Task manager and other apps are disappearing

[Amorous]

Hi guys,

task manager and other applications when I open are disappearing after flashing a for a bit..i am assuming that my machine has some kind of virus...can you guys asssist me in removing it...

below is the HijackThis log file..

Logfile of HijackThis v1.99.1
Scan saved at 9:48:31 PM, on 4/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\XPPRO\System32\smss.exe
C:\WINDOWS\XPPRO\system32\winlogon.exe
C:\WINDOWS\XPPRO\system32\services.exe
C:\WINDOWS\XPPRO\system32\lsass.exe
C:\WINDOWS\XPPRO\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\XPPRO\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\XPPRO\system32\spoolsv.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\XPPRO\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\XPPRO\Explorer.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\XPPRO\stsystra.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\XPPRO\system32\RunDLL32.exe
C:\WINDOWS\XPPRO\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\XPPRO\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\WINDOWS\XPPRO\system32\svchost.exe
C:\WINDOWS\XPPRO\System32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\IFACE.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\PAVJOBS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\bindu.VIJAY143BINDU\Desktop\drivers\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\XPPRO\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\XPPRO\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\XPPRO\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series (B&W)] C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P32 "EPSON Stylus CX3800 Series (B&W)" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series_Black Only on VDUPATID810] C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P57 "Auto EPSON Stylus CX3800 Series_Black Only on VDUPATID810" /O22 "\\VDUPATID810\Printer3" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series on VDUPATID810] C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P46 "Auto EPSON Stylus CX3800 Series on VDUPATID810" /O22 "\\VDUPATID810\Printer4" /M "Stylus CX3800"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\XPPRO\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\XPPRO\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\XPPRO\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\XPPRO\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe



thanks in advance

[Amorous]

anyone?

[Amorous]

Guys,

Please help...i have logo1_.exe virus...please assist me in removing it...

I see the registry entry....

nircmd execmd del /a/f c:\windows\Logo1_.exe

i also see run and runonce folders

Thanks in advance

[Ried]

Hello Amorous and welcome to TSF,

In all honesty, this will likely end up in a reformat.

I'll need a bit more information from you first:

Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review.
• DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized

Just post the main.txt in your next reply.

[Amorous]

Thank you so much for your reply...here is the main.txt...
Deckard's System Scanner v20070328.36
Run by Bindu on 2007-04-06 at 20:15:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Bindu.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:15, on 07-04-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\XPPRO\System32\smss.exe
C:\WINDOWS\XPPRO\system32\winlogon.exe
C:\WINDOWS\XPPRO\system32\services.exe
C:\WINDOWS\XPPRO\system32\lsass.exe
C:\WINDOWS\XPPRO\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\XPPRO\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\XPPRO\system32\spoolsv.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\XPPRO\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\XPPRO\Explorer.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\XPPRO\stsystra.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\XPPRO\system32\RunDLL32.exe
C:\WINDOWS\XPPRO\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\XPPRO\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\XPPRO\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\avciman.exe
C:\Documents and Settings\bindu.VIJAY143BINDU\Desktop\dss.exe
C:\DOCUME~1\BINDU~1.VIJ\Desktop\drivers\Bindu.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\XPPRO\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\XPPRO\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\XPPRO\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series (B&W)] C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P32 "EPSON Stylus CX3800 Series (B&W)" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series_Black Only on VDUPATID810] C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P57 "Auto EPSON Stylus CX3800 Series_Black Only on VDUPATID810" /O22 "\\VDUPATID810\Printer3" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series on VDUPATID810] C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P46 "Auto EPSON Stylus CX3800 Series on VDUPATID810" /O22 "\\VDUPATID810\Printer4" /M "Stylus CX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\XPPRO\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\XPPRO\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\XPPRO\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\XPPRO\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe


-- Files created between 2007-03-06 and 2007-04-06 -----------------------------



-- Find3M Report ---------------------------------------------------------------

2007-04-05 23:47:24 0 d-------- C:\Program Files\Google
2007-04-05 2106 0 d-------- C:\Documents and Settings\bindu.VIJAY143BINDU\Application Data\TypingMaster7<TYPING~1>
2007-04-05 19:51:52 0 d-------- C:\Documents and Settings\bindu.VIJAY143BINDU\Application Data\uTorrent
2007-04-04 14:32:30 0 d-------- C:\Program Files\Java
2007-04-03 22:20:24 0 d-------- C:\Program Files\Windows Sidebar<WICC9F~1>
2007-04-03 22:20:22 0 d-------- C:\Program Files\Windows Photo Gallery<WINDOW~4>
2007-04-03 22:20:19 0 d-------- C:\Program Files\Windows Mail<WINDOW~1>
2007-04-03 22:20:18 0 d-------- C:\Program Files\Windows Defender<WINDOW~3>
2007-04-03 22:20:18 0 d-------- C:\Program Files\Windows Calendar<WIF3F6~1>
2007-04-03 22:18:51 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-04-01 23:35:22 0 d-------- C:\Documents and Settings\bindu.VIJAY143BINDU\Application Data\Google
2007-04-01 23:34:18 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-01 23:12:31 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-01 14:46:09 0 d-------- C:\Documents and Settings\bindu.VIJAY143BINDU\Application Data\SopCast
2007-03-31 15:36:27 0 d-------- C:\Program Files\SopCast
2007-03-31 15:32:13 0 d-------- C:\Documents and Settings\bindu.VIJAY143BINDU\Application Data\TVU Networks<TVUNET~1>
2007-03-29 11:21:48 0 d---s---- C:\Documents and Settings\bindu.VIJAY143BINDU\Application Data\Microsoft<MICROS~1>
2007-03-28 17:34:33 0 d-------- C:\Documents and Settings\bindu.VIJAY143BINDU\Application Data\Adobe
2007-03-26 21:27:49 0 d-------- C:\Program Files\Pappocom
2007-03-26 21:26:20 0 d-------- C:\Program Files\Common Files\MimarSinan<MIMARS~1>
2007-03-26 15:11:55 0 d-------- C:\Program Files\iTunes
2007-03-24 08:15:25 1168 --a------ C:\WINDOWS\XPPRO\mozver.dat
2007-03-21 08:48:46 0 d-------- C:\Documents and Settings\bindu.VIJAY143BINDU\Application Data\Creative
2007-03-20 19:23:16 0 d-------- C:\Documents and Settings\bindu.VIJAY143BINDU\Application Data\.BitTornado<BITTOR~1>
2007-03-17 11:52:01 0 d-------- C:\Program Files\Broderbund<BRODER~1>
2007-03-16 18:14:00 0 d-------- C:\Program Files\iPod
2007-03-16 18:12:24 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-14 11:19:22 0 d-------- C:\Documents and Settings\bindu.VIJAY143BINDU\Application Data\Sonic
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\XPPRO\system32\user32.dll
2007-03-08 11:36:28 40960 --a------ C:\WINDOWS\XPPRO\system32\mf3216.dll
2007-03-08 11:36:28 281600 --a------ C:\WINDOWS\XPPRO\system32\gdi32.dll
2007-03-08 09:47:48 1843584 --a------ C:\WINDOWS\XPPRO\system32\win32k.sys
2007-03-07 16:08:04 0 dr------- C:\Program Files\TypingMaster<TYPING~1>
2007-03-06 23:10:24 0 d-------- C:\Program Files\InterActual<INTERA~1>
2007-03-03 09:33:43 0 d-------- C:\Documents and Settings\bindu.VIJAY143BINDU\Application Data\Leadertech<LEADER~1>
2007-03-03 09:33:03 0 d-------- C:\Program Files\epson
2007-03-03 09:32:08 0 d-------- C:\Program Files\ArcSoft
2007-03-02 17:53:07 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-22 10:47:55 0 d-------- C:\Documents and Settings\bindu.VIJAY143BINDU\Application Data\Sun
2007-02-21 23:02:57 0 --a------ C:\WINDOWS\XPPRO\nsreg.dat
2007-02-21 23:02:53 0 d-------- C:\Documents and Settings\bindu.VIJAY143BINDU\Application Data\Mozilla
2007-02-21 18:27:28 0 d-------- C:\Program Files\Common Files\Deterministic Networks<DETERM~1>
2007-02-21 07:46:35 0 d-------- C:\Program Files\Common Files\Creative Labs Shared<CREATI~1>
2007-02-21 07:41:34 0 d-------- C:\Program Files\Cisco Systems<CISCOS~1>
2007-02-21 07:40:31 0 d-------- C:\Program Files\Picasa2
2007-02-20 23:31:33 0 d-------- C:\Documents and Settings\bindu.VIJAY143BINDU\Application Data\dvdcss
2007-02-20 22:30:33 0 d-------- C:\Documents and Settings\bindu.VIJAY143BINDU\Application Data\Apple Computer<APPLEC~1>
2007-02-20 22:22:42 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-20 22:20:31 0 d-------- C:\Program Files\Common Files\SureThing Shared<SURETH~1>
2007-02-20 22:20:30 0 d-------- C:\Program Files\Roxio
2007-02-20 22:20:10 0 d-------- C:\Program Files\Common Files\Sonic Shared<SONICS~1>
2007-02-20 22:03:10 0 d-------- C:\Documents and Settings\bindu.VIJAY143BINDU\Application Data\Macromedia<MACROM~1>
2007-02-20 21:09:22 0 d-------- C:\Documents and Settings\bindu.VIJAY143BINDU\Application Data\vlc
2007-02-20 20:31:18 0 d-------- C:\Program Files\Creative
2007-02-20 20:15:23 0 d-------- C:\Program Files\Intel
2007-02-20 20:13:31 0 d-------- C:\Documents and Settings\bindu.VIJAY143BINDU\Application Data\Real
2007-02-20 20:10:59 0 d-------- C:\Program Files\Common Files\xing shared<XINGSH~1>
2007-02-20 20:10:55 0 d-------- C:\Program Files\Common Files\Real
2007-02-20 20:10:09 0 d-------- C:\Program Files\Real
2007-02-20 20:08:47 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-20 19:52:33 0 d-------- C:\Program Files\Dell
2007-02-20 19:16:02 0 d-------- C:\Program Files\Panda Software<PANDAS~1>
2007-02-20 19:15:34 0 d-------- C:\Program Files\Common Files\Panda Software<PANDAS~1>
2007-02-19 20:28:09 552 --a------ C:\WINDOWS\XPPRO\system32\d3d8caps.dat
2007-02-19 20:19:45 0 d-------- C:\Documents and Settings\bindu.VIJAY143BINDU\Application Data\Identities<IDENTI~1>
2007-02-19 20:14:39 0 d-------- C:\Program Files\microsoft frontpage<MIC79C~1>
2007-02-19 20:12:46 0 d--h----- C:\Program Files\WindowsUpdate<WI508F~1>
2007-02-19 20:12:01 0 d-------- C:\Program Files\Common Files\MSSoap
2007-02-19 20:11:05 21640 --a------ C:\WINDOWS\XPPRO\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-02-19 20:10:31 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-02-19 20:09:40 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-02-19 20:09:33 0 d-------- C:\Program Files\Windows NT<WINDOW~2>
2007-02-19 14:58:59 0 d-------- C:\Program Files\Common Files\ODBC
2007-02-19 14:58:32 62 --ahs---- C:\Documents and Settings\bindu.VIJAY143BINDU\Application Data\desktop.ini
2007-02-17 10:03:22 0 -rahs---- C:\MSDOS.SYS
2007-02-17 10:03:22 0 -rahs---- C:\IO.SYS
2007-02-16 21:53:57 0 d-------- C:\Program Files\VideoLAN
2007-02-16 21:47:42 0 d-------- C:\Program Files\Yahoo!
2007-02-16 21:40:49 0 d-------- C:\Program Files\Norton Internet Security<NORTON~1>
2007-02-16 21:40:49 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-16 21:33:42 0 d-------- C:\Program Files\Symantec
2007-02-16 21:31:38 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-02-14 03:38:35 0 d-------- C:\Program Files\Common Files\L&H
2007-02-14 03:38:14 0 d-------- C:\Program Files\Microsoft ActiveSync<MI3AA1~1>
2007-02-14 03:36:47 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET>
2007-02-14 03:35:55 0 d-------- C:\Program Files\Microsoft Works<MICROS~2>
2007-02-14 03:34:59 0 d-------- C:\Program Files\BAE
2007-02-14 03:28:49 0 d-------- C:\Program Files\DellSupport<DELLSU~1>
2007-02-14 03:28:26 0 d-------- C:\Program Files\CyberLink<CYBERL~1>
2007-02-14 03:23:37 0 d-------- C:\Program Files\SigmaTel
2007-02-14 03:23:07 0 d-------- C:\Program Files\Common Files\Java
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\XPPRO\system32\corpol.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\XPPRO\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\XPPRO\\system32\\NvCpl.dll,NvStartup"
"APVXDWIN"="\"C:\\Program Files\\Panda Software\\Panda Internet Security 2007\\APVXDWIN.EXE\" /s"
"SCANINICIO"="\"C:\\Program Files\\Panda Software\\Panda Internet Security 2007\\Inicio.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SigmatelSysTrayApp"="stsystra.exe"
"CTSVolFE.exe"="\"C:\\Program Files\\Creative\\Mixer\\CTSVolFE.exe\" /r"
"PD0630 STISvc"="RunDLL32.exe P0630Pin.dll,RunDLL32EP 513"
"DLA"="C:\\WINDOWS\\XPPRO\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"EPSON Stylus CX3800 Series (B&W)"="C:\\WINDOWS\\XPPRO\\system32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /P32 \"EPSON Stylus CX3800 Series (B&W)\" /O6 \"USB001\" /M \"Stylus CX3800\""
"Auto EPSON Stylus CX3800 Series_Black Only on VDUPATID810"="C:\\WINDOWS\\XPPRO\\system32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /P57 \"Auto EPSON Stylus CX3800 Series_Black Only on VDUPATID810\" /O22 \"\\\\VDUPATID810\\Printer3\" /M \"Stylus CX3800\""
"Auto EPSON Stylus CX3800 Series on VDUPATID810"="C:\\WINDOWS\\XPPRO\\system32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /P46 \"Auto EPSON Stylus CX3800 Series on VDUPATID810\" /O22 \"\\\\VDUPATID810\\Printer4\" /M \"Stylus CX3800\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.XPPRO^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users.XPPRO\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\XPPRO\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.XPPRO^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users.XPPRO\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\XPPRO\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.XPPRO^Start Menu^Programs^Startup^VPN Client.lnk]
"path"="C:\\Documents and Settings\\All Users.XPPRO\\Start Menu\\Programs\\Startup\\VPN Client.lnk"
"backup"="C:\\WINDOWS\\XPPRO\\pss\\VPN Client.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\XPPRO\\Installer\\{B8221906-224A-4494-BB97-55FC63740019}\\Icon3E5562ED7.ico -user_logon"
"item"="VPN Client"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3800 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_FATIACA"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\XPPRO\\system32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /P26 \"EPSON Stylus CX3800 Series\" /O6 \"USB001\" /M \"Stylus CX3800\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"



-- End of Deckard's System Scanner: finished at 2007-04-06 at 20:15:49 ---------

[Ried]

Please post the log that was created when you ran ComboFix. It would be located at C:\ComboFix.txt

Also, is this your thread as well? http://www.castlecops.com/p920115-ta...appearing.html

[Amorous]

yes...thats my post...as i did not get any replies i posted on this forums...

below is the comboFix.txt

"Bindu" - 07-04-06 835 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\bindu.VIJAY143BINDU\Desktop"


((((((((((((((((((((((((((((((( Files Created from 2007-03-06 to 2007-04-06 ))))))))))))))))))))))))))))))))))


2007-04-04 14:22 <DIR> d-------- C:\Windows\XPPRO\system32\appmgmt
2007-04-04 14:16 <DIR> d-------- C:\DOCUME~1\BINDU~1.VIJ\.SunDownloadManager
2007-04-04 08:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.XPP\APPLIC~1\Spybot - Search & Destroy
2007-04-03 19:27 <DIR> d-------- C:\SOPHTEMP
2007-04-01 23:04 <DIR> d-------- C:\Windows\XPPRO\network diagnostic
2007-03-31 15:36 <DIR> d-------- C:\Program Files\SopCast
2007-03-31 15:36 <DIR> d-------- C:\DOCUME~1\BINDU~1.VIJ\APPLIC~1\SopCast
2007-03-31 15:32 <DIR> d-------- C:\DOCUME~1\BINDU~1.VIJ\APPLIC~1\TVU Networks
2007-03-27 10:12 <DIR> d-------- C:\ae0004d33763e23251472227496261
2007-03-26 22:29 <DIR> d-------- C:\Windows\XPPRO\pss
2007-03-26 21:27 <DIR> d-------- C:\Program Files\Pappocom
2007-03-26 21:26 <DIR> d-------- C:\Program Files\Common Files\MimarSinan
2007-03-24 08:15 1,168 --a------ C:\Windows\XPPRO\mozver.dat
2007-03-21 08:48 <DIR> d-------- C:\DOCUME~1\BINDU~1.VIJ\APPLIC~1\Creative
2007-03-21 08:41 <DIR> d-------- C:\DOCUME~1\BINDU~1.VIJ\APPLIC~1\Adobe
2007-03-21 08:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.XPP\APPLIC~1\Adobe
2007-03-20 19:23 <DIR> d-------- C:\DOCUME~1\BINDU~1.VIJ\APPLIC~1\.BitTornado
2007-03-17 11:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.XPP\APPLIC~1\Broderbund
2007-03-17 11:52 274,432 --a------ C:\Windows\XPPRO\TLCUninstall.exe
2007-03-17 11:52 <DIR> d-------- C:\Program Files\Broderbund
2007-03-17 11:51 306,688 --a------ C:\Windows\XPPRO\IsUninst.exe
2007-03-16 18:13 <DIR> d-------- C:\Program Files\iTunes
2007-03-16 18:12 <DIR> d-------- C:\Program Files\QuickTime
2007-03-14 11:19 <DIR> d-------- C:\DOCUME~1\BINDU~1.VIJ\APPLIC~1\Sonic


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-05 23:47 -------- d-------- C:\Program Files\google
2007-04-05 21:06 -------- d-------- C:\DOCUME~1\BINDU~1.VIJ\APPLIC~1\typingmaster7
2007-04-05 19:51 -------- d-------- C:\DOCUME~1\BINDU~1.VIJ\APPLIC~1\utorrent
2007-04-04 14:32 -------- d-------- C:\Program Files\java
2007-04-03 22:20 -------- d-------- C:\Program Files\windows sidebar
2007-04-03 22:20 -------- d-------- C:\Program Files\windows photo gallery
2007-04-03 22:20 -------- d-------- C:\Program Files\windows mail
2007-04-03 22:20 -------- d-------- C:\Program Files\windows defender
2007-04-03 22:20 -------- d-------- C:\Program Files\windows calendar
2007-04-03 22:18 -------- d-------- C:\Program Files\movie maker
2007-04-01 23:35 -------- d-------- C:\DOCUME~1\BINDU~1.VIJ\APPLIC~1\google
2007-04-01 23:34 -------- d--h----- C:\Program Files\installshield installation information
2007-03-16 18:14 -------- d-------- C:\Program Files\ipod
2007-03-08 11:36 577536 --a------ C:\Windows\XPPRO\system32\user32.dll
2007-03-08 11:36 40960 --a------ C:\Windows\XPPRO\system32\mf3216.dll
2007-03-08 11:36 281600 --a------ C:\Windows\XPPRO\system32\gdi32.dll
2007-03-08 09:47 1843584 --a------ C:\Windows\XPPRO\system32\win32k.sys
2007-03-07 16:08 -------- dr------- C:\Program Files\typingmaster
2007-03-06 23:10 -------- d-------- C:\Program Files\interactual
2007-03-03 09:33 -------- d-------- C:\Program Files\epson
2007-03-03 09:33 -------- d-------- C:\DOCUME~1\BINDU~1.VIJ\APPLIC~1\leadertech
2007-03-03 09:32 -------- d-------- C:\Program Files\arcsoft
2007-02-22 10:47 -------- d-------- C:\DOCUME~1\BINDU~1.VIJ\APPLIC~1\sun
2007-02-21 23:02 0 --a------ C:\Windows\XPPRO\nsreg.dat
2007-02-21 18:27 -------- d-------- C:\Program Files\Common Files\deterministic networks
2007-02-21 07:41 -------- d-------- C:\Program Files\cisco systems
2007-02-21 07:40 -------- d-------- C:\Program Files\picasa2
2007-02-20 23:31 -------- d-------- C:\DOCUME~1\BINDU~1.VIJ\APPLIC~1\dvdcss
2007-02-20 22:30 -------- d-------- C:\DOCUME~1\BINDU~1.VIJ\APPLIC~1\apple computer
2007-02-20 22:22 -------- d-------- C:\Program Files\Common Files\installshield
2007-02-20 22:20 -------- d-------- C:\Program Files\roxio
2007-02-20 22:20 -------- d-------- C:\Program Files\Common Files\surething shared
2007-02-20 22:20 -------- d-------- C:\Program Files\Common Files\sonic shared
2007-02-20 21:09 -------- d-------- C:\DOCUME~1\BINDU~1.VIJ\APPLIC~1\vlc
2007-02-20 20:31 -------- d-------- C:\Program Files\creative
2007-02-20 20:15 -------- d-------- C:\Program Files\intel
2007-02-20 20:13 -------- d-------- C:\DOCUME~1\BINDU~1.VIJ\APPLIC~1\real
2007-02-20 20:10 -------- d-------- C:\Program Files\real
2007-02-20 20:10 -------- d-------- C:\Program Files\Common Files\xing shared
2007-02-20 20:10 -------- d-------- C:\Program Files\Common Files\real
2007-02-20 20:08 -------- d-------- C:\Program Files\messenger
2007-02-20 19:52 -------- d-------- C:\Program Files\dell
2007-02-20 19:16 -------- d-------- C:\Program Files\panda software
2007-02-20 19:15 -------- d-------- C:\Program Files\Common Files\panda software
2007-02-19 20:28 552 --a------ C:\Windows\XPPRO\system32\d3d8caps.dat
2007-02-19 20:14 -------- d-------- C:\Program Files\microsoft frontpage
2007-02-19 20:12 -------- d--h----- C:\Program Files\windowsupdate
2007-02-19 20:12 -------- d-------- C:\Program Files\Common Files\mssoap
2007-02-19 20:11 21640 --a------ C:\Windows\XPPRO\system32\emptyregdb.dat
2007-02-19 20:10 -------- d-------- C:\Program Files\online services
2007-02-19 20:09 -------- d-------- C:\Program Files\windows nt
2007-02-19 20:09 -------- d-------- C:\Program Files\msn gaming zone
2007-02-19 14:58 62 --ahs---- C:\DOCUME~1\BINDU~1.VIJ\APPLIC~1\desktop.ini
2007-02-19 14:58 -------- d-------- C:\Program Files\Common Files\odbc
2007-02-17 10:03 0 -rahs---- C:\MSDOS.SYS
2007-02-17 10:03 0 -rahs---- C:\IO.SYS
2007-02-16 21:53 -------- d-------- C:\Program Files\videolan
2007-02-16 21:47 -------- d-------- C:\Program Files\yahoo!
2007-02-16 21:40 -------- d-------- C:\Program Files\norton internet security
2007-02-16 21:40 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-02-16 21:33 -------- d-------- C:\Program Files\symantec
2007-02-16 21:31 -------- d-------- C:\Program Files\msxml 4.0
2007-02-14 03:38 -------- d-------- C:\Program Files\microsoft activesync
2007-02-14 03:38 -------- d-------- C:\Program Files\Common Files\l&h
2007-02-14 03:36 -------- d-------- C:\Program Files\microsoft.net
2007-02-14 03:35 -------- d-------- C:\Program Files\microsoft works
2007-02-14 03:34 -------- d-------- C:\Program Files\bae
2007-02-14 03:28 -------- d-------- C:\Program Files\dellsupport
2007-02-14 03:28 -------- d-------- C:\Program Files\cyberlink
2007-02-14 03:23 -------- d-------- C:\Program Files\sigmatel
2007-02-14 03:23 -------- d-------- C:\Program Files\Common Files\java
2007-01-08 19:01 17408 --a------ C:\Windows\XPPRO\system32\corpol.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\XPPRO\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\XPPRO\\system32\\NvCpl.dll,NvStartup"
"APVXDWIN"="\"C:\\Program Files\\Panda Software\\Panda Internet Security 2007\\APVXDWIN.EXE\" /s"
"SCANINICIO"="\"C:\\Program Files\\Panda Software\\Panda Internet Security 2007\\Inicio.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SigmatelSysTrayApp"="stsystra.exe"
"CTSVolFE.exe"="\"C:\\Program Files\\Creative\\Mixer\\CTSVolFE.exe\" /r"
"PD0630 STISvc"="RunDLL32.exe P0630Pin.dll,RunDLL32EP 513"
"DLA"="C:\\WINDOWS\\XPPRO\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"EPSON Stylus CX3800 Series (B&W)"="C:\\WINDOWS\\XPPRO\\system32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /P32 \"EPSON Stylus CX3800 Series (B&W)\" /O6 \"USB001\" /M \"Stylus CX3800\""
"Auto EPSON Stylus CX3800 Series_Black Only on VDUPATID810"="C:\\WINDOWS\\XPPRO\\system32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /P57 \"Auto EPSON Stylus CX3800 Series_Black Only on VDUPATID810\" /O22 \"\\\\VDUPATID810\\Printer3\" /M \"Stylus CX3800\""
"Auto EPSON Stylus CX3800 Series on VDUPATID810"="C:\\WINDOWS\\XPPRO\\system32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /P46 \"Auto EPSON Stylus CX3800 Series on VDUPATID810\" /O22 \"\\\\VDUPATID810\\Printer4\" /M \"Stylus CX3800\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.XPPRO^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users.XPPRO\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\XPPRO\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.XPPRO^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users.XPPRO\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\XPPRO\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.XPPRO^Start Menu^Programs^Startup^VPN Client.lnk]
"path"="C:\\Documents and Settings\\All Users.XPPRO\\Start Menu\\Programs\\Startup\\VPN Client.lnk"
"backup"="C:\\WINDOWS\\XPPRO\\pss\\VPN Client.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\XPPRO\\Installer\\{B8221906-224A-4494-BB97-55FC63740019}\\Icon3E5562ED7.ico -user_logon"
"item"="VPN Client"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3800 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_FATIACA"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\XPPRO\\system32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /P26 \"EPSON Stylus CX3800 Series\" /O6 \"USB001\" /M \"Stylus CX3800\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"



thanks very much for your assistance

[Ried]

Hiya,

Quote:

yes...thats my post...as i did not get any replies i posted on this forums...

That's fine--please understand that all HijackThis forums are incredibly busy and it's not unusual to have to wait a few days for a reply.

Given that all Analysts across the forums are so busy, please notify CC that you are being assisted elsewhere and direct them to close your thread. This way, they can move on and assist someone else who is in need.

Now, I'm not seeing anything in these logs that would account for the issues you've described. We'll do a general cleaning and search for anything that may be lurking.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

• Install AVG Anti Spyware
• Double-click the icon on Desktop to launch AVG
• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Please download ATF Cleaner by Atribune.

--------------------------------------------------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Double-click ATF-Cleaner.exe to run the program.

• Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note for Internet Explorer 7 users**

If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware results
Kapersky results
New HijackThis log

[Amorous]

Kaspersky Log
____________
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
07-04-06 21:25
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 7/04/2007
Kaspersky Anti-Virus database records: 275636
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 102613
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:51:19

Infected Object Name / Virus Name / Last Action
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\MshConf\scoffset.bin.incr Object is locked skipped
C:\Program Files\Panda Software\Panda Internet Security 2007\PSK_NAMES2_3 Object is locked skipped
C:\Program Files\Panda Software\Panda Internet Security 2007\PSK_NAMES_3 Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtETmp\7B546A66.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E95C8D0B-FEE9-4AB0-9A55-46EE82E770FD}\RP9\change.log Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\Cookies\index.dat Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\Local Settings\History\History.IE5\MSHist012007040620070407\index.dat Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\Local Settings\Temp\~DF866F.tmp Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\Local Settings\Temp\~DF867A.tmp Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\NTUSER.DAT Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\ntuser.dat.LOG Object is locked skipped
C:\Users\LocalService\Cookies\index.dat Object is locked skipped
C:\Users\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Users\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Users\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\LocalService\NTUSER.DAT Object is locked skipped
C:\Users\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Users\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Users\NetworkService\NTUSER.DAT Object is locked skipped
C:\Users\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Object is locked skipped
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Object is locked skipped
C:\Windows\XPPRO\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\XPPRO\Internet Logs\tvDebug.log Object is locked skipped
C:\Windows\XPPRO\SchedLgU.Txt Object is locked skipped
C:\Windows\XPPRO\SoftwareDistribution\EventCache\{7E1AE809-F9CC-4087-B898-31387E5D3D5A}.bin Object is locked skipped
C:\Windows\XPPRO\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\XPPRO\Sti_Trace.log Object is locked skipped
C:\Windows\XPPRO\system32\CatRoot2\edb.log Object is locked skipped
C:\Windows\XPPRO\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\Windows\XPPRO\system32\CatRoot2\tmp.edb Object is locked skipped
C:\Windows\XPPRO\system32\config\AppEvent.Evt Object is locked skipped
C:\Windows\XPPRO\system32\config\default Object is locked skipped
C:\Windows\XPPRO\system32\config\default.LOG Object is locked skipped
C:\Windows\XPPRO\system32\config\Internet.evt Object is locked skipped
C:\Windows\XPPRO\system32\config\SAM Object is locked skipped
C:\Windows\XPPRO\system32\config\SAM.LOG Object is locked skipped
C:\Windows\XPPRO\system32\config\SecEvent.Evt Object is locked skipped
C:\Windows\XPPRO\system32\config\SECURITY Object is locked skipped
C:\Windows\XPPRO\system32\config\SECURITY.LOG Object is locked skipped
C:\Windows\XPPRO\system32\config\software Object is locked skipped
C:\Windows\XPPRO\system32\config\software.LOG Object is locked skipped
C:\Windows\XPPRO\system32\config\SysEvent.Evt Object is locked skipped
C:\Windows\XPPRO\system32\config\system Object is locked skipped
C:\Windows\XPPRO\system32\config\system.LOG Object is locked skipped
C:\Windows\XPPRO\system32\h323log.txt Object is locked skipped
C:\Windows\XPPRO\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\Windows\XPPRO\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\Windows\XPPRO\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\Windows\XPPRO\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\Windows\XPPRO\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\Windows\XPPRO\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\Windows\XPPRO\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\Windows\XPPRO\wiadebug.log Object is locked skipped
C:\Windows\XPPRO\wiaservc.log Object is locked skipped
C:\Windows\XPPRO\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{E95C8D0B-FEE9-4AB0-9A55-46EE82E770FD}\RP9\change.log Object is locked skipped

Scan process completed.

AVG anit spyware report

-----------------------------


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 00:49 07-04-07

+ Scan result:



C:\Documents and Settings\bindu\AppData\Roaming\Microsoft\Windows\Cookies\Low\bindu@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\bindu\Application Data\Microsoft\Windows\Cookies\Low\bindu@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\bindu\Cookies\Low\bindu@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Users\bindu\AppData\Roaming\Microsoft\Windows\Cookies\Low\bindu@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Users\bindu\Application Data\Microsoft\Windows\Cookies\Low\bindu@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Users\bindu\Cookies\Low\bindu@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\bindu\AppData\Roaming\Microsoft\Windows\Cookies\Low\bindu@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\bindu\Application Data\Microsoft\Windows\Cookies\Low\bindu@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\bindu\Cookies\Low\bindu@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Users\bindu\AppData\Roaming\Microsoft\Windows\Cookies\Low\bindu@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Users\bindu\Application Data\Microsoft\Windows\Cookies\Low\bindu@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Users\bindu\Cookies\Low\bindu@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\bindu\AppData\Roaming\Microsoft\Windows\Cookies\Low\bindu@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\bindu\Application Data\Microsoft\Windows\Cookies\Low\bindu@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\bindu\Cookies\Low\bindu@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Users\bindu\AppData\Roaming\Microsoft\Windows\Cookies\Low\bindu@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Users\bindu\Application Data\Microsoft\Windows\Cookies\Low\bindu@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Users\bindu\Cookies\Low\bindu@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\bindu\AppData\Roaming\Microsoft\Windows\Cookies\Low\bindu@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\bindu\Application Data\Microsoft\Windows\Cookies\Low\bindu@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\bindu\Cookies\Low\bindu@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Users\bindu\AppData\Roaming\Microsoft\Windows\Cookies\Low\bindu@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Users\bindu\Application Data\Microsoft\Windows\Cookies\Low\bindu@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Users\bindu\Cookies\Low\bindu@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\bindu\AppData\Roaming\Microsoft\Windows\Cookies\Low\bindu@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\bindu\Application Data\Microsoft\Windows\Cookies\Low\bindu@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\bindu\Cookies\Low\bindu@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Users\bindu\AppData\Roaming\Microsoft\Windows\Cookies\Low\bindu@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Users\bindu\Application Data\Microsoft\Windows\Cookies\Low\bindu@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Users\bindu\Cookies\Low\bindu@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Program Files\TypingMaster\TypingMaster.exe -> Trojan.Crypt.v : Cleaned with backup (quarantined).


::Report end

_________________________________________

HijackThis log file
=============
Logfile of HijackThis v1.99.1
Scan saved at 01:02, on 07-04-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\XPPRO\System32\smss.exe
C:\WINDOWS\XPPRO\system32\winlogon.exe
C:\WINDOWS\XPPRO\system32\services.exe
C:\WINDOWS\XPPRO\system32\lsass.exe
C:\WINDOWS\XPPRO\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\XPPRO\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\XPPRO\system32\spoolsv.exe
C:\WINDOWS\XPPRO\Explorer.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\XPPRO\stsystra.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\XPPRO\system32\RunDLL32.exe
C:\WINDOWS\XPPRO\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\XPPRO\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\XPPRO\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\XPPRO\system32\svchost.exe
C:\WINDOWS\XPPRO\system32\msiexec.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\WINDOWS\XPPRO\system32\wuauclt.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\avciman.exe
C:\Documents and Settings\bindu.VIJAY143BINDU\Desktop\drivers\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\XPPRO\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\XPPRO\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\XPPRO\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series (B&W)] C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P32 "EPSON Stylus CX3800 Series (B&W)" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series_Black Only on VDUPATID810] C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P57 "Auto EPSON Stylus CX3800 Series_Black Only on VDUPATID810" /O22 "\\VDUPATID810\Printer3" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series on VDUPATID810] C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P46 "Auto EPSON Stylus CX3800 Series on VDUPATID810" /O22 "\\VDUPATID810\Printer4" /M "Stylus CX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\XPPRO\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\XPPRO\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\XPPRO\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\XPPRO\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

[Ried]

Hiya,

Quote:

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

You scanned using Standard mode--I need you to re-scan using the Extended setting.

Please refer to my previous post and scan again with Kaspersky making sure to set it to Extended. Post the results here again please.

[Amorous]

here is the new log file...

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
07-04-07 14:23
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 7/04/2007
Kaspersky Anti-Virus database records: 292363
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 107675
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:58:46

Infected Object Name / Virus Name / Last Action
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\MshConf\scoffset.bin.incr Object is locked skipped
C:\Program Files\Panda Software\Panda Internet Security 2007\PSK_NAMES2_3 Object is locked skipped
C:\Program Files\Panda Software\Panda Internet Security 2007\PSK_NAMES_3 Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtETmp\7B546A66.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E95C8D0B-FEE9-4AB0-9A55-46EE82E770FD}\RP10\change.log Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\Cookies\index.dat Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\Local Settings\History\History.IE5\MSHist012007040720070408\index.dat Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\Local Settings\Temp\~DFE062.tmp Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\Local Settings\Temp\~DFE087.tmp Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\NTUSER.DAT Object is locked skipped
C:\Users\bindu.VIJAY143BINDU\ntuser.dat.LOG Object is locked skipped
C:\Users\LocalService\Cookies\index.dat Object is locked skipped
C:\Users\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Users\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Users\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\LocalService\NTUSER.DAT Object is locked skipped
C:\Users\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Users\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Users\NetworkService\NTUSER.DAT Object is locked skipped
C:\Users\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Object is locked skipped
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Object is locked skipped
C:\Windows\XPPRO\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\XPPRO\Internet Logs\tvDebug.log Object is locked skipped
C:\Windows\XPPRO\SchedLgU.Txt Object is locked skipped
C:\Windows\XPPRO\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\XPPRO\Sti_Trace.log Object is locked skipped
C:\Windows\XPPRO\system32\CatRoot2\edb.log Object is locked skipped
C:\Windows\XPPRO\system32\CatRoot2\tmp.edb Object is locked skipped
C:\Windows\XPPRO\system32\config\AppEvent.Evt Object is locked skipped
C:\Windows\XPPRO\system32\config\default Object is locked skipped
C:\Windows\XPPRO\system32\config\default.LOG Object is locked skipped
C:\Windows\XPPRO\system32\config\Internet.evt Object is locked skipped
C:\Windows\XPPRO\system32\config\SAM Object is locked skipped
C:\Windows\XPPRO\system32\config\SAM.LOG Object is locked skipped
C:\Windows\XPPRO\system32\config\SecEvent.Evt Object is locked skipped
C:\Windows\XPPRO\system32\config\SECURITY Object is locked skipped
C:\Windows\XPPRO\system32\config\SECURITY.LOG Object is locked skipped
C:\Windows\XPPRO\system32\config\software Object is locked skipped
C:\Windows\XPPRO\system32\config\software.LOG Object is locked skipped
C:\Windows\XPPRO\system32\config\SysEvent.Evt Object is locked skipped
C:\Windows\XPPRO\system32\config\system Object is locked skipped
C:\Windows\XPPRO\system32\config\system.LOG Object is locked skipped
C:\Windows\XPPRO\system32\h323log.txt Object is locked skipped
C:\Windows\XPPRO\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\Windows\XPPRO\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\Windows\XPPRO\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\Windows\XPPRO\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\Windows\XPPRO\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\Windows\XPPRO\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\Windows\XPPRO\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\Windows\XPPRO\wiadebug.log Object is locked skipped
C:\Windows\XPPRO\wiaservc.log Object is locked skipped
C:\Windows\XPPRO\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{E95C8D0B-FEE9-4AB0-9A55-46EE82E770FD}\RP10\change.log Object is locked skipped

Scan process completed.

[Ried]

I'm not finding any malware here. Let's try invoking Windows File Protection.

Click Start>Run and type in sfc /scannow (there is a space between sfc and /) and let it scan for missing/corrupt files. This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem. If it finds any problems, it will prompt you for the Windows XP Install disc so have it handy.

Please let me know if that helped any.

[Amorous]

Finally...i had to format my machine...thanks for all your help guys...

[Ried]

Thanks for letting us know. Now would be a good time to set up the proper protection for your system:

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:


Enable Windows Auto Update
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Spyware Guard to catch and block spyware before it can execute.

IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)

• Now navigate to C:\ie-spyad. Double click to open it.
• From within the folder, double-click install.bat
• Select Option #2 - Install the new IE-SPYAD list, by typing 2
• Then return to the main menu.
• Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.