Hi Flrman1,
The Active scan results are as follows:
Incident Status Location
Adware:adware/adsmart Not disinfected C:\WINDOWS\SYSTEM32\vx.tll
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\timessquare1.dat
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\uniq
Adware:adware/alexa-toolbar Not disinfected Windows Registry
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\raja\Cookies\
[email protected][1].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\raja\Cookies\
[email protected][1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\raja\Cookies\raja@rn11[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\raja\Cookies\raja@mediaplex[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\raja\Cookies\
[email protected][2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\raja\Cookies\raja@sextracker[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\raja\Cookies\raja@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\raja\Cookies\
[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\raja\Cookies\
[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\raja\Cookies\raja@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\raja\Cookies\raja@doubleclick[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\raja\Cookies\raja@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\raja\Cookies\raja@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\raja\Cookies\
[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\raja\Cookies\raja@zedo[2].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\raja\Cookies\
[email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\raja\Cookies\raja@statcounter[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\raja\Cookies\
[email protected][1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\raja\Cookies\raja@paycounter[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[.2o7.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[.belnk.com/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[.kinghost.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[server.iad.liveperson.net/hc/90594700]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[.com.com/]
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\3d1kefgk.default\cookies.txt[]
Virus:W32/Locksky.B.worm Disinfected C:\Documents and Settings\raja\Local Settings\Temp\dmx165.tmp
Virus:W32/Locksky.B.worm Disinfected C:\Documents and Settings\raja\Local Settings\Temp\dmx2E.tmp
Virus:W32/Locksky.B.worm Disinfected C:\Documents and Settings\raja\Local Settings\Temp\dmx35.tmp
Virus:W32/Locksky.B.worm Disinfected C:\Documents and Settings\raja\Local Settings\Temp\dmx36.tmp
Virus:W32/Locksky.B.worm Disinfected C:\Documents and Settings\raja\Local Settings\Temp\dmx37.tmp
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\raja\Cookies\
[email protected][1].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\raja\Cookies\
[email protected][1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\raja\Cookies\raja@rn11[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\raja\Cookies\raja@mediaplex[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\raja\Cookies\
[email protected][2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\raja\Cookies\raja@sextracker[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\raja\Cookies\raja@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\raja\Cookies\
[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\raja\Cookies\
[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\raja\Cookies\raja@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\raja\Cookies\raja@doubleclick[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\raja\Cookies\raja@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\raja\Cookies\raja@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\raja\Cookies\
[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\raja\Cookies\raja@zedo[2].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\raja\Cookies\
[email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\raja\Cookies\raja@statcounter[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\raja\Cookies\
[email protected][1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\raja\Cookies\raja@paycounter[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[90594700]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\raja\Application Data\Mozilla\Firefox\Profiles\rq5wlh0r.default\cookies.txt[]
Virus:Trj/Eiro.H Disinfected C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll.tcf
Virus:Trj/DNSChanger.ED Disinfected C:\Recycled\Dc1.exe
Virus:Trj/DNSChanger.ED Disinfected C:\Recycled\Dc2.exe
Adware:Adware/Adsmart Not disinfected C:\lo-1848575558.exe
Adware:Adware/Adsmart Not disinfected C:\!KillBox\win32.exe.tcf
Adware:Adware/nCase Not disinfected C:\!KillBox\icont.exe6932.tcf
Virus:Trj/Downloader.GWE Disinfected C:\!KillBox\tool1.exe.tcf
Adware:Adware/nCase Not disinfected C:\!KillBox\icont.exe.tcf
Adware:Adware/nCase Not disinfected C:\!KillBox\bw2.com.tcf
Also, the hijackthis log is as:
Logfile of HijackThis v1.99.1
Scan saved at 2:49:51 PM, on 2/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\WCMain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\raja\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.sifymax.c...3aa6f4ff7fcdfedO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Outpost Center] C:\WINDOWS\System32\outpstd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\system32\msvcp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Stardust Wallpaper Control 2003.lnk = C:\WINDOWS\WCMain.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1135610081234O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{E246AB90-7700-4980-A303-913366F76C0B}: NameServer = 202.144.50.4,202.144.13.50
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe