website redirected

[sirius]

Hi,
I have been having this trouble for quite sometime. Only a handful of websites are getting redirected to ads and porn sites. Also, I get the feeling that my computer has become slow. I have actively run symantec anti-virus, spybot and adware, but nothing seem to catch this problem. Also, I am unable to get windows updates. I went through the five steps that was posted in a thread in this forum:
1. Ran PandaScan - Report attached
2. Downloaded SpywareBlaster and Spyware Guard
3. Downloaded IE-Spyad
4. Unable to download windows updates - [Error number: 0x80072EFD]
5. Ran Comboscan - Report attached below

Can someone please help me to figure out whats going on?

PandaScan Report:
-------------------

Incident Status Location

Adware:adware/superspider Not disinfected c:\windows\system32\a.exe
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Adware:adware/wintools Not disinfected c:\windows\downloaded program files\QDow.dll
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\
Adware:adware/searchexe Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.overture.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.com.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.statse.webtrendslive.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.server.iad.liveperson.net/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.server.iad.liveperson.net/hc/25151352]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.bfast.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[server.iad.liveperson.net/hc/64571240]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Dad\Cookies\dad@burstnet[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Dad\Cookies\dad@did-it[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Dad\Cookies\dad@target[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\dad@searchportal.information[1].txt
Adware:Adware/FlashTrack Not disinfected C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\CN5RA2BX\channels_02[1].gif
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@112.2o7[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@atwola[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@ccbill[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@kinghost[1].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@kount[1].txt
Spyware:Cookie/WegCash Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@programs.wegcash[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@xiti[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu4fzj03.Nandini\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu4fzj03.Nandini\cookies.txt[.2o7.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu4fzj03.Nandini\cookies.txt[statse.webtrendslive.com/]
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Virus:Trj/Downloader.FG Disinfected C:\WINDOWS\Downloaded Program Files\f12802.exe


ComboScan Report:
-----------------------
ComboScan v20070221.16 run by Owner on 2007-02-24 at 00:37:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis (run as Owner.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:38:43 AM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4H2VWDU7\comboscan[1].exe
C:\Documents and Settings\Owner\Desktop\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: SimHID.lnk.disabled
O4 - Global Startup: VPN Client.lnk.disabled
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZUxdm265YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/27058876...p/RdxIE601.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6AD5F335-3F35-41D8-8B8E-06A9B512784E}: NameServer = 85.255.115.22,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAB11F66-D748-43A0-8A8E-0A9089F6EBF3}: NameServer = 85.255.115.22,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{C14A0D00-1AFE-4279-9DC6-FE9B13616A14}: NameServer = 85.255.115.22,85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.22 85.255.112.101
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.22 85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.22 85.255.112.101
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3R Afc (PPdus ASPI Shell) - C:\WINDOWS\system32\drivers\afc.sys
1R AFS2K - C:\WINDOWS\system32\drivers\AFS2K.SYS
3S ALCXSENS (Service for WDM 3D Audio Driver) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
1R AmdK7 (AMD K7 Processor Driver) - C:\WINDOWS\system32\drivers\amdk7.sys
3S APLMp50 (APLMp50 NDIS Protocol Driver) - C:\WINDOWS\system32\Drivers\APLMp50.sys (not found)
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
3S Bridge (MAC Bridge) - C:\WINDOWS\system32\drivers\bridge.sys
3S BridgeMP (MAC Bridge Miniport) - C:\WINDOWS\system32\drivers\bridge.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys
3S CVirtA (Cisco Systems VPN Adapter) - C:\WINDOWS\system32\drivers\CVirtA.sys
2R CVPNDRVA (Cisco Systems Inc. IPSec Driver) - C:\WINDOWS\system32\drivers\CVPNDRVA.sys
3R DNE (Deterministic Network Enhancer Miniport) - C:\WINDOWS\system32\drivers\dne2000.sys
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3S ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys
3S iComp (XtremeTV USB TV Tuner) - C:\WINDOWS\system32\drivers\p2usbwdm.sys
3R L8042pr2 (Logitech PS/2 Mouse Filter Driver) - C:\WINDOWS\system32\drivers\L8042pr2.Sys
3S LHidFlt2 (Logitech HID/USB Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LHIDFLT2.SYS
3S LHidUsb (Logitech USB Receiver device driver) - C:\WINDOWS\system32\drivers\LHIDUSB.SYS
3R LMouFlt2 (Logitech Mouse Class Filter Driver) - C:\WINDOWS\system32\drivers\LMouFlt2.Sys
3R ltmodem5 (Lucent Modem Driver) - C:\WINDOWS\system32\drivers\ltmdmnt.sys
3S mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\mstee.sys
3R MxlW2k - C:\WINDOWS\system32\drivers\MxlW2k.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys
3R NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070221.018\NAVENG.SYS
3R NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070221.018\NAVEX15.SYS
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
3S nm (Network Monitor Driver) - C:\WINDOWS\system32\drivers\nmnt.sys
3S NPF (NetGroup Packet Filter Driver) - C:\WINDOWS\system32\drivers\npf.sys (not found)
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
3S nvax (Service for NVIDIA(R) nForce(TM) Audio Enumerator) - C:\WINDOWS\system32\drivers\nvax.sys
3R NVENET (NVIDIA nForce MCP Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENET.sys
3S nvnforce (Service for NVIDIA(R) nForce(TM) Audio) - C:\WINDOWS\system32\drivers\nvapu.sys
0R nv_agp (NVIDIA nForce AGP Bus Filter) - C:\WINDOWS\system32\drivers\nv_agp.SYS
2R NwlnkIpx (NWLink IPX/SPX/NetBIOS Compatible Transport Protocol) - C:\WINDOWS\system32\drivers\nwlnkipx.sys
2R NwlnkNb (NWLink NetBIOS) - C:\WINDOWS\system32\drivers\nwlnknb.sys
2R NwlnkSpx (NWLink SPX/SPXII Protocol) - C:\WINDOWS\system32\drivers\nwlnkspx.sys
0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3S OMVA (VPN-1 SecureClient Adapter) - C:\WINDOWS\system32\drivers\OMVA.sys
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
3R Ps2 - C:\WINDOWS\system32\drivers\PS2.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3S QCMerced (Logitech QuickCam Express) - C:\WINDOWS\system32\drivers\lvcm.sys
3S rtl8139 (Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver) - C:\WINDOWS\system32\drivers\R8139n51.sys
3S S3Psddr - C:\WINDOWS\system32\drivers\s3gnbm.sys
1R SAVRT - C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys
2R SAVRTPEL - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys
3S SiS315 - C:\WINDOWS\system32\drivers\sisgrp.sys
0R SISAGP (SiS AGP Filter) - C:\WINDOWS\system32\drivers\SISAGPX.SYS
1R SiSkp - C:\WINDOWS\system32\drivers\srvkp.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys
3R SYMDNS - C:\WINDOWS\system32\drivers\symdns.sys
3R SymEvent - C:\Program Files\Symantec\SYMEVENT.SYS
3R SYMFW - C:\WINDOWS\system32\drivers\symfw.sys
3R SYMIDS - C:\WINDOWS\system32\drivers\symids.sys
3R SYMIDSCO - C:\WINDOWS\system32\drivers\SymIDSCo.sys
3R SYMNDIS - C:\WINDOWS\system32\drivers\symndis.sys
3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
2R tmcomm - C:\WINDOWS\system32\drivers\tmcomm.sys
3S usbaudio (USB Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\usbaudio.sys
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3R usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3S usbser (Motorola USB Modem Driver) - C:\WINDOWS\system32\drivers\usbser.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
0S viaagp1 (VIA AGP Filter) - C:\WINDOWS\system32\DRIVERS\viaagp1.sys (not found)
3S vsdatant - C:\WINDOWS\system32\vsdatant.sys
1R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys
3S {6080A529-897E-4629-A488-ABA0C29B635E} (Intel(R) Graphics Platform (SoftBIOS) Driver) - C:\WINDOWS\system32\drivers\ialmsbw.sys
3S {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (Intel(R) Graphics Chipset (KCH) Driver) - C:\WINDOWS\system32\drivers\ialmkchw.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

4S Alerter - C:\WINDOWS\System32\svchost.exe -k LocalService
3R ALG (Application Layer Gateway Service) - C:\WINDOWS\System32\alg.exe
3S AppMgmt (Application Management) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R AudioSrv (Windows Audio) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S BITS (Background Intelligent Transfer Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Browser (Computer Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
2R ccProxy (Symantec Network Proxy) - "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
3S ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
3S CiSvc (Indexing Service) - C:\WINDOWS\system32\cisvc.exe
4S ClipSrv (ClipBook) - C:\WINDOWS\system32\clipsrv.exe
3S COMSysApp (COM+ System Application) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
2R CryptSvc (Cryptographic Services) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R CVPND (Cisco Systems, Inc. VPN Service) - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
2R DcomLaunch (DCOM Server Process Launcher) - C:\WINDOWS\system32\svchost -k DcomLaunch
2R DefWatch (Symantec AntiVirus Definition Watcher) - "C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe"
2R Dhcp (DHCP Client) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S dmadmin (Logical Disk Manager Administrative Service) - C:\WINDOWS\System32\dmadmin.exe /com
2R dmserver (Logical Disk Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Dnscache (DNS Client) - C:\WINDOWS\System32\svchost.exe -k NetworkService
2R ERSvc (Error Reporting Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Eventlog (Event Log) - C:\WINDOWS\system32\services.exe
3R EventSystem (COM+ Event System) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S FastUserSwitchingCompatibility (Fast User Switching Compatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2S Fax - C:\WINDOWS\system32\fxssvc.exe
2R helpsvc (Help and Support) - C:\WINDOWS\System32\svchost.exe -k netsvcs
4S HidServ (Human Interface Device Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
3S IDriverT (InstallDriver Table Manager) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
3S ImapiService (IMAPI CD-Burning COM Service) - C:\WINDOWS\System32\imapi.exe
3S iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2R lanmanserver (Server) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R lanmanworkstation (Workstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R LmHosts (TCP/IP NetBIOS Helper) - C:\WINDOWS\System32\svchost.exe -k LocalService
2R MDM (Machine Debug Manager) - "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
4S Messenger - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S mnmsrvc (NetMeeting Remote Desktop Sharing) - C:\WINDOWS\System32\mnmsrvc.exe
3S MSDTC (Distributed Transaction Coordinator) - C:\WINDOWS\System32\msdtc.exe
3S MSIServer (Windows Installer) - C:\WINDOWS\System32\msiexec.exe /V
4S NetDDE (Network DDE) - C:\WINDOWS\system32\netdde.exe
4S NetDDEdsdm (Network DDE DSDM) - C:\WINDOWS\system32\netdde.exe
3S Netlogon (Net Logon) - C:\WINDOWS\System32\lsass.exe
3R Netman (Network Connections) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R Nla (Network Location Awareness (NLA)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S NtLmSsp (NT LM Security Support Provider) - C:\WINDOWS\System32\lsass.exe
3S NtmsSvc (Removable Storage) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\System32\nvsvc32.exe
2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe
2R PolicyAgent (IPSEC Services) - C:\WINDOWS\System32\lsass.exe
2R ProtectedStorage (Protected Storage) - C:\WINDOWS\system32\lsass.exe
4S RasAuto (Remote Access Auto Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R RasMan (Remote Access Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RDSessMgr (Remote Desktop Help Session Manager) - C:\WINDOWS\system32\sessmgr.exe
4S RemoteAccess (Routing and Remote Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R RemoteRegistry (Remote Registry) - C:\WINDOWS\system32\svchost.exe -k LocalService
3S rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"
3S RpcLocator (Remote Procedure Call (RPC) Locator) - C:\WINDOWS\System32\locator.exe
2R RpcSs (Remote Procedure Call (RPC)) - C:\WINDOWS\system32\svchost -k rpcss
3S RSVP (QoS RSVP) - C:\WINDOWS\System32\rsvp.exe
2R SamSs (Security Accounts Manager) - C:\WINDOWS\system32\lsass.exe
3S SavRoam - "C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe"
3S SCardSvr (Smart Card) - C:\WINDOWS\System32\SCardSvr.exe
2R Schedule (Task Scheduler) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R seclogon (Secondary Logon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SENS (System Event Notification) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R ShellHWDetection (Shell Hardware Detection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
2R Spooler (Print Spooler) - C:\WINDOWS\system32\spoolsv.exe
2R srservice (System Restore Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R SSDPSRV (SSDP Discovery Service) - C:\WINDOWS\System32\svchost.exe -k LocalService
2R stisvc (Windows Image Acquisition (WIA)) - C:\WINDOWS\System32\svchost.exe -k imgsvc
3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\System32\dllhost.exe /Processid:{19AB376E-4103-4666-BDD5-E5DCEC7A5AB9}
2R Symantec AntiVirus - "C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe"
2R SymSecurePort (Symantec SecurePort) - "C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe"
3S SysmonLog (Performance Logs and Alerts) - C:\WINDOWS\system32\smlogsvc.exe
3R TapiSrv (Telephony) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R TermService (Terminal Services) - C:\WINDOWS\System32\svchost -k DComLaunch
2R Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S TlntSvr (Telnet) - C:\WINDOWS\System32\tlntsvr.exe
2R TrkWks (Distributed Link Tracking Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\System32\wdfmgr.exe
3S upnphost (Universal Plug and Play Device Host) - C:\WINDOWS\System32\svchost.exe -k LocalService
3S UPS (Uninterruptible Power Supply) - C:\WINDOWS\System32\ups.exe
3S usnsvc (Messenger Sharing USN Journal Reader service) - C:\WINDOWS\System32\svchost.exe -k usnsvc
3S VSS (Volume Shadow Copy) - C:\WINDOWS\System32\vssvc.exe
2R W32Time (Windows Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R WebClient - C:\WINDOWS\System32\svchost.exe -k LocalService
2R winmgmt (Windows Management Instrumentation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S Wmi (Windows Management Instrumentation Driver Extensions) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S WmiApSrv (WMI Performance Adapter) - C:\WINDOWS\System32\wbem\wmiapsrv.exe
2R wscsvc (Security Center) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R wuauserv (Automatic Updates) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R WZCSVC (Wireless Zero Configuration) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S xmlprov (Network Provisioning Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- Scheduled Tasks --------------------------------------------------------------

2007-01-26 11:15:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
2004-11-29 22:12:54 414 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB>


-- Files created between 2007-01-24 and 2007-02-24 ------------------------------

2007-02-24 00:25:11 21312 --a------ C:\WINDOWS\choice.exe
2007-02-24 00:18:02 0 d-------- C:\ie-spyad
2007-02-24 00:01:39 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-02-23 23:59:58 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-23 22:41:50 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-22 19:53:13 0 d-------- C:\Program Files\Maxtor


-- Find3M Report ----------------------------------------------------------------

2007-02-24 00:12:44 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-23 23:29:37 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-23 18:20:28 0 d-------- C:\Program Files\Google
2007-02-22 22:29:03 0 d-------- C:\Program Files\Yahoo!
2007-02-22 22:28:16 0 d-a------ C:\Documents and Settings\Owner\Application Data\yahoo!
2007-02-22 19:53:13 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-20 23:27:14 34815 --a------ C:\WINDOWS\system32\a.exe
2007-01-18 21:16:37 0 d-------- C:\Program Files\Quicken
2007-01-18 20:59:17 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-01-15 23:18:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-01-12 18:00:59 0 d-------- C:\Program Files\mobile PhoneTools<MOBILE~1>
2007-01-12 18:00:46 0 d-------- C:\Program Files\LiveUpdate<LIVEUP~1>
2007-01-12 18:00:42 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield<INSTAL~1>
2007-01-05 17:53:10 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BackupNotify"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\backupnotify.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"PVR"="C:\\Program Files\\XemiComputers\\Pocket Voice Recorder\\PVR.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"CLAUDIO"="C:\\Program Files\\XemiComputers\\Claudio\\Claudio.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~2\\VPTray.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\ImageStudio\\ISStart.exe"
"LogitechImageStudioTray"="C:\\Program Files\\Logitech\\ImageStudio\\LogiTray.exe"
"LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe"
"My Web Search Bar"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\MWSBAR.DLL,S"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"AlcxMonitor"="ALCXMNTR.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="csurf.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{927e4e5e-14b8-11d8-b45b-806d6172696f}]
Shell\AutoRun\command D:\Info.exe folder.htt 480 480


-- End of ComboScan: finished at 2007-02-24 at 00:39:06 -------------------------
Thanks,
Sirius

[tetonbob]

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

There should also have been produced by ComboScan a Supplementary.txt which you were to have attached. Please post it in your next reply.

---------------------------------------------------------------------------------------------

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

**If you receive an error message while trying to run FixWareout, copy autoexec.nt from the C:\WINDOWS\repair folder to C:\WINDOWS\system32 folder, and run FixWareout again.

Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.

Run HijackThis. Click "Do a System Scan Only", and place a check next to the following items (if found):

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6AD5F335-3F35-41D8-8B8E-06A9B512784E}: NameServer = 85.255.115.22,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAB11F66-D748-43A0-8A8E-0A9089F6EBF3}: NameServer = 85.255.115.22,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{C14A0D00-1AFE-4279-9DC6-FE9B13616A14}: NameServer = 85.255.115.22,85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.22 85.255.112.101
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.22 85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.22 85.255.112.101

Click FIX CHECKED. Close HijackThis.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.


Go to Start>Run then copy and paste, or type the following, then press Enter:

regsvr32 /u occache.dll

Click OK on the message which pops up.

Delete these files/folders if present:


c:\windows\system32\a.exe
c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
c:\windows\downloaded program files\QDow.dll
C:\WINDOWS\Downloaded Program Files\f12802.exe

Go to Start>Run then copy and paste, or type the following, then press Enter:

regsvr32 occache.dll

Click OK on the message which pops up.

---------------------------------------------------------------------------------------------

Finally, please post the contents of the text file that opened earlier (you can find it at C:\fixwareout\report.txt ), along with a new HijackThis log into this topic. Also, the Supplementary.txt from ComboScan


----------------------------------------------------------------------------------------------------------

[sirius]

Here are the log files that you asked for. I just followed exactly as per your instructions. Let me know what to do next.
Thanks a lot for your time.


--------------------------------------------------------------------
Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="csurf.exe"

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "0mdm" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1mdm" Deleted
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\backupnotify.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

HIJACK_THIS REPORT
---------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:08:12 PM, on 2/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: SimHID.lnk.disabled
O4 - Global Startup: VPN Client.lnk.disabled
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZUxdm265YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/27058876...p/RdxIE601.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
---------------------------------------------------------------
END HIJACK THIS REPORT
---------------------------------------------------------------

SUPPLEMENT.txt File - Combo Scan
----------------------------------
ComboScan v20070221.16 run by Owner on 2007-02-24 at 00:37:27
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP 2800+
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1023.36 MiB / 658.88 MiB
Pagefile Memory (total/avail): 2464.64 MiB / 2230.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1998.2 MiB

C: is Fixed (NTFS) - 69.3 GiB total, 40.88 GiB free.
D: is Fixed (FAT32) - 7.01 GiB total, 2.4 GiB free.
E: is CDROM (UDF)
F: is CDROM (No Media)
G: is Fixed (NTFS) - 93.59 GiB total, 58.71 GiB free.
H: is Fixed (NTFS) - 92.71 GiB total, 92.65 GiB free.


-- Security Center --------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FW: Symantec Client Firewall v7.1.0.1400 (Symantec Corporation)
AV: Symantec AntiVirus Corporate Edition v9.0.0.1400 (Symantec Corporation)


-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.1_02\lib\ext\QTJava.zip
COLLECTIONID=wuclient
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NIRVANA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://h30083.www3.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
ITEMID=wuclienten
LANG=1033
LOGONSERVER=\\NIRVANA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
OSVER=winXPH
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\SecureCRT;C:\Program Files\SSH Communications Security\SSH Secure Shell;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.1_02\lib\ext\QTJava.zip
SESSIONID=1079069217489wuws07-lda90c:fb3d8955df:-42fa
SESSIONNAME=Console
SWUTVER=1.0.16.20030613
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TOOLPATH=/C:\Program%20Files\HP\HP%20Software%20Update\install.htm
UPDATEDIR=C:\DOCUME~1\Owner\LOCALS~1\Temp\rad8E843.tmp
USERDOMAIN=NIRVANA
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
VERSION=2.0.39
windir=C:\WINDOWS


-- User Profiles ----------------------------------------------------------------

Owner (admin)
Dad (admin)
Guest (guest)


-- Add/Remove Programs ----------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\UninstFl.exe -q
Adobe Photoshop 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ArcSoft ShowBiz 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}\setup.exe" -l0x9
ArcSoft TotalMedia 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E8E743-6A89-4AD5-9E7E-04D0954F182D}\setup.exe" -l0x9
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
BioEdit --> MsiExec.exe /I{AF6D9313-E338-48F0-9B0C-7DE20EDB99CF}
Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91F1A0D6-23AD-49FE-8D4E-379485652214} /l1033
Canon Camera Window DS for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
Canon Camera Window DVC for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734}
Canon Camera Window for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C7281207-4AA4-425E-B57A-0E9EF8445635}
Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}
Canon PhotoRecord --> MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Canon PIXMA iP4000 --> C:\WINDOWS\System32\CNMCP64.exe "-PRINTERNAMECanon PIXMA iP4000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmi0409.dll"
Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{45EF4EE3-F591-4B74-A477-0CAE12934CE7}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Cisco Systems VPN Client 4.6.01.0019 --> MsiExec.exe /X{B8221906-224A-4494-BB97-55FC63740019}
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 1.99.1 --> C:\Documents and Settings\Owner\Desktop\HijackThis.exe /uninstall
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photo & Imaging 3.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo and Imaging 2.0 - Photosmart Cameras --> MsiExec.exe /X{5D7F0A0E-369E-46C0-9F99-FAB21A064781}
HPImageZone --> MsiExec.exe /X{11946FA8-329A-4DDF-B867-A32781FED8EE}
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod for Windows 2005-10-12 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes --> MsiExec.exe /I{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6}
Java 2 Runtime Environment, SE v1.4.1_02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
KBD --> C:\HP\KBD\KBD.EXE uninstalled
KODAK Picture CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C23837C-993E-11D4-9DE0-0060085C158A}\SETUP.EXE"
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech IM Video Companion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{984F10FD-11FD-4BED-8163-92DB81E6A825}\Setup.exe" -l0x9 UNINSTALL
Logitech ImageStudio --> MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
Logitech MouseWare 9.76 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
MarketBrowser --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35845E72-E34A-11D4-817D-005004D0F1FA}\Setup.exe" -uninst
MaxBlast 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{639858DD-4966-40F3-A706-7C838BCF3A2B}\setup.exe"
MEM48U --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC248255-B5C0-4B8D-8092-DBC21E2F4117}\Setup.exe"
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires II: The Conquerors Expansion --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money 2003 --> MsiExec.exe /I{01F9D88C-3C86-4E82-840A-101A3221F67A}
Microsoft Money 2003 System Pack --> MsiExec.exe /I{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
mobile PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
Mozilla Firefox (0.8.) --> C:\WINDOWS\UninstallFirefox.exe /ua "0.8. (en)"
Mozilla Firefox (1.0) --> C:\WINDOWS\UninstallFirefox.exe /ua "1.0 (en-US)"
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Murasu Anjal2000 --> C:\Program Files\Murasu Systems\Anjal2000\setup.exe -u -t
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers --> C:\WINDOWS\System32\nvuaudio.exe UninstallGUI
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2003 New User Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F61F2821-694C-475F-99AB-6AF2EFDF40FD} anything
QuickTime --> MsiExec.exe /I{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SimHID --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAC30D14-163D-46E3-AF6F-AA9890B64E66}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
SSH Secure Shell --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
Symantec Client Security --> MsiExec.exe /I{00CD72B3-E2DF-4DFC-BCC1-5CC4F564518D}
Symnet Redirector Updater --> MsiExec.exe /X{CACE0C9D-9EF7-4F3B-9C64-88FBA245BA9C}
toolkit --> c:\Windows\HPTK\unhptkit.exe
Windows Live Messenger --> MsiExec.exe /I{7A837109-E671-470D-B489-F1EBE471D220}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows XP Application Compatibility Update[Q319580] --> C:\WINDOWS\$NtUninstallQ319580$\spuninst\spuninst.exe
WinSCP 3.4.2 --> "C:\Program Files\WinSCP3\unins000.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- End of ComboScan: finished at 2007-02-24 at 00:39:06 -------------------------

[tetonbob]

Good job! Your system should be behaving much better. Let me know in your next reply.

We have some more work to do.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name. In your case, it is Java 2 Runtime Environment, SE v1.4.1_02
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version.

• After the install is complete, go back into the Control Panel and double-click the Java Icon.
• Under Temporary Internet Files, click the Delete Files button.
• There are three options in the window to clear the cache - Leave ALL 3 Checked
  • Downloaded Applets
  • Downloaded Applications
  • Other Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Please perform this general system scan and cleaning to see if anything else is lurking.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

---------------------------------------------------------------------------------------------------

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

• Install AVG Anti Spyware
• Double-click the icon on Desktop to launch AVG
• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

---------------------------------------------------------------------------------------------

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Restart in normal mode.

---------------------------------------------------------------------------------------------

Your version of Spybot Search and Destroy is outdated. I recommend you uninstall it, then do this:

Download and install Spybot S&D http://security.kolla.de/. Run Spybot and click on the 'Search for Updates' button. Install any updates that are available.

Now click Mode menu and choose 'Advanced Mode'. Next click on Immunize to your left. Click the Immunize button (green cross) on top to Immunize your computer - you should do this each time there is an update. Do NOT enable Spybot TeaTimer Resident protection at this time. What this will do is monitor any system/registry changes and will ask you for permission to change any of these settings. It may also hinder our fix at this point. You may enable it after the fix is complete.

Now click on the 'Spybot-S&D' option on the top left to go back to the main screen. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the 'Fix Selected Problems' button. Exit Spybot.

---------------------------------------------------------------------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the licence, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------------

Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Please return with logs from:

AVG Anti-Spyware
Kaspersky online scan
HJT

How is your system behaving now, please?

[sirius]

I followed your instructions and here are the log files. The system is behaving well.
thanks
Sirius

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:59:13 PM 3/2/2007

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Adware.WebSearch : Cleaned with backup (quarantined).
:mozilla.276:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.280:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.298:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\dad@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\dad@lenovo.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\dad@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.182:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.57:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.58:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.30:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.378:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.379:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.380:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.389:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.394:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.395:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.134:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.294:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.295:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.403:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.249:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.334:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\dad@dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\dad@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\dad@www.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.147:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.151:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.152:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.153:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.154:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.155:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.409:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.377:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.387:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.390:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.391:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.392:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.423:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.156:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.164:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.165:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.166:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.278:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.279:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.291:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.410:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.414:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\dad@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
:mozilla.45:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.46:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.227:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.381:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.382:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.425:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.42:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.43:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.44:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.127:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.242:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\dad@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.238:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.239:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.393:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.230:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.231:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.232:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.235:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.240:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\dad@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.191:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.203:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.86:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.87:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.220:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@free.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@programs.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
:mozilla.198:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.199:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.200:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.201:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, March 02, 2007 10:48:22 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/03/2007
Kaspersky Anti-Virus database records: 275491
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 138908
Number of viruses found: 4
Number of infected objects: 6 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:45:24

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CDC0000.VBN Infected: Trojan.Win32.DNSChanger.hd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D100000.VBN Infected: Trojan.Win32.DNSChanger.hd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Client Firewall\System.log Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\arc.jar-4ad99077-4f84e451.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.d skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\arc.jar-4ad99077-4f84e451.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF79AD.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\Common Files\Symantec Shared\profile.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP563\A0060511.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP579\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{2C1C2B8E-3C6A-4331-BE43-ACBE0D3D4B5A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 10:51:56 PM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: SimHID.lnk.disabled
O4 - Global Startup: VPN Client.lnk.disabled
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZUxdm265YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/27058876...p/RdxIE601.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

[tetonbob]

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

-----------------------------------------------------------------------------------------------------------------------

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

• On the General tab, under Temporary Internet Files, click the Settings button.
• Next, click on the Delete Files button
• There are two options in the window to clear the cache - Leave BOTH Checked
  • Applications and Applets
    Trace and Log Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Temporary Files Window
• Click OK to leave the Java Control Panel.

-----------------------------------------------------------------------------------------------------------------------

Please use Symantec's guide to remove the Norton Quarantine files.

Or just navigate to this folder, and delete the contents, but not the folder itself:

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine

-----------------------------------------------------------------------------------------------------------------------Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address.

AVG Anti-Spyware would be a good program to keep, update and run a scan with once a week or so. It adds another layer of protection to your system's security tools. You may want to prevent AVG Anti-Spyware from running at Windows startup, and just call it into service when needed. This may help with system boot times. To do so, right click on the AVG A/S system tray icon, and uncheck Start with Windows. Also disable it's real time protection, as this will also use system resources, and will time out at the end of the trial period in 30 days. To do so:

Open AVG Anti-Spyware.

• On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Click on Change state next to Automatic updates. It should now change to inactive.

Reset hidden/system files and folders

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide file extensions for known types option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Create a new System Restore point

• click Start >> Run - type SYSDM.CPL & press Enter
• select the System Restore Tab
• tick on the checkbox - "Turn off System Restore on all drives"
• click Apply
• then untick the same checkbox & click OK

Enable Windows Auto Update

• Go to Start>Run - type wuaucpl.cpl
• tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
• Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• SpywareGuard to catch and block spyware before it can execute.
  
• SPYBOT - SEARCH & DESTROY
  Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  
• AD-AWARE
  Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
  
  
• IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Download IE-SpyAD - Extract the contents to a new folder
    From within the folder, double-click install.bat
    Select Option #2 - Install the new IE-SPYAD list.
    Then return to the main menu.
    Select option #4 - Add the old porn sites domain
  
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  
  
  
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  
  Here are a few very good free Antivirus products which are available:
  • AOL Active Virus Shield (powered by Kaspersky Antivirus)
  • Avast!
  • AVG
  • Avira PersonalEdition Classic
  Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
  

  See this link for a listing of some online antivirus scanners:
  
  Anti-Spyware Tutorial

• FIREWALL
  If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice:
  
  Do not install more than one firewall program because they will conflict with each other.

• Comodo Personal Firewall
• ZoneAlarm

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• THE ANTI-SPYWARE TUTORIAL
• MAKING INTERNET EXPLORER SAFER

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

[sirius]

I have finished as per your instructions. The website is no longer getting redirected. But there is still one problem. I am unable to check for windows update.This is what I am encountering. Can you please help?

[Error number: 0x80072EFD]
The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.
For self-help options:

Frequently Asked Questions

Find Solutions

Windows Update Newsgroup
For assisted support options:

Microsoft Online Assisted Support (no-cost for Windows Update issues)

Read more about steps you can take to resolve this problem (error number 0x80072EFD) yourself.

[tetonbob]

Did you try any of the solutions given in that message?

Let's see if this helps:

Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)

Restart your system.

Let me know.