-w C:\WINDOWS\popcinfo.dat 2007-05-14 01:45:18 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-04-20 19:34:44 -------- d-----w C:\Program Files\Microsoft Office Communicator 2007-04-13 01:46:38 -------- d-----w C:\Program Files\Advanced PDF Tools v2.0 2007-04-13 01:16:53 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-04-13 01:15:05 -------- d-----w C:\Program Files\Kinko's 2007-04-13 01:14:46 -------- d-----w C:\DOCUME~1\Anand\APPLIC~1\Downloaded Installations 2007-04-06 02:50:54 -------- d-----w C:\DOCUME~1\Anand\APPLIC~1\AdobeUM 2007-03-31 21:29:55 -------- d-----w C:\Program Files\Bejeweled 2 Deluxe 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55] {BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2003-08-17 18:34] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-02 18:52] "DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-25 19:57] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 18:02] "AGRSMMSG"="AGRSMMSG.exe" [] "TPSMain"="TPSMain.exe" [2005-05-31 23:00 C:\WINDOWS\system32\TPSMain.exe] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 00:06] "TFncKy"="TFncKy.exe" [] "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 14:11] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 18:13] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 19:37] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-07-03 04:07] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-07-03 00:50] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-14 19:59] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-05-13 20:45] "SkyTel"="SkyTel.EXE" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-31 00:21] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-26 09:25] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup] rundll32.exe "C:\WINDOWS\system32\evknuddk.dll",realset [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet *Newly Created Service* -PROCEXP90 *Newly Created Service* -SASDIFSV ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070527-093551-802 O4 - HKCU\..\Run: [Qpuoj] "C:\Documents and Settings\Anand\Application Data\s?mbols\w?aclt.exe" backup-20070527-093551-337 O2 - BHO: (no name) - {E37E1B10-D8DF-DE2B-DE0B-8FADDEBB75C6} - C:\WINDOWS\system32\ukh.dll backup-20070527-093551-420 O2 - BHO: (no name) - {23859EF1-1EB6-42F3-B2D5-68EA4C85D924} - (no file) Contents of the 'Scheduled Tasks' folder 2007-05-27 14:39:53 C:\WINDOWS\tasks\Symantec NetDetect.job ******************************************************************** catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-27 09:48:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-27 9:49:23 --- E O F --- Best regards, Andy.
  8. Oh, sorry about that, here is the Hijack this log again - Logfile of HijackThis v1.99.1 Scan saved at 10:43:49 PM, on 5/24/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\TODDSrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\toshiba\ivp\ism\pinger.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = in.rediff.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {23859EF1-1EB6-42F3-B2D5-68EA4C85D924} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {E37E1B10-D8DF-DE2B-DE0B-8FADDEBB75C6} - C:\WINDOWS\system32\ukh.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Qpuoj] "C:\Documents and Settings\Anand\Application Data\s?mbols\w?aclt.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v45/bejeweled/bejeweled.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Motorola MVP\Extranet_serv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe Thanks, Andy.
  9. Thanks Aaflac for your superquick reply! After performing those actions, here are the logs - HJT Log- Logfile of HijackThis v1.99.1 Scan saved at 10:51:27 PM, on 5/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\TODDSrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\toshiba\ivp\ism\pinger.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\Go ogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = in.rediff.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {23859EF1-1EB6-42F3-B2D5-68EA4C85D924} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {E37E1B10-D8DF-DE2B-DE0B-8FADDEBB75C6} - C:\WINDOWS\system32\ukh.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\Go ogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Qpuoj] "C:\Documents and Settings\Anand\Application Data\s?mbols\w?aclt.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstar t O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v45/bejeweled/beje weled.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.ca b O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes/SonyISUp load.cab?v=1,0,0,37 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Motorola MVP\Extranet_serv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe Vundo Log - VundoFix V6.3.23 Checking Java version... Java version is 1.5.0.5 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Scan started at 7:25:11 PM 5/20/2007 Listing files found while scanning.... C:\WINDOWS\system32\evknuddk.dll C:\WINDOWS\system32\kddunkve.ini C:\WINDOWS\system32\vtsts.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\evknuddk.dll C:\WINDOWS\system32\evknuddk.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\kddunkve.ini C:\WINDOWS\system32\kddunkve.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\vtsts.dll C:\WINDOWS\system32\vtsts.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\vtsts.dll C:\WINDOWS\system32\vtsts.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.23 Checking Java version... Java version is 1.5.0.5 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Scan started at 10:17:44 PM 5/20/2007 Listing files found while scanning.... C:\WINDOWS\system32\ddcyy.dll C:\WINDOWS\system32\yycdd.bak1 C:\WINDOWS\system32\yycdd.ini Beginning removal... Attempting to delete C:\WINDOWS\system32\ddcyy.dll C:\WINDOWS\system32\ddcyy.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\yycdd.bak1 C:\WINDOWS\system32\yycdd.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\yycdd.ini C:\WINDOWS\system32\yycdd.ini Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\ddcyy.dll C:\WINDOWS\system32\ddcyy.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.23 Checking Java version... Java version is 1.5.0.5 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Scan started at 10:34:09 PM 5/20/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.3.23 Checking Java version... Java version is 1.5.0.5 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Scan started at 11:04:55 PM 5/20/2007 Listing files found while scanning.... C:\WINDOWS\system32\bcbeg.bak1 C:\WINDOWS\system32\bcbeg.ini C:\WINDOWS\system32\gebcb.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\bcbeg.bak1 C:\WINDOWS\system32\bcbeg.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\bcbeg.ini C:\WINDOWS\system32\bcbeg.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\gebcb.dll C:\WINDOWS\system32\gebcb.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\bcbeg.ini C:\WINDOWS\system32\bcbeg.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\gebcb.dll C:\WINDOWS\system32\gebcb.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.23 Checking Java version... Java version is 1.5.0.5 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Scan started at 9:15:12 PM 5/22/2007 Listing files found while scanning.... C:\WINDOWS\system32\kjllm.bak1 C:\WINDOWS\system32\kjllm.bak2 C:\WINDOWS\system32\kjllm.ini C:\WINDOWS\system32\mlljk.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\kjllm.bak1 C:\WINDOWS\system32\kjllm.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\kjllm.bak2 C:\WINDOWS\system32\kjllm.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\kjllm.ini C:\WINDOWS\system32\kjllm.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\mlljk.dll C:\WINDOWS\system32\mlljk.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.23 Checking Java version... Java version is 1.5.0.5 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Scan started at 10:04:51 PM 5/23/2007 Listing files found while scanning.... C:\WINDOWS\system32\cccdd.bak1 C:\WINDOWS\system32\cccdd.bak2 C:\WINDOWS\system32\cccdd.ini C:\WINDOWS\system32\ddccc.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\cccdd.bak1 C:\WINDOWS\system32\cccdd.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\cccdd.bak2 C:\WINDOWS\system32\cccdd.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\cccdd.ini C:\WINDOWS\system32\cccdd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ddccc.dll C:\WINDOWS\system32\ddccc.dll Has been deleted! Performing Repairs to the registry. Done! Superantispyware log - SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/23/2007 at 10:42 PM Application Version : 3.7.1018 Core Rules Database Version : 3243 Trace Rules Database Version: 1254 Scan type : Quick Scan Total Scan Time : 00:18:21 Memory items scanned : 486 Memory threats detected : 3 Registry items scanned : 848 Registry threats detected : 21 File items scanned : 14828 File threats detected : 66 Trojan.Downloader-Gen/SwampDonk C:\WINDOWS\SYSTEM32\RQRRPQO.DLL C:\WINDOWS\SYSTEM32\RQRRPQO.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23859EF1-1EB6-42F3-B2D5-68EA4C85D924} HKCR\CLSID\{23859EF1-1EB6-42F3-B2D5-68EA4C85D924} HKCR\CLSID\{23859EF1-1EB6-42F3-B2D5-68EA4C85D924}\InprocServer32 HKCR\CLSID\{23859EF1-1EB6-42F3-B2D5-68EA4C85D924}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{23859EF1-1EB6-42F3-B2D5-68EA4C85D924} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rqrrpqo C:\DOCUMENTS AND SETTINGS\ANAND\DESKTOP\BACKUPS\BACKUP-20070522-230606-782.DLL C:\DOWLOADS\BACKUPS\BACKUP-20070520-221524-464.DLL C:\DOWLOADS\BACKUPS\BACKUP-20070520-221614-863.DLL C:\DOWLOADS\BACKUPS\BACKUP-20070520-224912-908.DLL Adware.ClickSpring-Variant C:\DOCUME~1\ANAND\MYDOCU~1\ICROSO~1.NET\ATI2EVXX.EXE C:\DOCUME~1\ANAND\MYDOCU~1\ICROSO~1.NET\ATI2EVXX.EXE [Dmos] C:\DOCUME~1\ANAND\MYDOCU~1\ICROSO~1.NET\ATI2EVXX.EXE C:\WINDOWS\Prefetch\ATI2EVXX.EXE-0BFA08B4.pf Adware.ClickSpring/Resident C:\DOCUME~1\Anand\APPLIC~1\SMBOLS~1\WACLT~1.EXE C:\DOCUME~1\Anand\APPLIC~1\SMBOLS~1\WACLT~1.EXE Adware.Vundo Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51813D50-BB22-4FE0-800B-66E422384C28} HKCR\CLSID\{51813D50-BB22-4FE0-800B-66E422384C28} HKCR\CLSID\{51813D50-BB22-4FE0-800B-66E422384C28}\InprocServer32 HKCR\CLSID\{51813D50-BB22-4FE0-800B-66E422384C28}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\DDCCC.DLL C:\WINDOWS\SYSTEM32\AWVVW.DLL C:\WINDOWS\SYSTEM32\DDABB.DLL Adware.Tracking Cookie C:\Documents and Settings\Anand\Cookies\[email protected][1].txt C:\Documents and Settings\Anand\Cookies\[email protected][2].txt C:\Documents and Settings\Anand\Cookies\[email protected][2].txt C:\Documents and Settings\Anand\Cookies\[email protected][2].txt C:\Documents and Settings\Anand\Cookies\[email protected][2].txt C:\Documents and Settings\Anand\Cookies\[email protected][2].txt C:\Documents and Settings\Anand\Cookies\[email protected][1].txt C:\Documents and Settings\Anand\Cookies\[email protected][3].txt C:\Documents and Settings\Anand\Cookies\[email protected][2].txt C:\Documents and Settings\Anand\Cookies\[email protected][2].txt C:\Documents and Settings\Anand\Cookies\[email protected][2].txt C:\Documents and Settings\Anand\Cookies\[email protected][2].txt C:\Documents and Settings\Anand\Cookies\[email protected][2].txt C:\Documents and Settings\Anand\Cookies\[email protected][1].txt C:\Documents and Settings\Anand\Cookies\[email protected][1].txt C:\Documents and Settings\Anand\Cookies\[email protected][2].txt C:\Documents and Settings\Anand\Cookies\[email protected][1].txt C:\Documents and Settings\Anand\Cookies\[email protected][1].txt C:\Documents and Settings\Anand\Cookies\[email protected][1].txt C:\Documents and Settings\Anand\Cookies\[email protected][1].txt C:\Documents and Settings\Anand\Cookies\[email protected][1].txt C:\Documents and Settings\Anand\Cookies\[email protected][2].txt C:\Documents and Settings\Anand\Cookies\[email protected][2].txt C:\Documents and Settings\Anand\Cookies\[email protected][2].txt C:\Documents and Settings\Anand\Cookies\[email protected][1].txt C:\Documents and Settings\Anand\Cookies\[email protected][3].txt C:\Documents and Settings\Anand\Cookies\[email protected][1].txt C:\Documents and Settings\Anand\Cookies\[email protected][1].txt C:\Documents and Settings\Anand\Cookies\[email protected][1].txt C:\Documents and Settings\Anand\Cookies\[email protected][2].txt C:\Documents and Settings\Anand\Cookies\[email protected][1].txt C:\Documents and Settings\Anand\Cookies\[email protected][1].txt C:\Documents and Settings\Anand\Cookies\[email protected][1].txt C:\Documents and Settings\Anand\Cookies\[email protected][2].txt C:\Documents and Settings\Anand\Cookies\[email protected][1].txt C:\Documents and Settings\Anand\Cookies\[email protected][2].txt C:\Documents and Settings\Anand\Cookies\[email protected][1].txt C:\Documents and Settings\Anand\Cookies\[email protected][1].txt Adware.ClickSpring/Outer Info Network HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayIcon HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation C:\Program Files\Outerinfo\OiUninstaller.exe C:\Program Files\Outerinfo\outerinfo.ico C:\Program Files\Outerinfo\Terms.rtf C:\Program Files\Outerinfo C:\Documents and Settings\Anand\Start Menu\Programs\Outerinfo\Terms.lnk C:\Documents and Settings\Anand\Start Menu\Programs\Outerinfo\Uninstall.lnk C:\Documents and Settings\Anand\Start Menu\Programs\Outerinfo Trojan.Downloader-Gen/NoHo C:\DOCUMENTS AND SETTINGS\ANAND\DESKTOP\BACKUPS\BACKUP-20070522-230607-330.DLL C:\DOWLOADS\BACKUPS\BACKUP-20070520-221524-525.DLL C:\DOWLOADS\BACKUPS\BACKUP-20070520-221614-824.DLL C:\VUNDOFIX BACKUPS\DDCCC.DLL.BAD C:\VUNDOFIX BACKUPS\DDCYY.DLL.BAD C:\VUNDOFIX BACKUPS\GEBCB.DLL.BAD C:\VUNDOFIX BACKUPS\MLLJK.DLL.BAD C:\VUNDOFIX BACKUPS\VTSTS.DLL.BAD Unclassified.Unknown Origin C:\DOWLOADS\BACKUPS\BACKUP-20070520-221524-909.DLL Trojan.Unknown Origin C:\WINDOWS\SYSTEM32\WINTICOMSV.EXE Many thanks! - Andy.
  10. Hi, I tried the recommended options but am unable to get rid of spyware and probably a Trojan. Please help. My HJT log - Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 9:01:50 PM, on 5/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\TODDSrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\toshiba\ivp\ism\pinger.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\Anand\MYDOCU~1\ICROSO~1.NET\ati2evxx.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\WINDOWS\s?stem32\n?lookup.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\LimeWire\LimeWire.exe C:\Documents and Settings\Anand\Desktop\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {23859EF1-1EB6-42F3-B2D5-68EA4C85D924} - C:\WINDOWS\system32\rqrrpqo.dll O2 - BHO: (no name) - {51813D50-BB22-4FE0-800B-66E422384C28} - C:\WINDOWS\system32\ddccc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: (no name) - {B92C4816-D3DB-D17A-D10B-8FADDEBB72C0} - C:\WINDOWS\system32\jleejf.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\RunOnce: [eISS_cleanup] "C:\DOCUME~1\Anand\LOCALS~1\Temp\cacu_001.exe" /cleanup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Dmos] "C:\DOCUME~1\Anand\MYDOCU~1\ICROSO~1.NET\ati2evxx.exe" -vt yazb O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v45/bejeweled/bejeweled.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37 O20 - Winlogon Notify: ddccc - C:\WINDOWS\system32\ddccc.dll O20 - Winlogon Notify: rqrrpqo - C:\WINDOWS\SYSTEM32\rqrrpqo.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Motorola MVP\Extranet_serv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe Thanks in advance, Andy.
  11. Hi, Thanks for the quick reply. I performed those steps and have the new log as follows - Logfile of HijackThis v1.99.1 Scan saved at 12:28:59 AM, on 4/21/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\Program Files\Apoint2K\Apntex.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\alg.exe C:\Documents and Settings\Anand\Desktop\HJT\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8l.hpwis.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8l.hpwis.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pcpitstop.com/pestscan/pestscan.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Motorola MVP\Extranet_serv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe There was another www.one2one.com 016 - DBF file and I took the liberty of fixing that too by HJT. Everything looks quite good now - the startup time is minimum, no popups or wierd browser redirections. Thank you so very much for the help! You guys rock! :beer: Regards, Andy.
  12. Hi, Sorry couldnt reply earlier. Here are the logs - --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 11:01:43 PM, 4/20/2006 + Report-Checksum: D1B8DE90 + Scan result: C:\WINDOWS\system32\winbrume.dll -> Adware.BHO : Cleaned with backup ::Report End Logfile of HijackThis v1.99.1 Scan saved at 11:34:32 PM, on 4/20/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hphmon05.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Documents and Settings\Anand\Desktop\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8l.hpwis.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8l.hpwis.com/ O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\system32\winbrume.dll (file missing) O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - blank (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pcpitstop.com/pestscan/pestscan.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162 O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://www.pussyharem.com/stream/mmp.cab O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Motorola MVP\Extranet_serv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Please let me know. Thanks, Andy.
  13. Hi, Thanks for the quick replies. I performed those steps. Logs as follows - Vundofixlog: VundoFix V4.2.69 Running as SYSTEM from c:\windows\system32\VundoFix.exe Checking Java version... Scan started at 10:17:03 PM 4/18/2006 Listing files found while scanning.... C:\WINDOWS\system32\pmkhe.dll C:\WINDOWS\system32\ehkmp.ini C:\WINDOWS\system32\ehkmp.bak1 C:\WINDOWS\system32\ehkmp.bak2 C:\WINDOWS\system32\ehkmp.ini2 C:\WINDOWS\system32\ehkmp.tmp C:\WINDOWS\system32\ehkmp.bak1 C:\WINDOWS\system32\ehkmp.bak2 C:\WINDOWS\system32\ehkmp.tmp C:\WINDOWS\system32\ehkmp.ini C:\WINDOWS\system32\ehkmp.ini2 C:\WINDOWS\system32\pmkhe.dll C:\WINDOWS\system32\ehkmp.ini2 C:\WINDOWS\system32\ehkmp.bak2 C:\WINDOWS\system32\ehkmp.tmp C:\WINDOWS\system32\ehkmp.ini C:\WINDOWS\system32\ehkmp.ini2 C:\WINDOWS\system32\pmkhe.dll Attempting to delete C:\WINDOWS\system32\pmkhe.dll C:\WINDOWS\system32\pmkhe.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ehkmp.ini C:\WINDOWS\system32\ehkmp.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ehkmp.bak1 C:\WINDOWS\system32\ehkmp.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\ehkmp.bak2 C:\WINDOWS\system32\ehkmp.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\ehkmp.ini2 C:\WINDOWS\system32\ehkmp.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\ehkmp.tmp C:\WINDOWS\system32\ehkmp.tmp Has been deleted! Performing Repairs to the registry. Done! HJTLog: Logfile of HijackThis v1.99.1 Scan saved at 10:24:21 PM, on 4/18/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\WINDOWS\system32\LVComsX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Anand\Desktop\HJT\HijackThis.exe C:\Program Files\Symantec\LiveUpdate\AUpdate.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8l.hpwis.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8l.hpwis.com/ O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\system32\winbrume.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - blank (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pcpitstop.com/pestscan/pestscan.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162 O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://www.pussyharem.com/stream/mmp.cab O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Motorola MVP\Extranet_serv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Regards, Andy.
  14. Hi Trevuren, Thanks in advance for the help. I created a new folder and put the HJT.exe in there before taking this log. Logfile of HijackThis v1.99.1 Scan saved at 11:25:08 PM, on 4/17/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\WINDOWS\system32\LVComsX.exe C:\Documents and Settings\Anand\Desktop\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8l.hpwis.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8l.hpwis.com/ O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\system32\winbrume.dll O2 - BHO: InfoDocReader Object - {295BA105-3506-4D25-B0DD-54346320BDC5} - C:\WINDOWS\system32\pmkhe.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - blank (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pcpitstop.com/pestscan/pestscan.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162 O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://www.pussyharem.com/stream/mmp.cab O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - Winlogon Notify: pmkhe - C:\WINDOWS\system32\pmkhe.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Motorola MVP\Extranet_serv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Please advise. Regards, Andy.
  15. Hi, I have been struggling with popups and unwanted browser re-directions to www.amaena.com, adultfriendfinder, etc etc, since about a week now. Tried using Registry Mechanic, Spyware Doctor, Norton Antivirus, CCleaner, Ad-Adware SE in Normal windows mode and Edwido in Safe mode, but still cannot get rid of these. I took a HJTLog and am posting it here for your advice. Please help. :help: Logfile of HijackThis v1.99.1 Scan saved at 7:24:11 PM, on 4/16/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hphmon05.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\Program Files\Apoint2K\Apntex.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\WINDOWS\system32\LVComsX.exe C:\Program Files\Messenger\msmsgs.exe C:\DOCUME~1\Anand\LOCALS~1\Temp\Rar$EX00.265\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8l.hpwis.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8l.hpwis.com/ O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\system32\winbrume.dll O2 - BHO: InfoDocReader Object - {295BA105-3506-4D25-B0DD-54346320BDC5} - C:\WINDOWS\system32\pmkhe.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - blank (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162 O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://www.pussyharem.com/stream/mmp.cab O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - Winlogon Notify: pmkhe - C:\WINDOWS\system32\pmkhe.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Motorola MVP\Extranet_serv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Let me know if any additional info is required. Thanks and regards, Andy.
×
×
  • Create New...