explorer.exe

[saxysean]

Hello,
I'm new to this forum, so I hope I'm doing this right.

My computer is contstantly using at least 50% of the cpu power. The Task Manager shows that the program that's using it is explorer.exe. This starting happening about a week ago. Before then, only 1-2% of the CPU was being used while idle. I've checked to make sure that there are no viruses, spyware, or adware on my computer using the updated versions of Spybot, Ad-Aware, and Norton.

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:13:19 PM, on 9/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\AOL\1154297221\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sean\My Documents\Download\Applications\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154297221\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1154229014539
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thank you for your time.

[sUBs]

1. Download this file using either of these links

http://download.bleepingcomputer.com/sUBs/combofix.exe

http://www.techsupportforum.com/sectools/combofix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[saxysean]

combofix:

Sean - 06-09-04 12:24:44.28
ComboFix 06.09.04BT - Running from: C:\Documents and Settings\Sean\Desktop

Microsoft Windows XP [Version 5.1.2600]

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components


((((((((((((((((((((((((((((((( Files Created from 2006-08-04 to 2006-09-04 ))))))))))))))))))))))))))))))))))


2006-08-30 18:35 1,429 ---hs---- C:\WINDOWS\system32\kjjlm.ini2
2006-08-29 20:05 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-08-28 01:50 573,492 ---hs---- C:\WINDOWS\system32\mljjk.dll
2006-08-27 22:00 111,104 --a------ C:\WINDOWS\system32\uharc.exe
2006-08-27 21:38 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-08-27 20:47 36,864 --------- C:\WINDOWS\system32\wbsys.dll
2006-08-27 20:47 20,480 --a------ C:\WINDOWS\system32\wbload.dll
2006-08-26 23:42 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2006-08-26 23:42 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2006-08-26 23:42 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2006-08-26 23:26 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2006-08-26 23:26 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2006-08-25 18:47 314,880 --a------ C:\WINDOWS\IsUninst.exe
2006-08-23 01:18 442,368 --a------ C:\WINDOWS\system32\HYPNO.SCR
2006-08-23 01:18 114,688 --a------ C:\WINDOWS\PKCREGD.EXE
2006-08-23 00:29 90,112 --a------ C:\WINDOWS\unvise32.exe
2006-08-20 13:35 937,984 --a------ C:\WINDOWS\warcraft.scr
2006-08-14 20:22 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-08-14 20:22 249,856 --------- C:\WINDOWS\Setup1.exe
2006-08-10 17:54 2,829 --a------ C:\WINDOWS\War3Unin.pif
2006-08-10 17:54 126,976 --a------ C:\WINDOWS\War3Unin.exe
2006-08-07 17:02 534,208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 17:02 161,472 --a------ C:\WINDOWS\system32\SymRedir.dll
2006-08-04 18:12 45,568 --a------ C:\WINDOWS\UniFish3.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-04 12:20 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-04 01:56 -------- d-------- C:\Documents and Settings\Sean\Application Data\Azureus
2006-09-03 23:21 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-31 22:53 -------- d-------- C:\Program Files\Azureus
2006-08-31 22:50 -------- d-------- C:\Documents and Settings\Sean\Application Data\uTorrent
2006-08-31 21:35 -------- d-------- C:\Documents and Settings\Sean\Application Data\Help
2006-08-31 20:05 -------- d-------- C:\Program Files\Norton Internet Security
2006-08-29 22:18 -------- d-------- C:\Documents and Settings\Sean\Application Data\Share-to-Web Upload Folder
2006-08-29 22:17 -------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2006-08-29 22:17 -------- d-------- C:\Program Files\Common Files
2006-08-28 02:02 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-08-27 21:59 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-08-27 20:47 -------- d-------- C:\Program Files\Stardock
2006-08-27 20:34 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-27 20:34 -------- d-------- C:\Program Files\Rockstar Games
2006-08-27 00:19 -------- d-------- C:\Program Files\Diablo II
2006-08-26 22:58 -------- d-------- C:\Program Files\StepMania
2006-08-26 18:37 -------- d-------- C:\Program Files\EA GAMES
2006-08-26 17:41 -------- d-------- C:\Program Files\Warcraft III
2006-08-26 01:09 -------- d-------- C:\Program Files\Lavasoft
2006-08-26 01:09 -------- d-------- C:\Documents and Settings\Sean\Application Data\Lavasoft
2006-08-25 18:47 -------- d-------- C:\Program Files\Firaxis Games
2006-08-24 22:47 -------- d---s---- C:\Documents and Settings\Sean\Application Data\Microsoft
2006-08-23 17:46 -------- d-------- C:\Documents and Settings\Sean\Application Data\Microsoft Games
2006-08-23 17:33 -------- d-------- C:\Program Files\Microsoft Games
2006-08-23 01:18 -------- d-------- C:\Program Files\Winamp
2006-08-23 01:18 -------- d-------- C:\Program Files\Synthesoft
2006-08-23 01:18 -------- d-------- C:\Program Files\Hypno
2006-08-23 01:18 -------- d-------- C:\Program Files\CDSpectrum Pro
2006-08-23 00:31 -------- d-------- C:\Program Files\Finale 2006
2006-08-23 00:28 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-08-22 15:35 -------- d-------- C:\Program Files\LimeWire
2006-08-20 13:35 -------- d-------- C:\Program Files\Parallaxis Warcraft III
2006-08-20 13:35 -------- d-------- C:\Program Files\Free Offers from ScreenSaver.com
2006-08-18 17:51 -------- d-------- C:\Program Files\Bethesda Softworks
2006-08-18 17:43 -------- d-------- C:\Program Files\PowerISO
2006-08-16 23:28 -------- d-------- C:\Program Files\Internet Explorer
2006-08-16 17:09 -------- d-------- C:\Program Files\SoftPointer
2006-08-16 17:07 -------- d-------- C:\Program Files\3ivx
2006-08-14 23:02 -------- d-------- C:\Documents and Settings\Sean\Application Data\AdobeUM
2006-08-14 20:22 -------- d-------- C:\Program Files\Physics Quizzes
2006-08-14 01:51 -------- d-------- C:\Documents and Settings\Sean\Application Data\Adobe
2006-08-12 02:39 -------- d-------- C:\Program Files\BitTorrent
2006-08-12 02:39 -------- d-------- C:\Documents and Settings\Sean\Application Data\BitTorrent
2006-08-10 15:37 -------- d-------- C:\Program Files\Symantec
2006-08-07 17:02 31936 --a------ C:\WINDOWS\system32\drivers\symids.sys
2006-08-07 17:02 28352 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2006-08-07 17:02 24768 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2006-08-07 17:02 195776 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2006-08-07 17:02 110784 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2006-08-07 17:01 12992 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2006-08-05 03:17 -------- d-------- C:\Program Files\Starcraft
2006-08-04 18:11 -------- d-------- C:\Program Files\Hasbro Interactive
2006-08-04 17:43 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-04 17:40 -------- d-------- C:\Program Files\Microsoft Office
2006-08-04 17:18 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-08-04 17:17 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-08-04 17:17 -------- d-------- C:\Program Files\Common Files\System
2006-08-04 17:17 -------- d-------- C:\Program Files\Common Files\Designer
2006-08-04 03:20 -------- d-------- C:\Program Files\LucasArts
2006-08-04 03:16 -------- d-------- C:\Program Files\GetData
2006-08-04 02:53 -------- d-------- C:\Program Files\Doom 3
2006-08-03 20:16 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-08-03 01:05 -------- d-------- C:\Program Files\Google
2006-08-03 01:05 -------- d-------- C:\Documents and Settings\Sean\Application Data\Google
2006-07-31 17:55 -------- d-------- C:\Program Files\Java
2006-07-31 17:55 -------- d-------- C:\Documents and Settings\Sean\Application Data\Sun
2006-07-31 17:53 -------- d-------- C:\Program Files\Common Files\Java
2006-07-30 19:23 -------- d-------- C:\Program Files\Windows Media Player
2006-07-30 17:08 -------- d-------- C:\Documents and Settings\Sean\Application Data\acccore
2006-07-30 17:07 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-07-30 17:07 -------- d-------- C:\Program Files\Common Files\aolshare
2006-07-30 17:07 -------- d-------- C:\Program Files\Common Files\AOL
2006-07-30 17:07 -------- d-------- C:\Program Files\AOL
2006-07-30 17:07 -------- d-------- C:\Program Files\AOD
2006-07-30 17:06 -------- d-------- C:\Documents and Settings\Sean\Application Data\Mozilla
2006-07-30 16:16 -------- d-------- C:\Documents and Settings\Sean\Application Data\Petroglyph
2006-07-30 16:14 -------- d-------- C:\Documents and Settings\Sean\Application Data\LucasArts
2006-07-30 13:55 -------- d-------- C:\Documents and Settings\Sean\Application Data\Symantec
2006-07-30 13:31 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-07-30 13:26 -------- d-------- C:\Program Files\Common Files\Adobe
2006-07-30 13:25 -------- d-------- C:\Program Files\Adobe
2006-07-30 13:21 -------- d-------- C:\Program Files\ASUS
2006-07-30 05:30 -------- d-------- C:\Program Files\Activision
2006-07-30 05:28 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-07-30 02:59 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2006-07-30 02:55 -------- d-------- C:\Documents and Settings\Sean\Application Data\Macromedia
2006-07-30 00:58 -------- d-------- C:\Program Files\Realtek Sound Manager
2006-07-30 00:58 -------- d-------- C:\Program Files\Realtek AC97
2006-07-30 00:58 -------- d-------- C:\Program Files\AvRack
2006-07-30 00:13 967 --a------ C:\WINDOWS\ScUnin.pif
2006-07-30 00:13 70656 --a------ C:\WINDOWS\ScUnin.exe
2006-07-29 23:42 -------- d-------- C:\Program Files\ATI Technologies
2006-07-29 22:21 -------- d-------- C:\Program Files\Outlook Express
2006-07-29 22:20 -------- d-------- C:\Program Files\Messenger
2006-07-29 21:56 -------- d--h----- C:\Program Files\Uninstall Information
2006-07-29 21:56 -------- d-------- C:\Documents and Settings\Sean\Application Data\Identities
2006-07-29 21:52 0 -rahs---- C:\MSDOS.SYS
2006-07-29 21:52 0 -rahs---- C:\IO.SYS
2006-07-29 21:52 0 --a------ C:\CONFIG.SYS
2006-07-29 21:52 0 --a------ C:\AUTOEXEC.BAT
2006-07-29 21:52 -------- d-------- C:\Program Files\xerox
2006-07-29 21:52 -------- d-------- C:\Program Files\microsoft frontpage
2006-07-29 21:51 -------- d--h----- C:\Program Files\WindowsUpdate
2006-07-29 21:50 -------- d-------- C:\Program Files\NetMeeting
2006-07-29 21:50 -------- d-------- C:\Program Files\Movie Maker
2006-07-29 21:50 -------- d-------- C:\Program Files\Common Files\Services
2006-07-29 21:50 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-07-29 21:49 -------- d-------- C:\Program Files\Windows NT
2006-07-29 21:49 -------- d-------- C:\Program Files\Online Services
2006-07-29 21:49 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-07-29 21:49 -------- d-------- C:\Program Files\ComPlus Applications
2006-07-29 21:48 -------- d-------- C:\Program Files\MSN
2006-07-29 16:43 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-07-29 16:43 -------- d-------- C:\Program Files\Common Files\ODBC
2006-07-29 16:42 62 --ahs---- C:\Documents and Settings\Sean\Application Data\desktop.ini
2006-07-29 15:34 9728 --a------ C:\WINDOWS\system32\bdco1ins.dll
2006-07-29 15:34 9728 --a------ C:\WINDOWS\system32\bdco1.dll
2006-07-29 15:34 92800 --a------ C:\WINDOWS\system32\drivers\nvata.sys
2006-07-29 15:34 33536 --a------ C:\WINDOWS\system32\drivers\NVENETFD.sys
2006-07-29 15:34 32256 --a------ C:\WINDOWS\system32\nvconrm.dll
2006-07-29 15:34 300032 --a------ C:\WINDOWS\system32\idecoi.dll
2006-07-29 15:34 261888 --a------ C:\WINDOWS\system32\drivers\nvnrm.sys
2006-07-29 15:34 208256 --a------ C:\WINDOWS\system32\drivers\nvsnpu.sys
2006-07-29 15:34 201728 --a------ C:\WINDOWS\system32\fdco1ins.dll
2006-07-29 15:34 201728 --a------ C:\WINDOWS\system32\fdco1.dll
2006-07-29 15:34 176128 --a------ C:\WINDOWS\system32\nvusmb.exe
2006-07-29 15:34 12928 --a------ C:\WINDOWS\system32\drivers\nvnetbus.sys
2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS Probe"="C:\\Program Files\\ASUS\\Asus Probe\\AsusProb.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"SpyHunter"="C:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter.exe"
"SoundMan"="SOUNDMAN.EXE"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1154297221\\ee\\AOLSoftware.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Aim6"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoUserNameInStartMenu"=hex:00,00,00,00
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,4b,00,00,00,00,00,00,00,b5,04,00,00,ea,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,4b,00,00,00,00,00,00,00,b5,04,00,00,e2,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,4b,00,00,00,00,00,00,00,b5,04,00,00,e2,03,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjk
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhab32


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Sean.job

Completion time: 06-09-04 12:25:27.57
ComboFix.txt


HJT:

Logfile of HijackThis v1.99.1
Scan saved at 12:27, on 06-09-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\AOL\1154297221\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Sean\My Documents\Download\Applications\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154297221\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1154229014539
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

[sUBs]

* IMPORTANT !!! Make sure combofix.exe is located on your Desktop







Go to Start → Run → paste in the single line command & click OK

"%userprofile%\desktop\combofix.exe" /v mljjk winhab32

When finished, it shall produce a log for you.

[saxysean]

Combofix log:

Sean - 06-09-04 12:57:11.89
ComboFix 06.09.04BT - Running from: C:\Documents and Settings\Sean\desktop

Microsoft Windows XP [Version 5.1.2600]

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\kjjlm.ini2
C:\WINDOWS\system32\kjjlm.tmp


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 2006-08-04 to 2006-09-04 ))))))))))))))))))))))))))))))))))


2006-08-29 20:05 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-08-27 22:00 111,104 --a------ C:\WINDOWS\system32\uharc.exe
2006-08-27 21:38 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-08-27 20:47 36,864 --------- C:\WINDOWS\system32\wbsys.dll
2006-08-27 20:47 20,480 --a------ C:\WINDOWS\system32\wbload.dll
2006-08-26 23:42 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2006-08-26 23:42 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2006-08-26 23:42 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2006-08-26 23:26 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2006-08-26 23:26 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2006-08-25 18:47 314,880 --a------ C:\WINDOWS\IsUninst.exe
2006-08-23 01:18 442,368 --a------ C:\WINDOWS\system32\HYPNO.SCR
2006-08-23 01:18 114,688 --a------ C:\WINDOWS\PKCREGD.EXE
2006-08-23 00:29 90,112 --a------ C:\WINDOWS\unvise32.exe
2006-08-20 13:35 937,984 --a------ C:\WINDOWS\warcraft.scr
2006-08-14 20:22 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-08-14 20:22 249,856 --------- C:\WINDOWS\Setup1.exe
2006-08-10 17:54 2,829 --a------ C:\WINDOWS\War3Unin.pif
2006-08-10 17:54 126,976 --a------ C:\WINDOWS\War3Unin.exe
2006-08-07 17:02 534,208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 17:02 161,472 --a------ C:\WINDOWS\system32\SymRedir.dll
2006-08-04 18:12 45,568 --a------ C:\WINDOWS\UniFish3.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-04 12:27 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-04 01:56 -------- d-------- C:\Documents and Settings\Sean\Application Data\Azureus
2006-09-03 23:21 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-31 22:53 -------- d-------- C:\Program Files\Azureus
2006-08-31 22:50 -------- d-------- C:\Documents and Settings\Sean\Application Data\uTorrent
2006-08-31 21:35 -------- d-------- C:\Documents and Settings\Sean\Application Data\Help
2006-08-31 20:05 -------- d-------- C:\Program Files\Norton Internet Security
2006-08-29 22:18 -------- d-------- C:\Documents and Settings\Sean\Application Data\Share-to-Web Upload Folder
2006-08-29 22:17 -------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2006-08-29 22:17 -------- d-------- C:\Program Files\Common Files
2006-08-28 02:02 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-08-27 21:59 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-08-27 20:47 -------- d-------- C:\Program Files\Stardock
2006-08-27 20:34 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-27 20:34 -------- d-------- C:\Program Files\Rockstar Games
2006-08-27 00:19 -------- d-------- C:\Program Files\Diablo II
2006-08-26 22:58 -------- d-------- C:\Program Files\StepMania
2006-08-26 18:37 -------- d-------- C:\Program Files\EA GAMES
2006-08-26 17:41 -------- d-------- C:\Program Files\Warcraft III
2006-08-26 01:09 -------- d-------- C:\Program Files\Lavasoft
2006-08-26 01:09 -------- d-------- C:\Documents and Settings\Sean\Application Data\Lavasoft
2006-08-25 18:47 -------- d-------- C:\Program Files\Firaxis Games
2006-08-24 22:47 -------- d---s---- C:\Documents and Settings\Sean\Application Data\Microsoft
2006-08-23 17:46 -------- d-------- C:\Documents and Settings\Sean\Application Data\Microsoft Games
2006-08-23 17:33 -------- d-------- C:\Program Files\Microsoft Games
2006-08-23 01:18 -------- d-------- C:\Program Files\Winamp
2006-08-23 01:18 -------- d-------- C:\Program Files\Synthesoft
2006-08-23 01:18 -------- d-------- C:\Program Files\Hypno
2006-08-23 01:18 -------- d-------- C:\Program Files\CDSpectrum Pro
2006-08-23 00:31 -------- d-------- C:\Program Files\Finale 2006
2006-08-23 00:28 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-08-22 15:35 -------- d-------- C:\Program Files\LimeWire
2006-08-20 13:35 -------- d-------- C:\Program Files\Parallaxis Warcraft III
2006-08-20 13:35 -------- d-------- C:\Program Files\Free Offers from ScreenSaver.com
2006-08-18 17:51 -------- d-------- C:\Program Files\Bethesda Softworks
2006-08-18 17:43 -------- d-------- C:\Program Files\PowerISO
2006-08-16 23:28 -------- d-------- C:\Program Files\Internet Explorer
2006-08-16 17:09 -------- d-------- C:\Program Files\SoftPointer
2006-08-16 17:07 -------- d-------- C:\Program Files\3ivx
2006-08-14 23:02 -------- d-------- C:\Documents and Settings\Sean\Application Data\AdobeUM
2006-08-14 20:22 -------- d-------- C:\Program Files\Physics Quizzes
2006-08-14 01:51 -------- d-------- C:\Documents and Settings\Sean\Application Data\Adobe
2006-08-12 02:39 -------- d-------- C:\Program Files\BitTorrent
2006-08-12 02:39 -------- d-------- C:\Documents and Settings\Sean\Application Data\BitTorrent
2006-08-10 15:37 -------- d-------- C:\Program Files\Symantec
2006-08-07 17:02 31936 --a------ C:\WINDOWS\system32\drivers\symids.sys
2006-08-07 17:02 28352 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2006-08-07 17:02 24768 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2006-08-07 17:02 195776 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2006-08-07 17:02 110784 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2006-08-07 17:01 12992 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2006-08-05 03:17 -------- d-------- C:\Program Files\Starcraft
2006-08-04 18:11 -------- d-------- C:\Program Files\Hasbro Interactive
2006-08-04 17:43 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-04 17:40 -------- d-------- C:\Program Files\Microsoft Office
2006-08-04 17:18 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-08-04 17:17 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-08-04 17:17 -------- d-------- C:\Program Files\Common Files\System
2006-08-04 17:17 -------- d-------- C:\Program Files\Common Files\Designer
2006-08-04 03:20 -------- d-------- C:\Program Files\LucasArts
2006-08-04 03:16 -------- d-------- C:\Program Files\GetData
2006-08-04 02:53 -------- d-------- C:\Program Files\Doom 3
2006-08-03 20:16 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-08-03 01:05 -------- d-------- C:\Program Files\Google
2006-08-03 01:05 -------- d-------- C:\Documents and Settings\Sean\Application Data\Google
2006-07-31 17:55 -------- d-------- C:\Program Files\Java
2006-07-31 17:55 -------- d-------- C:\Documents and Settings\Sean\Application Data\Sun
2006-07-31 17:53 -------- d-------- C:\Program Files\Common Files\Java
2006-07-30 19:23 -------- d-------- C:\Program Files\Windows Media Player
2006-07-30 17:08 -------- d-------- C:\Documents and Settings\Sean\Application Data\acccore
2006-07-30 17:07 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-07-30 17:07 -------- d-------- C:\Program Files\Common Files\aolshare
2006-07-30 17:07 -------- d-------- C:\Program Files\Common Files\AOL
2006-07-30 17:07 -------- d-------- C:\Program Files\AOL
2006-07-30 17:07 -------- d-------- C:\Program Files\AOD
2006-07-30 17:06 -------- d-------- C:\Documents and Settings\Sean\Application Data\Mozilla
2006-07-30 16:16 -------- d-------- C:\Documents and Settings\Sean\Application Data\Petroglyph
2006-07-30 16:14 -------- d-------- C:\Documents and Settings\Sean\Application Data\LucasArts
2006-07-30 13:55 -------- d-------- C:\Documents and Settings\Sean\Application Data\Symantec
2006-07-30 13:31 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-07-30 13:26 -------- d-------- C:\Program Files\Common Files\Adobe
2006-07-30 13:25 -------- d-------- C:\Program Files\Adobe
2006-07-30 13:21 -------- d-------- C:\Program Files\ASUS
2006-07-30 05:30 -------- d-------- C:\Program Files\Activision
2006-07-30 05:28 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-07-30 02:59 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2006-07-30 02:55 -------- d-------- C:\Documents and Settings\Sean\Application Data\Macromedia
2006-07-30 00:58 -------- d-------- C:\Program Files\Realtek Sound Manager
2006-07-30 00:58 -------- d-------- C:\Program Files\Realtek AC97
2006-07-30 00:58 -------- d-------- C:\Program Files\AvRack
2006-07-30 00:13 967 --a------ C:\WINDOWS\ScUnin.pif
2006-07-30 00:13 70656 --a------ C:\WINDOWS\ScUnin.exe
2006-07-29 23:42 -------- d-------- C:\Program Files\ATI Technologies
2006-07-29 22:21 -------- d-------- C:\Program Files\Outlook Express
2006-07-29 22:20 -------- d-------- C:\Program Files\Messenger
2006-07-29 21:56 -------- d--h----- C:\Program Files\Uninstall Information
2006-07-29 21:56 -------- d-------- C:\Documents and Settings\Sean\Application Data\Identities
2006-07-29 21:52 0 -rahs---- C:\MSDOS.SYS
2006-07-29 21:52 0 -rahs---- C:\IO.SYS
2006-07-29 21:52 0 --a------ C:\CONFIG.SYS
2006-07-29 21:52 0 --a------ C:\AUTOEXEC.BAT
2006-07-29 21:52 -------- d-------- C:\Program Files\xerox
2006-07-29 21:52 -------- d-------- C:\Program Files\microsoft frontpage
2006-07-29 21:51 -------- d--h----- C:\Program Files\WindowsUpdate
2006-07-29 21:50 -------- d-------- C:\Program Files\NetMeeting
2006-07-29 21:50 -------- d-------- C:\Program Files\Movie Maker
2006-07-29 21:50 -------- d-------- C:\Program Files\Common Files\Services
2006-07-29 21:50 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-07-29 21:49 -------- d-------- C:\Program Files\Windows NT
2006-07-29 21:49 -------- d-------- C:\Program Files\Online Services
2006-07-29 21:49 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-07-29 21:49 -------- d-------- C:\Program Files\ComPlus Applications
2006-07-29 21:48 -------- d-------- C:\Program Files\MSN
2006-07-29 16:43 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-07-29 16:43 -------- d-------- C:\Program Files\Common Files\ODBC
2006-07-29 16:42 62 --ahs---- C:\Documents and Settings\Sean\Application Data\desktop.ini
2006-07-29 15:34 9728 --a------ C:\WINDOWS\system32\bdco1ins.dll
2006-07-29 15:34 9728 --a------ C:\WINDOWS\system32\bdco1.dll
2006-07-29 15:34 92800 --a------ C:\WINDOWS\system32\drivers\nvata.sys
2006-07-29 15:34 33536 --a------ C:\WINDOWS\system32\drivers\NVENETFD.sys
2006-07-29 15:34 32256 --a------ C:\WINDOWS\system32\nvconrm.dll
2006-07-29 15:34 300032 --a------ C:\WINDOWS\system32\idecoi.dll
2006-07-29 15:34 261888 --a------ C:\WINDOWS\system32\drivers\nvnrm.sys
2006-07-29 15:34 208256 --a------ C:\WINDOWS\system32\drivers\nvsnpu.sys
2006-07-29 15:34 201728 --a------ C:\WINDOWS\system32\fdco1ins.dll
2006-07-29 15:34 201728 --a------ C:\WINDOWS\system32\fdco1.dll
2006-07-29 15:34 176128 --a------ C:\WINDOWS\system32\nvusmb.exe
2006-07-29 15:34 12928 --a------ C:\WINDOWS\system32\drivers\nvnetbus.sys
2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS Probe"="C:\\Program Files\\ASUS\\Asus Probe\\AsusProb.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"SpyHunter"="C:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter.exe"
"SoundMan"="SOUNDMAN.EXE"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1154297221\\ee\\AOLSoftware.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Aim6"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoUserNameInStartMenu"=hex:00,00,00,00
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,4b,00,00,00,00,00,00,00,b5,04,00,00,ea,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,4b,00,00,00,00,00,00,00,b5,04,00,00,e2,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,4b,00,00,00,00,00,00,00,b5,04,00,00,e2,03,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Sean.job

Completion time: 06-09-04 13:07:45.04
ComboFix.txt

[saxysean]

Okay, I just noticed that explorer is no longer at 50%. It's back to normal!

However, the computer froze on the reboot for conbofix. when i tried to restart it from that it said that there was a "disk failure." it did that twice and then finally rebooted.

[sUBs]

Very good. Your issues with explorer.exe should have stopped after this.

Please perform an online scan using Internet Explorer at http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan


* * * * * *

In your next post, please include these:

1. Fresh Hijackthis log taken just before replying
2. Online scan

Please update us on how the computer behaves now

[sUBs]

Quote:

Originally Posted by saxysean

Okay, I just noticed that explorer is no longer at 50%. It's back to normal!

However, the computer froze on the reboot for conbofix. when i tried to restart it from that it said that there was a "disk failure." it did that twice and then finally rebooted.

We cross-posted.

Bit concerned about the "disk failure" message. Remind me about it afterwards.

[saxysean]

The link "http://www.kaspersky.com/service?chapter=161739400" turns into "http://usa.kaspersky.com/services/". Which service should i use?

[sUBs]

That's strange. When I click on the link, it took me to the correct page.

Try this ... http://usa.kaspersky.com/services/fr...us-scanner.php

[saxysean]

It says the page cannot be found.

**edit**
Nevermind, I found the online virus scanner. I'm doing it right now.

[saxysean]

new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 3:25:11 PM, on 06-09-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\AOL\1154297221\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Sean\My Documents\Download\Applications\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154297221\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1154229014539
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Online Scan log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
06-09-04 3:23:40 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/09/2006
Kaspersky Anti-Virus database records: 220779
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: false

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 93659
Number of viruses found: 14
Number of infected objects: 40 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:47:59

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-09-04_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\020479EC.exe Infected: Trojan-Downloader.Win32.Zlob.agf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12AF7CB9.dll Infected: not-virus:Hoax.Win32.Renos.en skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A1552A8.tmp Infected: not-a-virus:AdWare.Win32.180Solutions.as skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B6802A5.tmp Infected: Packed.Win32.Klone.g skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B6B2CA1.tmp Infected: Packed.Win32.Klone.g skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B6E569E.tmp Infected: Packed.Win32.Klone.g skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34433499.tmp Infected: Packed.Win32.Klone.g skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\488E4AE3.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\488E4AE3.tmp/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\488E4AE3.tmp/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\488E4AE3.tmp NSIS: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\488E4AE3.tmp CryptFF: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55555BFD.def Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55D86B6D Infected: Trojan-Dropper.Win32.Agent.asl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55E16962.exe Infected: Trojan-Dropper.Win32.Agent.asl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56265B17 Infected: Trojan-Dropper.Win32.Agent.asl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56265B17.exe Infected: Trojan-Dropper.Win32.Agent.asl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59F155C1.exe Infected: not-virus:Hoax.Win32.Renos.ep skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A9A5D06.dll Infected: not-virus:Hoax.Win32.Renos.ds skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BA50B0A Infected: Trojan-Dropper.Win32.Agent.asl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BA50B0A.exe Infected: Trojan-Dropper.Win32.Agent.asl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74921CB8.dll Infected: Packed.Win32.Klone.g skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A0B1298.tmp Infected: Packed.Win32.Klone.g skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\19thwdly.default\cert8.db Object is locked skipped
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\19thwdly.default\history.dat Object is locked skipped
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\19thwdly.default\key3.db Object is locked skipped
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\19thwdly.default\parent.lock Object is locked skipped
C:\Documents and Settings\Sean\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\Sean\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Sean\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Sean\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_346.wmdb Object is locked skipped
C:\Documents and Settings\Sean\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Sean\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Sean\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNSD.XML Object is locked skipped
C:\Documents and Settings\Sean\Local Settings\Application Data\Mozilla\Firefox\Profiles\19thwdly.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Sean\Local Settings\Application Data\Mozilla\Firefox\Profiles\19thwdly.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Sean\Local Settings\Application Data\Mozilla\Firefox\Profiles\19thwdly.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Sean\Local Settings\Application Data\Mozilla\Firefox\Profiles\19thwdly.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Sean\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sean\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sean\ntuser.dat Object is locked skipped
C:\Documents and Settings\Sean\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\eengine\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0128NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8D235202-FA06-4BBA-855E-C9A082920BC5}\RP47\A0033332.exe/WISE0025.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\System Volume Information\_restore{8D235202-FA06-4BBA-855E-C9A082920BC5}\RP47\A0033332.exe/WISE0025.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\System Volume Information\_restore{8D235202-FA06-4BBA-855E-C9A082920BC5}\RP47\A0033332.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\System Volume Information\_restore{8D235202-FA06-4BBA-855E-C9A082920BC5}\RP47\A0033332.exe/WISE0026.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{8D235202-FA06-4BBA-855E-C9A082920BC5}\RP47\A0033332.exe WiseSFX: infected - 4 skipped
C:\System Volume Information\_restore{8D235202-FA06-4BBA-855E-C9A082920BC5}\RP62\A0039923.exe Infected: Trojan-Downloader.Win32.Zlob.agf skipped
C:\System Volume Information\_restore{8D235202-FA06-4BBA-855E-C9A082920BC5}\RP62\A0039964.exe Infected: Trojan-Downloader.Win32.Zlob.agf skipped
C:\System Volume Information\_restore{8D235202-FA06-4BBA-855E-C9A082920BC5}\RP62\A0040001.exe Infected: not-virus:Hoax.Win32.Renos.ep skipped
C:\System Volume Information\_restore{8D235202-FA06-4BBA-855E-C9A082920BC5}\RP62\A0040002.dll Infected: not-virus:Hoax.Win32.Renos.ds skipped
C:\System Volume Information\_restore{8D235202-FA06-4BBA-855E-C9A082920BC5}\RP62\A0040007.exe Infected: Trojan-Downloader.Win32.Zlob.agf skipped
C:\System Volume Information\_restore{8D235202-FA06-4BBA-855E-C9A082920BC5}\RP62\A0040016.exe Infected: Trojan-Downloader.Win32.Zlob.agf skipped
C:\System Volume Information\_restore{8D235202-FA06-4BBA-855E-C9A082920BC5}\RP62\A0040021.exe Infected: Trojan-Downloader.Win32.Zlob.ahp skipped
C:\System Volume Information\_restore{8D235202-FA06-4BBA-855E-C9A082920BC5}\RP62\A0040022.exe Infected: Trojan-Downloader.Win32.Zlob.agf skipped
C:\System Volume Information\_restore{8D235202-FA06-4BBA-855E-C9A082920BC5}\RP62\A0040023.dll Infected: not-virus:Hoax.Win32.Renos.en skipped
C:\System Volume Information\_restore{8D235202-FA06-4BBA-855E-C9A082920BC5}\RP71\A0044251.dll Infected: not-virus:Hoax.Win32.Renos.en skipped
C:\System Volume Information\_restore{8D235202-FA06-4BBA-855E-C9A082920BC5}\RP71\A0044253.dll Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{8D235202-FA06-4BBA-855E-C9A082920BC5}\RP74\A0045534.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.da skipped
C:\System Volume Information\_restore{8D235202-FA06-4BBA-855E-C9A082920BC5}\RP75\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[sUBs]

Scan results are good. Just files from Norton's Quarantine & System Restore's cache which we will remove later

Please use Symantec's guide to remove the files from quarantine. http://service1.symantec.com/SUPPORT...on=1#_Section1

Tell me if those disk errors still occur

[saxysean]

Removed the files. Everything went to plan.

I rebooted the computer to see if it would tell me there was a disk error again and sure enough it did. It gave the message "DISK BOOT FAILURE, INSERT SYSTEM DISK AND PRESS ENTER".

I've noticed a trend, however. This only happens when I restart it. I haven't seen this happen if I shut it down and then start it up. It should also be noted that my bootup time has increased substantionally.

[sUBs]

What brand/model/age are your hard disks? SATA or IDE?

[saxysean]

Maxtor 300 gb Sata. I bought it in July.

[sUBs]

Disk is new. That should rule out disk damage. I had a similar trouble recently & it turned out to be a faulty connector. Please start a thread at the hardware section so that the experts there, may assist you troubleshoot it.

Your system is clean. Kindly follow these simple steps in order to keep your computer clean and secure:

1. CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
   Go to Start → Run → type control sysdm.cpl,,4 & press Enter
   • Tick on the checkbox - Turn off System Restore on all drives
   • Click Apply
   Turn it back 'On' by unticking the same checkbox & click OK
   
   
   
2. DISABLE THE VIEWING OF SYSTEM FILES
   From Windows Explorer, go to Tools>Folder Options> View tab.
   • Untick - Show hidden files and folder
   • Tick - Hide file extensions for known types
   • Tick - Hide protected operating system files
   Click Yes to confirm & then click OK
   
   
   
3. SECURING INTERNET EXPLORER
   From within Internet Explorer click on the Tools menu and then click on Internet Options.
   • Select the Security tab
     • Click once on the Internet icon so it becomes highlighted.
     • Select Custom Level .
       • Change 'Download signed ActiveX controls' to Prompt
       • Change 'Download unsigned ActiveX controls' to Disable
       • Change 'Initialize and script ActiveX controls not marked as safe' to Disable
       • Change 'Installation of desktop items' to Prompt
       • Change 'Launching programs and files in an IFRAME' to Prompt
       • Change 'Navigate sub-frames across different domains' to Prompt
       • When all these changes have been made, click on the OK button.
     • If it prompts you as to whether or not you want to save the settings, press the Yes button.
   • Select OK to exit the Internet Properties page.
   
   
   
4. ANTIVIRUS SOFTWARE
   It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
   
   See this link for a listing of some online & their stand-alone antivirus programs:
   
   Virus, Spyware, and Malware Protection and Removal Resources → http://www.bleepingcomputer.com/forums/topict405.html
   
   It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
   
5. FIREWALL
   Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here → http://www.bleepingcomputer.com/forums/tutorial60.html
   
   
   
6. Microsoft Windows Update → http://www.windowsupdate.com
   Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
   
   
7. SPYBOT - SEARCH & DESTROY
   Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial43.html
   
   
8. AD-AWARE
   Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial48.html
   
   
   
9. SPYWAREBLASTER
   SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.
   
   Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial49.html
   
   
   
10. IE-SPYAD
    IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here http://www.spywarewarrior.com/uiuc/resource.htm

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.

• http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
• http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  
  
• http://toolbar.google.com/ - Google Toolbar - Get the free google toolbar to help stop pop up windows.
  
  
• http://cleanup.stevengould.org/ - CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.
  
  
• http://www.winpatrol.com/ -Winpatrol - Download and install the free version of Winpatrol.
  A tutorial for this product is located here: http://www.winpatrol.com/features.html

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.

[saxysean]

Everything seems to be working!

Thank you for your time.