Could you please help?
I am providing HijackThis and Ewido Security Suite Logs.
Here is the HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 1:33:58 PM, on 6/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Novell\iFolder\trayapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Software\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitencn32.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Novell iFolder.lnk = C:\Program Files\Novell\iFolder\trayapp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.homeviewb...om/tdserver.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Software\CWShredder\CWShredder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
Here is ewido security suite log.
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 1:03:17 PM, 6/1/2005
+ Report-Checksum: 6678A4E5
+ Date of database: 6/1/2005
+ Version of scan engine: v3.0
+ Duration: 47 min
+ Scanned Files: 144863
+ Speed: 50.53 Files/Second
+ Infected files: 56
+ Removed files: 56
+ Files put in quarantine: 56
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\Documents and Settings\Paul Barbara\Cookies\paul [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Paul Barbara\Cookies\paul barbara@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Paul Barbara\Cookies\paul barbara@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Paul Barbara\Cookies\paul [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Common Files\WinTools\WToolsB.dll -> Spyware.Wintol.y -> Cleaned with backup
C:\Program Files\Common Files\WinTools\WToolsS.exe -> TrojanDownloader.Wintool.f -> Cleaned with backup
C:\Program Files\FwBarTemp\searchbar.exe -> TrojanDownloader.VB.eu -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP310\A0024465.exe -> Spyware.VirtualBouncer.i -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP324\A0024765.exe -> TrojanDownloader.Wintool.e -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP324\A0024767.exe -> Spyware.WebSearch.aj -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP324\A0024778.exe -> Spyware.Wintol.y -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP324\A0024780.exe -> TrojanDownloader.Intexp.c -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP324\A0024803.exe -> Spyware.Wintol.y -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP325\A0024826.exe -> Spyware.Wintol.y -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP326\A0024834.exe -> Spyware.Wintol.y -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP326\A0024845.exe -> Spyware.Wintol.y -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP327\A0024854.exe -> Spyware.Wintol.y -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP327\A0024864.exe -> Spyware.Wintol.y -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP328\A0024900.dll -> Trojan.Pakes -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP328\A0024903.exe -> Trojan.Pakes -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP328\A0024906.exe -> Trojan.Pakes -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP328\A0024908.exe -> Spyware.Apropos -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP328\A0024917.dll -> Spyware.VirtualBouncer.g -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP328\A0024918.dll -> Spyware.VirtualBouncer.g -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP328\A0024919.dll -> Spyware.VirtualBouncer.g -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP328\A0024920.dll -> Spyware.VirtualBouncer.g -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP328\A0024926.exe -> Spyware.Wintol.y -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP329\A0024937.exe -> Spyware.Wintol.y -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP330\A0024967.exe -> Spyware.Wintol.y -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP331\A0024979.exe -> Spyware.Wintol.y -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP332\A0024989.exe -> Spyware.Wintol.y -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP332\A0025003.exe -> Spyware.Wintol.y -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP332\A0025004.exe -> Spyware.Wintol.y -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP332\A0025433.exe -> Trojan.AproposAd -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP332\A0025434.exe -> Trojan.AproposAd -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP332\A0025435.exe -> Spyware.BetterInternet.d -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP332\A0025436.dll -> Spyware.BetterInternet.d -> Cleaned with backup
C:\WINDOWS\bsx32\EECH1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\SPZ3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace.e -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\pcs_0002.exe -> Spyware.Pacer.b -> Cleaned with backup
C:\WINDOWS\SYSTEM32\cxtpls_loader.exe -> TrojanDownloader.Apropo.ab -> Cleaned with backup
C:\WINDOWS\SYSTEM32\exp.exe -> TrojanDownloader.Small.abd -> Cleaned with backup
C:\WINDOWS\SYSTEM32\HookPopup.dll -> Spyware.DealHelper.ab -> Cleaned with backup
C:\WINDOWS\SYSTEM32\installer_MARKETING18.exe -> TrojanDownloader.Adload.a -> Cleaned with backup
C:\WINDOWS\SYSTEM32\main.exe -> TrojanDownloader.Agent.hw -> Cleaned with backup
C:\WINDOWS\SYSTEM32\nsg2D.dll -> Spyware.HotBar -> Cleaned with backup
C:\WINDOWS\SYSTEM32\pacis.exe -> Spyware.Pacer.a -> Cleaned with backup
C:\WINDOWS\SYSTEM32\Rskpzq.exe -> Spyware.DealHelper.ac -> Cleaned with backup
C:\WINDOWS\SYSTEM32\temperror32.dat -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\SYSTEM32\wintask.exe -> TrojanDownloader.Small.abd -> Cleaned with backup
C:\WINDOWS\SYSTEM32\Wkkmfp.exe -> Trojan.Popmon.a -> Cleaned with backup
C:\WINDOWS\SYSTEM32\wrapperouter.exe -> TrojanDropper.Agent.hl -> Cleaned with backup
C:\WINDOWS\vfcamqfd.exe -> Spyware.BookedSpace.e -> Cleaned with backup
::Report End