Virus or hardware issue

[raidencmc]

A few months a go I noticed that my laptop was getting a bit sluggish. First
I ran my nortons and spysweeper removed all spyware and had no viruses(both are up to date). I ran the basic utilities Defrag and cleanup. I did not get much improvement. I then went and removed any unused programs and files. Still with no improvement. I don't think that I have done anything that
would have exposed me to a virus or any other type malicious software but you never know. The next issue I encountered was a group of pixels would be black on my desktop background it was the shape of a triangle and the longest side was convex. It would always appear at the same place on the screen. I would drag an Icon or an open window across it and it would vanish. Sometimes days and even weeks would pass before it came back. Other times minutes. The other thing that started happening was I when I booted up was I would get a dialog box asking me something about enabling or disabling HotKey which I never saw before. I am not sure if it is related to the problem I just assumed it was an update. It has an Icon in the Sys Tray with a circle and a slash through it. You can not click on it or anything. The next issue was that my wireless connection would cut out every once in awhile. After further investigation I also observed the speed to fluctuate, The signal strength was always very good. I tested the wired connection and it is fine. I got very frustrated after several restores I ended up formating the HD and reinstalling windows. I still get the same problems. The Hotkey issue showed up right away as did the connections issues, they are both the same as described above. The pixel issue is the same shape but I get 3 at once. On of which is in the same place as it used to be. Help with any suggestions.

Recently I went in to system configuration and on the startup tab I found a file or at least a place where a file should be. It had a box checked and everything was blank no location, no command. Someone had questioned my fan it comes on. It does not run all the time.

I was just looking in the system information and observed that there were several wan cards. I have one I could not imagine there being more than that but I am not knowledgable enough to say so.

Laptop
XP SP2
1.3 ghz Processor
256 megs of RAM
Toshiba satellite L15-S104


Panda active scan

Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Michael\Cookies\michael@atwola[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Michael\Cookies\michael@com[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Michael\Cookies\michael@target[2].txt

Combo Scan

ComboScan v20070212.14 run by Michael on 2007-02-13 at 20:07:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis log (run as Michael.com) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:08:05 PM, on 2/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Michael\Desktop\Utilities\comboscan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Michael\LOCALS~1\Temp\~qtamdtx.tmp\Michael.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/activation/activate-redirect.jsp?LG=ENG&IVR=3002736042916384140463834503731632003503193541369&SO={4E415600-2005-0000-0000-000000000000}
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Pinger] "C:\TOSHIBA\IVP\ISM\pinger.exe" /run
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Notebook Maximizer] "C:\Program Files\Notebook Maximizer\maximizer_startup.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

0 ACPIEC (Microsoft Embedded Controller Driver) - system32\DRIVERS\ACPIEC.sys
3 CAMCAUD (Conexant AMC 3D Environmental Audio) - system32\drivers\camcaud.sys
3 CAMCHALA - system32\drivers\camchal.sys
0 drvmcdb - system32\drivers\drvmcdb.sys
2 drvnddm - system32\drivers\drvnddm.sys
3 HSFHWICH - system32\DRIVERS\HSFHWICH.sys
3 HSF_DP - system32\DRIVERS\HSF_DP.sys
3 ialm - system32\DRIVERS\ialmnt5.sys
1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys
3 IPN2220 (INPROCOMM IPN2220 Wireless LAN Card Driver) - system32\DRIVERS\i2220ntx.sys
0 KR10N - system32\drivers\KR10N.sys
2 mdmxsdk - system32\DRIVERS\mdmxsdk.sys
1 meiudf - System32\Drivers\meiudf.sys
3 NAVENG - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070207.017\NAVENG.Sys
3 NAVEX15 - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070207.017\NavEx15.Sys
2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - system32\DRIVERS\netdevio.sys
0 PCIIde - system32\DRIVERS\pciide.sys
0 Pcmcia - system32\DRIVERS\pcmcia.sys
3 pfc (Padus ASPI Shell) - system32\drivers\pfc.sys
0 PxHelp20 - System32\Drivers\PxHelp20.sys
3 qkbfiltr (Quanta HotKey Keyboard Filter Driver) - system32\drivers\qkbfiltr.sys
3 qmofiltr (Quanta HotKey Mouse Filter Driver) - system32\drivers\qmofiltr.sys
3 RTL8023xp (Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver) - system32\DRIVERS\Rtlnicxp.sys
3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - system32\DRIVERS\RTL8139.SYS
3 SAVRT - \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS
1 SAVRTPEL - \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS
3 SMBBATT (Microsoft Smart Battery Driver) - system32\DRIVERS\SMBBATT.sys
1 SMBHC (Microsoft SM Bus Host Controller Driver) - system32\DRIVERS\SMBHC.sys
1 SPBBCDrv - \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0 srescan - system32\ZoneLabs\srescan.sys
1 sscdbhk5 - system32\drivers\sscdbhk5.sys
0 SSFS0509 (Spy Sweeper File System Filer Driver: 0509) - SYSTEM32\Drivers\SSFS0509.SYS
0 SSHRMD (Spy Sweeper Hookrack MiniDriver) - SYSTEM32\Drivers\SSHRMD.SYS
0 SSIDRV (Spy Sweeper Interdiction Driver) - SYSTEM32\Drivers\SSIDRV.SYS
3 SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - System32\Drivers\sskbfd.sys
1 ssrtln - system32\drivers\ssrtln.sys
3 SYMDNS - \SystemRoot\System32\Drivers\SYMDNS.SYS
3 SymEvent - \??\C:\Program Files\Symantec\SYMEVENT.SYS
3 SYMFW - \SystemRoot\System32\Drivers\SYMFW.SYS
3 SYMIDS - \SystemRoot\System32\Drivers\SYMIDS.SYS
3 SYMIDSCO - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20070124.002\symidsco.sys
2 symlcbrd - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
3 SYMNDIS - \SystemRoot\System32\Drivers\SYMNDIS.SYS
3 SYMREDRV - \SystemRoot\System32\Drivers\SYMREDRV.SYS
1 SYMTDI - \SystemRoot\System32\Drivers\SYMTDI.SYS
3 SynTP (Synaptics TouchPad Driver) - system32\DRIVERS\SynTP.sys
2 TBiosDrv - \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys
2 tfsnboio - system32\dla\tfsnboio.sys
2 tfsncofs - system32\dla\tfsncofs.sys
2 tfsndrct - system32\dla\tfsndrct.sys
2 tfsndres - system32\dla\tfsndres.sys
2 tfsnifs - system32\dla\tfsnifs.sys
2 tfsnopio - system32\dla\tfsnopio.sys
2 tfsnpool - system32\dla\tfsnpool.sys
2 tfsnudf - system32\dla\tfsnudf.sys
2 tfsnudfa - system32\dla\tfsnudfa.sys
2 tmcomm - \??\C:\WINDOWS\system32\drivers\tmcomm.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys
3 USBSTOR (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
1 vsdatant - System32\vsdatant.sys
3 wanatw (WAN Miniport (ATW)) - system32\DRIVERS\wanatw4.sys
3 winachsf - system32\DRIVERS\HSF_CNXT.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2 Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2 ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
3 ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
2 ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
2 CFSvcs (ConfigFree Service) - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
2 DVD-RAM_Service - C:\WINDOWS\system32\DVDRAMSV.exe
3 LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
2 navapsvc (Norton AntiVirus Auto-Protect Service) - "C:\Program Files\Norton AntiVirus\navapsvc.exe"
2 NPFMntor (Norton AntiVirus Firewall Monitor Service) - "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"
3 ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
3 SAVScan - "C:\Program Files\Norton AntiVirus\SAVScan.exe"
2 SBService (ScriptBlocking Service) - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
2 SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
2 SPBBCSvc (Symantec SPBBCSvc) - "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
2 Swupdtmr - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
2 Symantec Core LC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
2 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
2 vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
2 WebrootSpySweeperService (Webroot Spy Sweeper Engine) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


-- Scheduled Tasks --------------------------------------------------------------

2007-02-09 20:52:29 534 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Michael.job<NORTON~1.JOB>


-- Files created between 2007-01-13 and 2007-02-13 ------------------------------

2007-02-13 20:07:46 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-13 19:32:41 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-02-13 19:22:20 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-13 17:47:33 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-13 16:59:22 0 d-------- C:\Documents and Settings\Michael\Application Data\Lavasoft
2007-02-13 16:51:14 0 d-------- C:\Program Files\Lavasoft
2007-02-13 16:50:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-12 19:04:27 0 d-------- C:\WINDOWS\pss
2007-02-12 18:56:56 0 d-------- C:\Documents and Settings\Michael\bonus
2007-02-07 20:30:56 164 --a------ C:\install.dat
2007-02-06 07:44:56 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys<Signed: Trend Micro Inc.>
2007-02-06 07:32:41 0 d-------- C:\Documents and Settings\Michael\.housecall6.6<HOUSEC~1.6>
2007-02-05 07:37:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-02-05 07:24:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver<YOU'VE~1>
2007-02-05 07:24:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2007-02-05 07:24:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-02-05 07:24:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2007-02-05 07:24:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust<INTERT~1>
2007-02-05 07:24:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2007-02-05 07:24:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-02-05 07:24:25 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-02-05 07:24:24 1572864 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-02-05 07:24:20 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-02-03 21:49:09 0 d-------- C:\Program Files\LimeWire
2007-02-02 21:54:27 0 d-------- C:\Documents and Settings\Michael\Application Data\acccore
2007-02-02 21:54:01 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP<AOLOCP~1>
2007-02-02 21:47:28 0 d-------- C:\Program Files\AIM6
2007-02-02 21:38:48 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads<AOLDOW~1>
2007-02-02 00:33:45 0 d-------- C:\Documents and Settings\Michael\Application Data\BitTorrent<BITTOR~1>
2007-02-02 00:33:00 0 d-------- C:\Program Files\BitTorrent<BITTOR~1>
2007-02-01 22:59:06 0 d-------- C:\Documents and Settings\Michael\Shared
2007-02-01 22:59:03 0 d-------- C:\Documents and Settings\Michael\Incomplete<INCOMP~1>
2007-02-01 22:54:09 0 d-------- C:\Documents and Settings\Michael\.limewire<LIMEWI~1>
2007-02-01 21:47:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-01-30 07:17:01 0 dr-h----- C:\Documents and Settings\Michael\Application Data\yahoo!
2007-01-29 21:44:13 0 d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-01-29 21:35:10 0 d-------- C:\Program Files\Yahoo!
2007-01-26 20:58:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-01-26 07:59:01 0 d-------- C:\WINDOWS\Sun
2007-01-26 07:59:00 0 d-------- C:\Documents and Settings\Michael\Application Data\Sun
2007-01-23 21:48:33 0 d-------- C:\Documents and Settings\Michael\Application Data\OpenOffice.org2<OPENOF~1.ORG>
2007-01-23 21:44:32 0 d-------- C:\Program Files\OpenOffice.org 2.1<OPENOF~1.1>
2007-01-23 18:42:35 106496 --a------ C:\WINDOWS\system32\tsccvid.dll<Unsigned: TechSmith Corporation>
2007-01-23 18:41:37 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2>
2007-01-23 18:15:41 0 d-------- C:\Program Files\Universal Remote Control, Inc<UNIVER~1>
2007-01-23 06:58:53 0 d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2007-01-21 22:35:57 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-01-21 22:35:42 0 d-------- C:\85049d613add6d7cbe8b20de9ca1<85049D~1>
2007-01-21 22:31:32 4608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys<Unsigned: Symantec Corporation>
2007-01-21 22:30:54 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL<Signed: Symantec Corporation>
2007-01-21 22:30:54 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS<Signed: Symantec Corporation>
2007-01-21 22:24:22 0 d-------- C:\Program Files\Common Files\ODBC
2007-01-21 22:14:57 0 d-------- C:\Program Files\Norton AntiVirus<NORTON~1>
2007-01-21 22:14:10 0 d-------- C:\Program Files\Symantec
2007-01-21 22:14:00 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-01-21 21:52:56 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-01-21 21:52:19 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-01-21 21:51:24 0 d-------- C:\WINDOWS\Internet Logs<INTERN~1>
2007-01-21 21:48:21 0 d-------- C:\Program Files\Webroot
2007-01-21 21:48:21 0 d-------- C:\Documents and Settings\Michael\Application Data\Webroot
2007-01-21 21:25:41 0 d-------- C:\Documents and Settings\Michael\Application Data\You've Got Pictures Screensaver<YOU'VE~1>
2007-01-21 21:25:41 0 d-------- C:\Documents and Settings\Michael\Application Data\toshiba
2007-01-21 21:25:41 0 d-------- C:\Documents and Settings\Michael\Application Data\Symantec
2007-01-21 21:25:41 0 d-------- C:\Documents and Settings\Michael\Application Data\Intuit
2007-01-21 21:25:41 0 d-------- C:\Documents and Settings\Michael\Application Data\InterTrust<INTERT~1>
2007-01-21 21:25:41 0 d-------- C:\Documents and Settings\Michael\Application Data\AOL
2007-01-21 21:25:41 0 d-------- C:\Documents and Settings\Michael\Application Data\Adobe
2007-01-21 21:25:40 0 d-------- C:\Documents and Settings\Michael\WINDOWS
2007-01-21 21:25:40 3145728 --ah----- C:\Documents and Settings\Michael\NTUSER.DAT
2007-01-21 21:24:25 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2007-01-21 21:24:13 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2007-01-21 21:24:13 0 d-------- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver<YOU'VE~1>
2007-01-21 21:24:13 0 d-------- C:\Documents and Settings\Default User\Application Data\toshiba
2007-01-21 21:24:13 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2007-01-21 21:24:13 0 d-------- C:\Documents and Settings\Default User\Application Data\Intuit
2007-01-21 21:24:13 0 d-------- C:\Documents and Settings\Default User\Application Data\InterTrust<INTERT~1>
2007-01-21 21:24:13 0 d-------- C:\Documents and Settings\Default User\Application Data\AOL
2007-01-21 21:24:13 0 d-------- C:\Documents and Settings\Default User\Application Data\Adobe
2007-01-21 21:17:25 0 d--hs---- C:\RECYCLER
2007-01-21 21:16:44 40544 --a------ C:\WINDOWS\system32\drivers\drvnddm.sys<Unsigned: Sonic Solutions>
2007-01-21 21:16:44 87168 --a------ C:\WINDOWS\system32\drivers\drvmcdb.sys<Unsigned: Sonic Solutions>
2007-01-21 21:16:43 61498 --a------ C:\WINDOWS\system32\tfswapi.dll<Unsigned: Sonic Solutions>
2007-01-21 21:16:43 23545 --a------ C:\WINDOWS\system32\drivers\ssrtln.sys<Unsigned: Sonic Solutions>
2007-01-21 21:16:43 5627 --a------ C:\WINDOWS\system32\drivers\sscdbhk5.sys<Unsigned: Sonic Solutions>
2007-01-21 21:16:43 0 d-------- C:\WINDOWS\system32\dla
2007-01-21 21:16:43 98358 --a------ C:\WINDOWS\dla.exe<Unsigned: Sonic Solutions>
2007-01-21 21:16:04 21248 --a------ C:\WINDOWS\system32\drivers\pfc.sys<Unsigned: Padus, Inc.>
2007-01-21 21:16:02 192512 --a------ C:\WINDOWS\system32\AdavVideoDec.dll<ADAVVI~1.DLL><Unsigned: Arcsoft>
2007-01-21 21:16:02 126976 --a------ C:\WINDOWS\system32\AdavAudioDec.dll<ADAVAU~1.DLL><Unsigned: Arcsoft (HZ)>
2007-01-21 21:14:50 0 d-------- C:\Program Files\SymNetDrv<SYMNET~1>
2007-01-21 21:12:05 212480 --a------ C:\WINDOWS\PCDLIB32.DLL<Unsigned: Eastman Kodak>
2007-01-21 21:11:59 139264 --a------ C:\WINDOWS\system32\PhotoBase Screen Saver.scr<PHOTOB~1.SCR>
2007-01-21 21:11:54 0 d-------- C:\Program Files\ArcSoft
2007-01-21 21:11:19 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-01-21 20:51:51 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-01-21 20:41:20 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-01-21 20:41:19 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-01-21 20:36:37 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-01-21 20:36:27 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys<Signed: Webroot Software Inc (www.webroot.com)>
2007-01-21 20:36:27 144448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys<Signed: Webroot Software Inc (www.webroot.com)>
2007-01-21 20:36:27 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys<Signed: Webroot Software Inc (www.webroot.com)>
2007-01-21 20:36:26 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys<Signed: Webroot Software Inc (www.webroot.com)>
2007-01-21 20:36:23 155648 --a------ C:\WINDOWS\system32\ssleay32.dll<Unsigned: n/a>
2007-01-21 20:36:23 684032 --a------ C:\WINDOWS\system32\libeay32.dll<Unsigned: n/a>
2007-01-21 20:33:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-01-21 20:14:53 0 d---s---- C:\Documents and Settings\Michael\UserData


-- Find3M Report ----------------------------------------------------------------

2007-02-13 19:59:38 0 d-------- C:\Program Files\Notebook Maximizer<NOTEBO~1>
2007-02-13 18:31:01 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-13 18:26:31 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-02 21:47:37 0 d-------- C:\Program Files\Common Files\AOL
2007-01-26 20:46:04 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-23 21:10:21 0 d---s---- C:\Documents and Settings\Michael\Application Data\Microsoft<MICROS~1>
2007-01-23 18:03:13 0 d-------- C:\Program Files\Common Files\Adobe
2007-01-21 23:09:45 0 d-------- C:\Documents and Settings\Michael\Application Data\Macromedia<MACROM~1>
2007-01-21 21:36:40 0 d-------- C:\Program Files\Quicken
2007-01-21 21:35:18 0 d-------- C:\Program Files\Napster
2007-01-21 21:33:01 0 d-------- C:\Program Files\Common Files\aolshare
2007-01-21 21:33:01 0 d-------- C:\Program Files\America Online 9.0<AMERIC~1.0>
2007-01-21 21:16:41 0 d-------- C:\Program Files\Sonic


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TOSCDSPD"="\"C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"Aim6"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"SynTPLpr"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\""
"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"Toshiba Hotkey Utility"="\"c:\\Program Files\\Toshiba\\Windows Utilities\\Hotkey.exe\" /lang en"
"PadTouch"="\"C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe\""
"SmoothView"="\"C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe\""
"NDSTray.exe"="NDSTray.exe"
"Pinger"="\"C:\\TOSHIBA\\IVP\\ISM\\pinger.exe\" /run"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Notebook Maximizer"="\"C:\\Program Files\\Notebook Maximizer\\maximizer_startup.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="\"C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe\" /Consumer"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of ComboScan: finished at 2007-02-13 at 20:09:05 -------------------------



Thanks in advance

[raidencmc]

Bump.

[raidencmc]

I solved the problem.

[Ried]

Hello raidencmc,

Our apologies for the oversight of your thread. We've been swamped and short handed for quie a while now and unfortunately, many threads are falling through the cracks.

The only malware seen is in the Panda report. Please do the following if you haven't already:

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Open notepad and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)

Quote:

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

Other than that, I do see an Incomplete download folder. I'm assuming that was part of your issue and has been resolved.

[raidencmc]

I formatted the hard drive and all is fine for now (day 2). Will the problem you saw still exist after the format?

[Ried]

No, it would not survive a format and reinstall of Windows.

You had a very good multi-layered set up for protection--I hope you've reinstalled all those programs as well.

[raidencmc]

Thank you for the help. I installed norton, spysweeper, and zonealarm, this time. Are they OK.

[Ried]

I would suggest these free programs as well:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Spyware Guard to catch and block spyware before it can execute.

IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)

• Now navigate to C:\ie-spyad. Double click to open it.
• From within the folder, double-click install.bat
• Select Option #2 - Install the new IE-SPYAD list, by typing 2
• Then return to the main menu.
• Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

You may want to take a look at this well written article:

PC Safety and Security--What Do I Need?