Here's the new HiJackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 4:51:38 PM, on 6/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\webshots.scr
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.toshiba.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ams-server*
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -
http://by16fd.bay16....ex/HMAtchmt.ocxO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Here's the Ewido scan....
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 4:34:42 PM, 6/3/2005
+ Report-Checksum: E3892A08
+ Date of database: 6/3/2005
+ Version of scan engine: v3.0
+ Duration: 72 min
+ Scanned Files: 106725
+ Speed: 24.47 Files/Second
+ Infected files: 59
+ Removed files: 59
+ Files put in quarantine: 59
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\Documents and Settings\Joseph\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Joseph\Local Settings\Temp\AutoUpdate0\auto_update_install.exe -> Spyware.POP.dl -> Cleaned with backup
C:\Documents and Settings\Joseph\Local Settings\Temp\Del261.tmp -> TrojanDownloader.Small.asf -> Cleaned with backup
C:\Documents and Settings\Joseph\Local Settings\Temp\f292343.exe -> TrojanDownloader.Qoologic.n -> Cleaned with backup
C:\Program Files\AutoUpdate\AutoUpdate.exe -> TrojanDownloader.Apropo.g -> Cleaned with backup
C:\Program Files\CxtPls\ace.dll -> Trojan.Pakes -> Cleaned with backup
C:\Program Files\CxtPls\CxtPls.dll -> Trojan.Pakes -> Cleaned with backup
C:\Program Files\CxtPls\CxtPls.exe -> Trojan.Pakes -> Cleaned with backup
C:\Program Files\CxtPls\uninstaller.exe -> Trojan.Pakes -> Cleaned with backup
C:\Program Files\HJT\backups\backup-20050603-014608-163.dll -> Spyware.BargainBuddy.i -> Cleaned with backup
C:\Program Files\HJT\backups\backup-20050603-014608-287.dll -> Spyware.CoolBar.a -> Cleaned with backup
C:\Program Files\HJT\backups\backup-20050603-014608-667.dll -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\Program Files\HJT\backups\backup-20050603-014608-754.dll -> Spyware.Bargainbuddy -> Cleaned with backup
C:\Program Files\HJT\backups\backup-20050603-014608-784.dll -> Spyware.EliteBar.af -> Cleaned with backup
C:\WINDOWS\autoheal.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\pcs_0011.exe -> Spyware.Pacer.b -> Cleaned with backup
C:\WINDOWS\SWLAD1.dll -> Spyware.VirtualBouncer.g -> Cleaned with backup
C:\WINDOWS\SWLAD2.dll -> Spyware.VirtualBouncer.g -> Cleaned with backup
C:\WINDOWS\system32\anduk.dll -> TrojanDownloader.Qoologic.l -> Cleaned with backup
C:\WINDOWS\system32\angelex.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\WINDOWS\system32\atirop.exe -> Trojan.AproposAd -> Cleaned with backup
C:\WINDOWS\system32\auto_update_uninstall.exe -> Spyware.Apropos -> Cleaned with backup
C:\WINDOWS\system32\bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\system32\cxtpls_loader.exe -> TrojanDownloader.Apropo.ab -> Cleaned with backup
C:\WINDOWS\system32\elitelta32.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\exdl.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\WINDOWS\system32\exdl1.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\WINDOWS\system32\exul.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\exul1.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\gpsrite.dll -> TrojanDownloader.Qoologic.i -> Cleaned with backup
C:\WINDOWS\system32\ide21201.vxd -> Spyware.MediaPass -> Cleaned with backup
C:\WINDOWS\system32\installer_MARKETING30.exe -> TrojanDownloader.Adload.a -> Cleaned with backup
C:\WINDOWS\system32\instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\javexulm.vxd -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\mac80ex.idf/C:/WINDOWS/system32/msbe.dll -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\WINDOWS\system32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/bargains.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adv.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\WINDOWS\system32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adx.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\WINDOWS\system32\mqexdlm.srg -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\WINDOWS\system32\msbe.dll -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\WINDOWS\system32\msexreg.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\nrikpv.exe -> TrojanDownloader.Qoologoc.i -> Cleaned with backup
C:\WINDOWS\system32\nsl22A.dll -> Spyware.HotBar -> Cleaned with backup
C:\WINDOWS\system32\PopOops.dll -> Spyware.VirtualBouncer.g -> Cleaned with backup
C:\WINDOWS\system32\PopOops2.dll -> Spyware.VirtualBouncer.g -> Cleaned with backup
C:\WINDOWS\system32\Qool.exe -> TrojanDropper.Win32.Small.wc -> Cleaned with backup
C:\WINDOWS\system32\temperror32.dat -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\vqwka.dat -> TrojanDownloader.Qoologoc.i -> Cleaned with backup
C:\WINDOWS\system32\wrapperouter.exe -> TrojanDropper.Agent.hl -> Cleaned with backup
C:\WINDOWS\zeta.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
::Report End
What's the best software for preventing another infection? If its not too much trouble can you tell me where I can get some codecs without the adware as well? All I have is the K-Lite codec pack. Which I'm sure probably has something bundled with it. So hope to get a reply and find out what my next step is, thanks GTG!