[Jumping Frog]

Thanks in advance for your help.

Symptoms are google redirects to montermarketplace, upspiral, bediddle "search" engines and lots of popups

Housecall says I have troj_dloader.drz which can't be deleted, and a file called Javacore.exe (should I try to delete that?)

Adaware detects a few cookies, same with Sbybot S&D. McAfee stinger did not find anything.

Here's the HJT log - thanks again

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Garmin\gStart.exe
C:\Program Files\MapEDC\MapEDC.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070807
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1191966155003
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {EA982C26-97EC-11D5-ABBC-00B0D078911C} (PViewIEPlugin Control) - http://proe-pv/eds/P...iewieplugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = [EDITED].com
O17 - HKLM\Software\..\Telephony: DomainName = [EDITED].com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = [EDITED].com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = [EDITED].com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\abbynpaulsvisit2007%20026[1].jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Mum's pics 2005\2005_1006holschool0028.JPG
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\monty.jpg
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\abbynpaulsvisit2007 026 Cropped.jpg
O24 - Desktop Component 4: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\fergie.jpg
O24 - Desktop Component 5: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\Friday Crop.jpg
O24 - Desktop Component 6: (no name) - file:///C:/Documents%20and%20Settings/[EDITED]/My%20Documents/My%20Pictures/Puppies/wilbur.jpg
O24 - Desktop Component 7: (no name) - file:///C:/Documents%20and%20Settings/[EDITED]/My%20Documents/My%20Pictures/Puppies/Bod%20and%20Miss%20B.jpg
O24 - Desktop Component 8: (no name) - C:\Documents and Settings\[EDITED]\Favorites\DSCN0470.JPG
O24 - Desktop Component 9: (no name) - file:///C:/Documents%20and%20Settings/[EDITED]/My%20Documents/My%20Pictures/Puppies/sarah.jpg

Edited by Jumping Frog, 01 March 2008 - 12:45 PM.

[Advertisements]

Hi Jumping Frog

welcome to geekstogo:

some questions first, then we will do a general sweep of your system to catch the general malware i can see, followed by a deeper scan of your machine.

a question first: do you know what the site www.[EDITED].com is? is it your company?

also, you have an ActiveX on your machine detailed (PViewIEPlugin Control) - http://proe-pv/eds/P...iewieplugin.cab - any ideas what this is?

and finally, are these desktop components valid?
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\abbynpaulsvisit2007%20026[1].jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Mum's pics 2005\2005_1006holschool0028.JPG
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\monty.jpg
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\abbynpaulsvisit2007 026 Cropped.jpg
O24 - Desktop Component 4: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\fergie.jpg
O24 - Desktop Component 5: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\Friday Crop.jpg
O24 - Desktop Component 6: (no name) - file:///C:/Documents%20and%20Settings/[EDITED]/My%20Documents/My%20Pictures/Puppies/wilbur.jpg
O24 - Desktop Component 7: (no name) - file:///C:/Documents%20and%20Settings/[EDITED]/My%20Documents/My%20Pictures/Puppies/Bod%20and%20Miss%20B.jpg
O24 - Desktop Component 8: (no name) - C:\Documents and Settings\[EDITED]\Favorites\DSCN0470.JPG
O24 - Desktop Component 9: (no name) - file:///C:/Documents%20and%20Settings/[EDITED]/My%20Documents/My%20Pictures/Puppies/sarah.jpg

then:

====STEP 1====
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


====STEP 2====
Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

In your next reply could i see:
1. the answer to the 3 questions
2. the malwarebytes log
3. the 2 DSS logs

there will be a lot of information to post, so you may have to post it over more than one reply to ensure all the information is posted.

andrewuk

Edited by andrewuk, 01 March 2008 - 01:03 PM.

[andrewuk]

Hi Jumping Frog

welcome to geekstogo:

some questions first, then we will do a general sweep of your system to catch the general malware i can see, followed by a deeper scan of your machine.

a question first: do you know what the site www.[EDITED].com is? is it your company?

also, you have an ActiveX on your machine detailed (PViewIEPlugin Control) - http://proe-pv/eds/P...iewieplugin.cab - any ideas what this is?

and finally, are these desktop components valid?
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\abbynpaulsvisit2007%20026[1].jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Mum's pics 2005\2005_1006holschool0028.JPG
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\monty.jpg
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\abbynpaulsvisit2007 026 Cropped.jpg
O24 - Desktop Component 4: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\fergie.jpg
O24 - Desktop Component 5: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\Friday Crop.jpg
O24 - Desktop Component 6: (no name) - file:///C:/Documents%20and%20Settings/[EDITED]/My%20Documents/My%20Pictures/Puppies/wilbur.jpg
O24 - Desktop Component 7: (no name) - file:///C:/Documents%20and%20Settings/[EDITED]/My%20Documents/My%20Pictures/Puppies/Bod%20and%20Miss%20B.jpg
O24 - Desktop Component 8: (no name) - C:\Documents and Settings\[EDITED]\Favorites\DSCN0470.JPG
O24 - Desktop Component 9: (no name) - file:///C:/Documents%20and%20Settings/[EDITED]/My%20Documents/My%20Pictures/Puppies/sarah.jpg

then:

====STEP 1====
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


====STEP 2====
Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

In your next reply could i see:
1. the answer to the 3 questions
2. the malwarebytes log
3. the 2 DSS logs

there will be a lot of information to post, so you may have to post it over more than one reply to ensure all the information is posted.

andrewuk

Edited by andrewuk, 01 March 2008 - 01:03 PM.

[Jumping Frog]

Hello Andrew, thanks for helping.

OK,

Question 1 - [EDITED] is my work
Question 2 - I think it is a legitimate program called ProductView that was installed by our IT people
Question 3 - They are all genuine photos on my desk top.

Here is the MBAM log:

Malwarebytes' Anti-Malware 1.05
Database version: 433

Scan type: Quick Scan
Objects scanned: 36275
Time elapsed: 12 minute(s), 21 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 8

Memory Processes Infected:
c:\program files\MapEDC\MapEDC.exe (Trojan.Stars) -> Unloaded process successfully.
c:\program files\JavaCore\JavaCore.exe (Trojan.Insider) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\javacore (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MapEDC (Trojan.Stars) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JavaCore (Trojan.Insider) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\MapEDC (Adware.Maxifiles) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\MapEDC\MapEDC.exe (Trojan.Stars) -> Quarantined and deleted successfully.
c:\program files\JavaCore\JavaCore.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\WINDOWS\b153.exe_old (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu72.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Documents and Settings\[EDITED]\Local Settings\Temp\ismtpa11.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\Temporary\InsiDERInst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore\UnInstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\MapEDC\IDE.stt (Adware.Maxifiles) -> Quarantined and deleted successfully.

****************************************

DSS - a couple of things, the first time I downloaded and ran the program, it wouldn't create any txt files, I just had a message that said "Network Path could not be found" - I deleted and downloaded again - it only generated one text file, main.txt.

Here it is:

Deckard's System Scanner v20071014.68
Run by [EDITED] on 2008-02-29 21:57:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as [EDITED].exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:51 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\[EDITED]\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\[EDITED].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070807
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1191966155003
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {EA982C26-97EC-11D5-ABBC-00B0D078911C} (PViewIEPlugin Control) - http://proe-pv/eds/P...iewieplugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = [EDITED].com
O17 - HKLM\Software\..\Telephony: DomainName = [EDITED].com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = [EDITED].com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = [EDITED].com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\abbynpaulsvisit2007%20026[1].jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Mum's pics 2005\2005_1006holschool0028.JPG
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\monty.jpg
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\abbynpaulsvisit2007 026 Cropped.jpg
O24 - Desktop Component 4: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\fergie.jpg
O24 - Desktop Component 5: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\Friday Crop.jpg
O24 - Desktop Component 6: (no name) - file:///C:/Documents%20and%20Settings/[EDITED]/My%20Documents/My%20Pictures/Puppies/wilbur.jpg
O24 - Desktop Component 7: (no name) - file:///C:/Documents%20and%20Settings/[EDITED]/My%20Documents/My%20Pictures/Puppies/Bod%20and%20Miss%20B.jpg
O24 - Desktop Component 8: (no name) - C:\Documents and Settings\[EDITED]\Favorites\DSCN0470.JPG
O24 - Desktop Component 9: (no name) - file:///C:/Documents%20and%20Settings/[EDITED]/My%20Documents/My%20Pictures/Puppies/sarah.jpg

--
End of file - 7967 bytes

-- Files created between 2008-01-29 and 2008-02-29 -----------------------------

2008-02-29 21:10:23 0 d-------- C:\Documents and Settings\[EDITED]\Application Data\Malwarebytes
2008-02-29 21:09:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-29 21:09:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-29 20:30:39 0 d-------- C:\Program Files\Trend Micro
2008-02-28 20:46:32 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-28 19:54:50 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-02-28 19:38:13 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-28 18:58:31 0 d-------- C:\WINDOWS\ERUNT
2008-02-27 21:16:19 0 d-------- C:\Documents and Settings\[EDITED]\.housecall6.6
2008-02-26 18:52:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-25 15:02:54 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-02-25 15:02:54 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-02-23 20:54:26 0 d-------- C:\Program Files\Picasa2
2008-02-17 08:29:45 0 d-------- C:\Program Files\HP
2008-02-17 08:29:38 3732 -----n--- C:\WINDOWS\hpfmdl09.dat
2008-02-17 08:29:38 102833 --a------ C:\WINDOWS\HPFins09.dat
2008-02-17 08:28:45 98304 --a------ C:\WINDOWS\system32\hpzjsn01.dll <Not Verified; Hewlett Packard Company; HPJZSN01 Dynamic Link Library>
2008-02-16 09:31:20 0 d-------- C:\unzipped
2008-01-29 09:36:45 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles


-- Find3M Report ---------------------------------------------------------------

2008-02-29 21:51:45 0 d-------- C:\Program Files\Symantec AntiVirus
2008-02-29 21:23:52 0 d-------- C:\Program Files\Common Files
2008-02-29 08:08:04 0 d-------- C:\Program Files\TightVNC
2008-02-28 20:43:42 0 d-------- C:\Program Files\Apoint
2008-02-28 19:53:53 0 d-------- C:\Program Files\Windows Defender
2008-02-28 19:53:12 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-28 19:52:25 0 d-------- C:\Program Files\Windows Desktop Search
2008-02-28 19:52:14 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-02-28 19:51:45 0 d-------- C:\Program Files\QuickTime
2008-02-28 19:51:28 0 d-------- C:\Program Files\Google
2008-02-26 09:15:13 0 d-------- C:\Documents and Settings\[EDITED]\Application Data\AdobeUM
2008-02-23 13:41:20 0 d-------- C:\Documents and Settings\[EDITED]\Application Data\Adobe
2008-02-16 09:29:08 0 d-------- C:\Documents and Settings\[EDITED]\Application Data\Google
2008-01-29 09:49:17 74344 --a------ C:\WINDOWS\system32\nvModes.dat
2008-01-28 19:44:00 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-28 19:13:59 0 d-------- C:\Program Files\Yahoo!
2008-01-28 19:13:03 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-01-28 19:05:04 0 d-------- C:\Documents and Settings\[EDITED]\Application Data\Windows Desktop Search
2008-01-28 18:50:32 0 d-------- C:\Documents and Settings\[EDITED]\Application Data\SpamBayes
2008-01-28 18:49:17 0 d-------- C:\Program Files\SpamBayes
2008-01-28 18:46:16 0 d-------- C:\Documents and Settings\[EDITED]\Application Data\GARMIN
2008-01-28 15:50:27 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-28 15:42:26 0 d-------- C:\Program Files\Lavasoft
2008-01-28 15:42:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-28 14:53:00 0 d-------- C:\Program Files\AutoCAD LT 2005
2008-01-28 11:27:35 0 d-------- C:\Documents and Settings\[EDITED]\Application Data\Lavasoft
2008-01-28 11:20:30 0 d-------- C:\Program Files\AT&T Global Network Client
2008-01-28 10:03:45 0 d-------- C:\Documents and Settings\[EDITED]\Application Data\Macromedia
2008-01-25 17:22:34 0 d-------- C:\Documents and Settings\[EDITED]\Application Data\Autodesk
2008-01-25 17:07:17 0 d-------- C:\Program Files\Fourth Shift


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/26/2004 12:01 PM]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/13/2004 11:33 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/19/2006 06:26 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [09/27/2006 07:33 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 05:58 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/28/2008 04:54 PM]
"gStart"="C:\Garmin\gStart.exe" [08/23/2007 05:58 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [5/15/2003 1:19:50 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [1/28/2008 4:54:37 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 12:01:04 AM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 3:40:46 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [10/9/2007 4:21:45 PM]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2/5/2008 2:29:20 PM]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\abbynpaulsvisit2007%20026[1].jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Mum's pics 2005\2005_1006holschool0028.JPG
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\monty.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\abbynpaulsvisit2007 026 Cropped.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
Source= C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\fergie.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
Source= C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\Friday Crop.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\8]
Source= C:\Documents and Settings\[EDITED]\Favorites\DSCN0470.JPG
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime




-- End of Deckard's System Scanner: finished at 2008-02-29 21:58:19 ------------

Edited by Jumping Frog, 01 March 2008 - 12:48 PM.

[andrewuk]

your logs are looking better.

it only generated one text file, main.txt.

no problem.

in this post we will flush your temp folders and do a couple more scans to see what else is in there.

the scans will likely take over 2 hours, so just let them run


====STEP 1====
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


====STEP 2====
Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

====STEP 3====
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

In your next reply could i see:
1. the SUPERantispyware log
2. the kaspersky log
3. a new hijackthis log

there may be a lot of information to post, in which case you may need to post it over more than one reply to ensure all the information is posted.

andrewuk

[Jumping Frog]

Good morning

your logs are looking better.

It's behaving better too, and runnning much faster as well.

***************************************

OK here is the SUPERAntiSpyware log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/01/2008 at 00:13 AM

Application Version : 4.0.1154

Core Rules Database Version : 3412
Trace Rules Database Version: 1404

Scan type : Complete Scan
Total Scan Time : 01:00:44

Memory items scanned : 469
Memory threats detected : 0
Registry items scanned : 5465
Registry threats detected : 0
File items scanned : 37778
File threats detected : 0


*******************************
Here is the Kapersky Log


KASPERSKY ONLINE SCANNER REPORT
Saturday, March 01, 2008 6:49:21 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/03/2008
Kaspersky Anti-Virus database records: 591319
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 39061
Number of viruses found: 12
Number of infected objects: 20
Number of suspicious objects: 0
Duration of the scan process: 01:50:03

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.33.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.33.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wsb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy59.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_490.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01282008-113122.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B5C0000.VBN Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B5C0001.VBN Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B5C0003.VBN Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B5C0004.VBN Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B5C0006.VBN Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B5C0007.VBN Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B5C0008.VBN Infected: Trojan-Downloader.Win32.Agent.fjv skipped
C:\Documents and Settings\[EDITED]\.housecall6.6\Quarantine\b152.exe.bac_a05160 Infected: Trojan-Dropper.Win32.Agent.eso skipped
C:\Documents and Settings\[EDITED]\.housecall6.6\Quarantine\JavaCore.exe.bac_a05160 Infected: not-a-virus:AdWare.Win32.Insider.b skipped
C:\Documents and Settings\[EDITED]\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.16720 Infected: Trojan-Downloader.Win32.Agent.jya skipped
C:\Documents and Settings\[EDITED]\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-2-29-2008( 23-8-28 ).LOG Object is locked skipped
C:\Documents and Settings\[EDITED]\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\[EDITED]\Favorites\Downloads\fp2006-final-3[1].00-setup.exe/file1626 Infected: not-virus:BadJoke.JS.RJump skipped
C:\Documents and Settings\[EDITED]\Favorites\Downloads\fp2006-final-3[1].00-setup.exe Inno: infected - 1 skipped
C:\Documents and Settings\[EDITED]\Local Settings\Application Data\Microsoft\Desktop Search\Logs\OTFSMonLog.txt Object is locked skipped
C:\Documents and Settings\[EDITED]\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\[EDITED]\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\[EDITED]\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{887D3885-A231-4896-A5D7-D4AD72B59DAA} Object is locked skipped
C:\Documents and Settings\[EDITED]\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\[EDITED]\Local Settings\Temporary Internet Files\Content.IE5\2GD9B7NZ\bind[1].htm Object is locked skipped
C:\Documents and Settings\[EDITED]\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\[EDITED]\ntuser.dat Object is locked skipped
C:\Documents and Settings\[EDITED]\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0187NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0427NAV~.TMP Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\00010005.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C5FF763E-78A6-4330-BE34-EA1AF7B7716F}\RP57\A0008747.exe/file1626 Infected: not-virus:BadJoke.JS.RJump skipped
C:\System Volume Information\_restore{C5FF763E-78A6-4330-BE34-EA1AF7B7716F}\RP57\A0008747.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{C5FF763E-78A6-4330-BE34-EA1AF7B7716F}\RP84\A0013521.exe Infected: Trojan-Downloader.Win32.Agent.jhv skipped
C:\System Volume Information\_restore{C5FF763E-78A6-4330-BE34-EA1AF7B7716F}\RP84\A0013524.exe Infected: Trojan-Dropper.Win32.Agent.eso skipped
C:\System Volume Information\_restore{C5FF763E-78A6-4330-BE34-EA1AF7B7716F}\RP84\A0013530.exe Infected: Trojan-Downloader.Win32.Agent.joz skipped
C:\System Volume Information\_restore{C5FF763E-78A6-4330-BE34-EA1AF7B7716F}\RP86\A0014700.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\System Volume Information\_restore{C5FF763E-78A6-4330-BE34-EA1AF7B7716F}\RP86\A0014702.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\System Volume Information\_restore{C5FF763E-78A6-4330-BE34-EA1AF7B7716F}\RP87\A0014889.exe Infected: Trojan-Downloader.Win32.Agent.jya skipped
C:\System Volume Information\_restore{C5FF763E-78A6-4330-BE34-EA1AF7B7716F}\RP89\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
******************************************************

Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:06 AM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070807
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1191966155003
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {EA982C26-97EC-11D5-ABBC-00B0D078911C} (PViewIEPlugin Control) - http://proe-pv/eds/P...iewieplugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = [EDITED].com
O17 - HKLM\Software\..\Telephony: DomainName = [EDITED].com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = [EDITED].com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = [EDITED].com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\abbynpaulsvisit2007%20026[1].jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Mum's pics 2005\2005_1006holschool0028.JPG
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\monty.jpg
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\abbynpaulsvisit2007 026 Cropped.jpg
O24 - Desktop Component 4: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\fergie.jpg
O24 - Desktop Component 5: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\Friday Crop.jpg
O24 - Desktop Component 6: (no name) - file:///C:/Documents%20and%20Settings/[EDITED]/My%20Documents/My%20Pictures/Puppies/wilbur.jpg
O24 - Desktop Component 7: (no name) - file:///C:/Documents%20and%20Settings/[EDITED]/My%20Documents/My%20Pictures/Puppies/Bod%20and%20Miss%20B.jpg
O24 - Desktop Component 8: (no name) - C:\Documents and Settings\[EDITED]\Favorites\DSCN0470.JPG
O24 - Desktop Component 9: (no name) - file:///C:/Documents%20and%20Settings/[EDITED]/My%20Documents/My%20Pictures/Puppies/sarah.jpg

--
End of file - 8415 bytes

Edited by Jumping Frog, 01 March 2008 - 12:51 PM.

[andrewuk]

Hi Jumping Frog

congratulations, your logs are clean

those scans found nothing more that was not already quarantined

so, in this post we will clear your restore points (there are infections lurking in there) and i will leave you with some ideas on how to enhance the protection of your machine against future infection.


====STEP 1====
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

Instructions with screenshots to help is http://www.f-secure..../sfc_dis1.shtml

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405


====AND FINALLY====
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

• Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  
• AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  
• SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  
• SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  
• IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  
• Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein


andrewuk

[Jumping Frog]

Many thanks for your help - the machine runs so much better now - and thanks for the tips to prevent future infections.

I have a request - would you mind editing your initial reply to delete the text below? (I'll clean up my posts too) There some personal stuff that I would prefer was not in the public domain.

do you know what the site www.[EDITED].com is? is it your company?

also, you have an ActiveX on your machine detailed (PViewIEPlugin Control) - http://proe-pv/eds/P...iewieplugin.cab - any ideas what this is?

and finally, are these desktop components valid?
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\abbynpaulsvisit2007%20026[1].jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Mum's pics 2005\2005_1006holschool0028.JPG
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\monty.jpg
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\abbynpaulsvisit2007 026 Cropped.jpg
O24 - Desktop Component 4: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\fergie.jpg
O24 - Desktop Component 5: (no name) - C:\Documents and Settings\[EDITED]\My Documents\My Pictures\Puppies\Friday Crop.jpg
O24 - Desktop Component 6: (no name) - file:///C:/Documents%20and%20Settings/[EDITED]/My%20Documents/My%20Pictures/Puppies/wilbur.jpg
O24 - Desktop Component 7: (no name) - file:///C:/Documents%20and%20Settings/[EDITED]/My%20Documents/My%20Pictures/Puppies/Bod%20and%20Miss%20B.jpg
O24 - Desktop Component 8: (no name) - C:\Documents and Settings\[EDITED]\Favorites\DSCN0470.JPG
O24 - Desktop Component 9: (no name) - file:///C:/Documents%20and%20Settings/[EDITED]/My%20Documents/My%20Pictures/Puppies/sarah.jpg

Cheers!

Edited by Jumping Frog, 01 March 2008 - 12:55 PM.

[andrewuk]

I have a request - would you mind editing your initial reply to delete the text below? (I'll clean up my posts too) There some personal stuff that I would prefer was not in the public domain.

done

[andrewuk]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.