It's looking healthier! Thank you!!!
I have listed the log files below.
Logfile of HijackThis v1.99.1
Scan saved at 16:55:06, on 17/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Documents and Settings\Anne marie\Desktop\HijackThis.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common
Ad-Aware SE Build 1.06r1
Logfile Created on:17 August 2005 15:51:54
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R61 10.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):26 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R61 10.08.2005
Internal build : 71
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 508229 Bytes
Total size : 1531791 Bytes
Signature data size : 1498915 Bytes
Reference data size : 32364 Bytes
Signatures total : 42681
CSI Fingerprints total : 1003
CSI data size : 35408 Bytes
Target categories : 15
Target families : 729
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:70 %
Total physical memory:523264 kb
Available physical memory:362748 kb
Total page file size:3565132 kb
Available on page file:3479360 kb
Total virtual memory:2097024 kb
Available virtual memory:2046632 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
17-08-2005 15:51:54 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Anne marie\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Anne marie\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-1487898633-2051107529-1879992265-1009\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : S-1-5-21-1487898633-2051107529-1879992265-1009\software\adobe\photoshop\7.0\visiteddirs
Description : adobe photoshop 7 recent work folders
MRU List Object Recognized!
Location: : S-1-5-21-1487898633-2051107529-1879992265-1009\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar
MRU List Object Recognized!
Location: : S-1-5-21-1487898633-2051107529-1879992265-1009\software\jasc\paint shop pro 7\recent file list
Description : list of recently used files in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-1487898633-2051107529-1879992265-1009\software\macromedia\flash 7\recent file list
Description : list of recently used files in macromedia flash
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1487898633-2051107529-1879992265-1009\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1487898633-2051107529-1879992265-1009\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1487898633-2051107529-1879992265-1009\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1487898633-2051107529-1879992265-1009\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-1487898633-2051107529-1879992265-1009\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-1487898633-2051107529-1879992265-1009\software\microsoft\office\9.0\excel\recent files
Description : list of recent files used by microsoft excel
MRU List Object Recognized!
Location: : S-1-5-21-1487898633-2051107529-1879992265-1009\software\microsoft\office\9.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-1487898633-2051107529-1879992265-1009\software\microsoft\office\9.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-1487898633-2051107529-1879992265-1009\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-1487898633-2051107529-1879992265-1009\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-1487898633-2051107529-1879992265-1009\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : S-1-5-21-1487898633-2051107529-1879992265-1009\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1487898633-2051107529-1879992265-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1487898633-2051107529-1879992265-1009\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1487898633-2051107529-1879992265-1009\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-1487898633-2051107529-1879992265-1009\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 144
ThreadCreationTime : 17-08-2005 14:29:23
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 192
ThreadCreationTime : 17-08-2005 14:29:33
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 216
ThreadCreationTime : 17-08-2005 14:29:34
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 260
ThreadCreationTime : 17-08-2005 14:29:38
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 272
ThreadCreationTime : 17-08-2005 14:29:38
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 416
ThreadCreationTime : 17-08-2005 14:29:41
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 480
ThreadCreationTime : 17-08-2005 14:29:42
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 556
ThreadCreationTime : 17-08-2005 14:29:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 1544
ThreadCreationTime : 17-08-2005 14:50:14
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1780
ThreadCreationTime : 17-08-2005 14:51:26
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:11 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1848
ThreadCreationTime : 17-08-2005 14:51:41
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 26
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26
16:03:18 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:23.750
Objects scanned:153169
Objects identified:0
Objects ignored:0
New critical objects:0
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 16:49:48, 17/08/2005
+ Report-Checksum: 39DED177
+ Scan result:
:mozilla.9:C:\Documents and Settings\Anne marie\Application Data\Mozilla\Firefox\Profiles\48xs4tpb.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Anne marie\Application Data\Mozilla\Firefox\Profiles\48xs4tpb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Anne marie\Application Data\Mozilla\Firefox\Profiles\48xs4tpb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Anne marie\Application Data\Mozilla\Firefox\Profiles\48xs4tpb.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Anne marie\Application Data\Mozilla\Firefox\Profiles\48xs4tpb.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Anne marie\Application Data\Mozilla\Firefox\Profiles\48xs4tpb.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Anne marie\Application Data\Mozilla\Firefox\Profiles\48xs4tpb.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Anne marie\Application Data\Mozilla\Firefox\Profiles\48xs4tpb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Anne marie\Application Data\Mozilla\Firefox\Profiles\48xs4tpb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Anne marie\Application Data\Mozilla\Firefox\Profiles\48xs4tpb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Anne marie\Application Data\Mozilla\Firefox\Profiles\48xs4tpb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Anne marie\Application Data\Mozilla\Firefox\Profiles\48xs4tpb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Anne marie\Application Data\Mozilla\Firefox\Profiles\48xs4tpb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Anne marie\Application Data\Mozilla\Firefox\Profiles\48xs4tpb.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Anne marie\Application Data\Mozilla\Firefox\Profiles\48xs4tpb.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Anne marie\Application Data\Mozilla\Firefox\Profiles\48xs4tpb.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Anne marie\Application Data\Mozilla\Firefox\Profiles\48xs4tpb.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Anne marie\Desktop\backups\backup-20050817-120619-565.dll -> Trojan.Puper.g : Cleaned with backup
C:\Documents and Settings\Anne marie\Desktop\backups\backup-20050817-121210-580.dll -> Trojan.Puper.g : Cleaned with backup
C:\Documents and Settings\Anne marie\Desktop\backups\backup-20050817-125326-740.dll -> Trojan.Puper.g : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\04B4C5E8-5663-4E09-8B54-0FDDFD\C458CE47-6187-4EA7-84BA-BF5A17 -> Trojan.SpySheriff : Cleaned with backup
::Report End