Ran Adaware/ SpyBot/ Hijack This and Panda.
Here is my logfile:
Logfile of HijackThis v1.99.1
Scan saved at 8:37:04 AM, on 4/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Owner\Local Settings\Temp\HijackThis.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O12 - Plugin for ¸æÏ: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for ôå: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
****************************************************************************************************************************************
INTERMUTE System Report
**** Run Keys ****
RUN: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
**** Browser Helper Objects ****
**** IE Toolbars ****
**** IE Extensions ****
**** Hosts File Entries ****
HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost
**** IE Settings ****
Default Page: http://www.google.com/
Default Search: http://www.google.com/
Local Page: http://www.google.com/
Search Page:
**** IE Context Menu (Right click) ****
**** Layered Service Providers ****
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD ATM AAL5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1B3E3448-46E3-40F3-AC9F-12423601C3EC}] SEQPACKET 11
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1B3E3448-46E3-40F3-AC9F-12423601C3EC}] DATAGRAM 11
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A60C787B-864B-4CC5-BB25-76965D120342}] SEQPACKET 10
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A60C787B-864B-4CC5-BB25-76965D120342}] DATAGRAM 10
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9B2BFDF9-6B1A-4E3D-A69B-36CDF0C75812}] SEQPACKET 6
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9B2BFDF9-6B1A-4E3D-A69B-36CDF0C75812}] DATAGRAM 6
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D5F1E012-8BC5-4CD9-8D19-9623AA212C8A}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D5F1E012-8BC5-4CD9-8D19-9623AA212C8A}] DATAGRAM 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{80CDA74E-64D6-4979-8DBC-3958D12DE9D7}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{80CDA74E-64D6-4979-8DBC-3958D12DE9D7}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A6D8DF07-A376-412B-AFE3-DCBD8EE8AC29}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A6D8DF07-A376-412B-AFE3-DCBD8EE8AC29}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{58C3B76B-F0B8-4F8C-8C62-8813081600FF}] SEQPACKET 9
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{58C3B76B-F0B8-4F8C-8C62-8813081600FF}] DATAGRAM 9
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6310D870-05F2-4F57-86F2-69838E93589F}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6310D870-05F2-4F57-86F2-69838E93589F}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{349E0C2B-D186-4D1B-B8ED-C19961BC2706}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{349E0C2B-D186-4D1B-B8ED-C19961BC2706}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{83B92734-BBE3-4313-A4E6-BC201D0A2ABD}] SEQPACKET 7
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{83B92734-BBE3-4313-A4E6-BC201D0A2ABD}] DATAGRAM 7
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D75043EC-03C1-406D-99CE-45D36DB56111}] SEQPACKET 8
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D75043EC-03C1-406D-99CE-45D36DB56111}] DATAGRAM 8
**** Blocked Control Panel Items ****
BLOCKED: [ncpa.cpl] No
**** Downloaded Program Files ****
**** Windows Services ****
[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[Ati HotKey Poller] %SystemRoot%\System32\Ati2evxx.exe
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[CA_LIC_CLNT] C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
[CA_LIC_SRVR] C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
[ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
[ccProxy] "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
[ccPwdSvc] "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
[ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
[CiSvc] %SystemRoot%\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[ImapiService] C:\WINDOWS\System32\imapi.exe
[Ip6FwHlp] %SystemRoot%\System32\svchost.exe -k netsvcs
[ISSVC] C:\Program Files\Norton Personal Firewall\ISSVC.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[LogWatch] C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
[LPDSVC] %SystemRoot%\System32\tcpsvcs.exe
[MDM] "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\System32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardDrv] %SystemRoot%\System32\SCardSvr.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[SNDSrvc] C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
[SNMP] %SystemRoot%\System32\snmp.exe
[SNMPTRAP] %SystemRoot%\System32\snmptrap.exe
[SPBBCSvc] C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{31C470A8-D205-4842-AC2A-CD97FEB974AF}
[Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[SymWSC] C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost.exe -k netsvcs
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[uploadmgr] %SystemRoot%\System32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
**** Custom IE Search Items ****
SEARCH: [SearchAssistant] http://ie.search.msn...st/srchcust.htm
SEARCH: [CustomizeSearch] http://ie.search.msn...st/srchcust.htm
**** Complete IE Options ****
IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] http://www.google.com/
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.google.com/
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [SmoothScroll]
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [AddToFavoritesExpanded]
IEOPT: [FormSuggest PW Ask] no
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [HistoryViewType]
IEOPT: [HistoryTopNSitesView]
IEOPT: [AutoSearch]
***(WHAT IS THIS???)**
IEOPT: [Toolbars_Placement] ñcA·a¿ñ˜ÿw©yw_æ˜Ã)ÿÿÿÿ
IEOPT: [Use Search Asst] no
IEOPT: [Search Page]
IEOPT: [CheckDocumentForProgID] yes
IEOPT: [ShowGoButton] yes
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [Use FormSuggest] yes
IEOPT: [FormSuggest Passwords] yes
IEOPT: [Use Custom Search URL]
IEOPT: [Disable Script Debugger] no
IEOPT: [AllowWindowReuse]
IEOPT: [Default_Page_Url] http://www.google.com/
IEOPT: [Default_Search_Url] http://www.google.com/
IEOPT: [CustomizeSearch] http://ie.search.msn...st/srchcust.htm
IEOPT: [SearchAssistant] http://ie.search.msn...st/srchasst.htm
IEOPT: [Default_Search_URL] http://www.google.com/
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] http://www.google.com/
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://www.google.com/
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Use Search Asst] no
IEOPT: [Search Page] http://www.google.com
IEOPT: [Search Bar]
IEOPT: [IEWatsonDisabled]
IEOPT: [IEWatsonEnabled]
IEOPT: [Default_Page_URL] http://www.google.com/