Thanks for your help therock.
Ok, I followed your instructions. I may have made an error though, I clicked " fix checked" and closed Hijack this before opening smitRem which you did not specify to do.
I also ignored 67 infected files on the Ewido scan, all connected to Mozilla, because I had no idea whether they were false positives or not.
I am still getting the window error message.
Here are the log files:
Logfile of HijackThis v1.99.1
Scan saved at 16:24:56, on 16/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
C:\Program Files\Browser MOUSE\R2M.EXE
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\WINDOWS\System32\atwtusb.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Documents and Settings\shane\Desktop\hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
O4 - HKLM\..\Run: [FLMBROWSEMOUSE2] C:\Program Files\Browser MOUSE\R2M.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by24fd.bay24....es/MsnPUpld.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pdownloader.cabO20 - Winlogon Notify: avpx32 - C:\WINDOWS\SYSTEM32\avpx32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 16:18:06, 16/07/2005
+ Report-Checksum: 6D3181F4
+ Scan result:
:mozilla.23:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Bluestreak : Ignored
:mozilla.26:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Mediaplex : Ignored
:mozilla.32:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.34:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.35:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.36:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Atdmt : Ignored
:mozilla.37:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.38:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.93:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.94:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.95:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.96:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.97:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.98:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.99:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.100:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.101:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.102:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.103:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.104:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.105:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.119:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.120:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.124:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Ru4 : Ignored
:mozilla.125:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Ru4 : Ignored
:mozilla.133:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.180:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.181:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.182:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.183:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.184:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.199:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Bfast : Ignored
:mozilla.201:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Ignored
:mozilla.204:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Adviva : Ignored
:mozilla.205:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Adviva : Ignored
:mozilla.206:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Adviva : Ignored
:mozilla.209:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Questionmarket : Ignored
:mozilla.211:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.212:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.213:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.214:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.215:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.216:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.217:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.225:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.226:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.227:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.228:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.229:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.230:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.288:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.289:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.291:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.292:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.328:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.329:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.355:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.356:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.357:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.372:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Adtech : Ignored
:mozilla.373:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Adtech : Ignored
:mozilla.437:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Centrport : Ignored
:mozilla.438:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Centrport : Ignored
:mozilla.448:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Ignored
:mozilla.449:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Ignored
:mozilla.450:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Ignored
:mozilla.451:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\mwh6n683.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Ignored
::Report End
Pre-run Files Present
~~~ Program Files ~~~
~~~ Shortcuts ~~~
PSGuard.lnk
PSGuard.com
PSGuard.lnk
~~~ Favorites ~~~
~~~ system32 folder ~~~
wp.bmp
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Post-run Files Present
~~~ Program Files ~~~
~~~ Shortcuts ~~~
PSGuard.lnk
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Wininet.dll ~~~
CLEAN!
*Edit* I was unable to run the Panda scan. It seems it is not supported by my browser.
Edited by beeps, 16 July 2005 - 09:39 AM.