Windows security keeps popping up saying my computer may be compromised.
Everytime after a reboot ad-aware comes up with the same "tracking" that I clean. There are usually about 4 of them.
Here is my current Hijack this log after a reboot, the next post will the one I did in safemode
------
Logfile of HijackThis v1.99.1
Scan saved at 12:59:04 AM, on 2/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\NavNT\vptray.exe
D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\Program Files\Intel\Intel® Active Monitor\imontray.exe
D:\Program Files\Ahead\InCD\InCD.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
D:\Program Files\D-Tools\daemon.exe
D:\WINDOWS\javasy32.exe
D:\Program Files\AIM\aim.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\NavNT\defwatch.exe
D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\WINDOWS\system32\gearsec.exe
D:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Program Files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlservr.exe
D:\Program Files\NavNT\rtvscan.exe
D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
D:\WINDOWS\system32\addwu.exe
D:\WINDOWS\System32\MsgSys.EXE
D:\WINDOWS\System32\cmd.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Thunderbird\thunderbird.exe
D:\Documents and Settings\Michael\Desktop\spyware tools\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.12.246.8:80
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {75F55E65-EC38-B49B-CE67-BB1EF34513E8} - D:\WINDOWS\system32\atlwi.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [vptray] D:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IMONTRAY] D:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "D:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [javasy32.exe] D:\WINDOWS\javasy32.exe
O4 - HKLM\..\RunOnce: [addwu.exe] D:\WINDOWS\system32\addwu.exe
O4 - HKLM\..\RunOnce: [mfcdy.exe] D:\WINDOWS\mfcdy.exe
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O16 - DPF: HushEncryptionEngine - https://mailserver2....ptionEngine.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FA0BE21-D375-4EB1-95F3-986EE85A8523}: NameServer = 204.127.202.19
O20 - Winlogon Notify: NavLogon - D:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - D:\Program Files\NavNT\defwatch.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - D:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: GEARSecurity - GEAR Software - D:\WINDOWS\system32\gearsec.exe
O23 - Service: GhostStartService - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - D:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - d:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Program Files\NavNT\rtvscan.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Remote Procedure Call (RPC) Helper ( 6Q'8) - Unknown owner - D:\WINDOWS\system32\mfcqf.exe (file missing)