I heve got a few Spywares in my PC. I had run Spybot and removed a few but, Spybot could not remove all of them. I have run Panda Active Scan and HiJackThis. I am pasting here PandaActiveScan report and HiJackThis log. I request members of this forum to help me. Thanks in advance.
Panda Active Scan Report-----------------------------------------------------------------------------------------------------
Incident Status Location
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\chhayc\Cookies\chhayc@2o7[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\chhayc\Cookies\[email protected][1].txt
Spyware:Cookie/7search Not disinfected C:\Documents and Settings\ksp\Cookies\ksp@7search[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\ksp\Cookies\ksp@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\ksp\Cookies\ksp@atdmt[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\ksp\Cookies\ksp@fastclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\ksp\Cookies\[email protected][2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\ksp\Cookies\[email protected][2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ksp\Desktop\HiJackThis_v2\smitRem\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ksp\Desktop\HiJackThis_v2\smitRem.exe[smitRem/Process.exe]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\shivapk\Cookies\shivapk@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\shivapk\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\shivapk\Cookies\shivapk@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\shivapk\Cookies\shivapk@adrevolver[3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\shivapk\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\shivapk\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\shivapk\Cookies\shivapk@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\shivapk\Cookies\shivapk@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\shivapk\Cookies\shivapk@bluestreak[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\shivapk\Cookies\shivapk@casalemedia[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\shivapk\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\shivapk\Cookies\shivapk@fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\shivapk\Cookies\shivapk@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\shivapk\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\shivapk\Cookies\shivapk@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\shivapk\Cookies\shivapk@realmedia[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\shivapk\Cookies\[email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\shivapk\Cookies\shivapk@statcounter[2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\shivapk\Cookies\shivapk@targetnet[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\shivapk\Cookies\shivapk@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\shivapk\Cookies\shivapk@tribalfusion[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\shivapk\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\shivapk\Cookies\shivapk@zedo[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\shivapk\Local Settings\Temp\Cookies\shivapk@247realmedia[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\shivapk\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\shivapk\Local Settings\Temp\Cookies\shivapk@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\shivapk\Local Settings\Temp\Cookies\shivapk@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\shivapk\Local Settings\Temp\Cookies\shivapk@bluestreak[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\shivapk\Local Settings\Temp\Cookies\shivapk@fastclick[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\shivapk\Local Settings\Temp\Cookies\shivapk@tribalfusion[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\shivapk\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@adrevolver[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\[email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@atdmt[2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@bfast[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@bluestreak[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@casalemedia[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@clickbank[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@fastclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@statcounter[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@target[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@tribalfusion[1].txt
Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@versiontracker[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\shivapk.WIPRO.000\Cookies\shivapk@zedo[2].txt
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINNT\system32\ismjclma.dll
HiJackThis log ----------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 7:31:44 PM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Wipro\Wipro VPN Client\cvpnd.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\cmd.exe
C:\oracle\ora92\bin\dbsnmp.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\ksp\Desktop\HiJackThis_v2\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = itplproxy.wipro.com:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {112DD9CF-90BB-445C-ACDE-A82E58B040Bd} - C:\WINNT\system32\vauhjgyn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINNT\system32\acnusicy.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\ThinkVantage Fingerprint Software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINNT\system32\onbqdrug.dll",realset
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3D67F67F-8997-4210-BB3C-48CBAB234FE2} (Wipro e-AssetTracker1.6.3) - http://ec-ls1.wipro....t/jassetcab.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://desktopsuppor.../weblaunch2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wipro.com
O17 - HKLM\Software\..\Telephony: DomainName = wipro.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wipro.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wipro.com
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINNT\system32\acs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Wipro\Wipro VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - C:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - C:\oracle\ora92\Apache\Apache\apache.exe" --ntservice (file missing)
O23 - Service: OracleOraHome92PagingServer - Unknown owner - C:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - C:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - C:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceORCLDB - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe