[Solved]HJT Log for Review

Unknown

Hi, I was just wondering whether someone could take a look at my log and see whether there's anything else I should do? Thanks!


Logfile of HijackThis v1.99.1
Scan saved at 4:56:22 PM, on 9/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Norman\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\Program Files\Norman\bin\ZLH.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\unbreakable\Desktop\hijackthis\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pc-ap.fujitsu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pc-ap.fujitsu.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DispSwitchLauncher] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157670051523
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

Trogan

Hi merrylegs, welcome to Short-Media!

Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis

Apart from that one entry, your log is clean; are you having any specific problem(s)?

I can't see any indication of a Firewall. Are you using one?

I would like to see another log from HijackThis.

• Run Hijackthis.
• Click on Open the Misc Tools section.
• Next click on Open uninstall manager.
• Press the Save list button. It will open a Notepad file.
• Save the file to your desktop, with the default name of uninstall_list
• Copy & Paste the entire contents of that file in your in your next post.

Please post a new HijackThis log, along with the Uninstall list. Also, please answer the questions above.

merrylegs

I *was* having a system crash when running Ad-Aware, but I think I fixed that after scouring this forum.

And, I'm using Norman Virus Control, but I've just reaslied that I'm not sure whether it comes with a firewall or not.

uninstall_list:
Ad-Aware SE Personal
Adobe Acrobat 6.0 Professional
Adobe Flash Player 9 ActiveX
Adobe Photoshop CS
Agere Systems HDA Modem
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
Broadcom Gigabit Ethernet
BSPlayer
CCleaner (remove only)
Chopper XP 2.7
dBpowerAMP Music Converter
DivX Codec
DVD Region+CSS Free 5.9.8.1
Fingerprint Sensor Minimum Install
FlashFXP v3
FlashGet(JetCar)
FLV Player 1.3.3
Fujitsu Display Manager
Fujitsu Hardware Diagnostics Tool
Fujitsu Hotkey Utility
Fujitsu System Extension Utility
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
IrfanView (remove only)
iTunes
K-Lite Codec Pack 2.76 Standard
LifeBook Application Panel
ListMaker Full
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
mCore
mDriver
mDrWiFi
mEoU.msi
mHelp
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2)
mIWA
mIWCA
mLogView
mMHouse
Mozilla Firefox (1.5.0.7)
Mozilla Thunderbird (1.5.0.7)
mPfMgr
mPfWiz
mProSafe
mWlsSafe
mXML
mZConfig
NetXfer 2.22.331
Norman Virus Control
O2Micro Flash Memory Card Windows Driver
OmniPass
PowerDVD
QuickTime
RealPlayer
Realtek High Definition Audio Driver
SDP Downloader
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Sonic DLA
Sonic RecordNow!
Spybot - Search & Destroy 1.4
SUPER © Version 2006.19 (FIX)
Synaptics Pointing Device Driver
TMPGEnc 3.0 XPress
TMPGEnc Plus 2.5
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update Navi V1.1L46
URL Snooper v2.13.04
Viewpoint Media Player
WavePad Uninstall
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinPcap 3.1
WinRAR archiver
WinZip
Yahoo! Messenger

Annnddd. Manchester United!

Trogan

I think Norman is an Anti-Virus only, so lets get you a Firewall. Please download one from the list below - They are Free!

Zone Alarm << I recommend this
Sunbelt Kerio PF
Outpost Firewall

=====

Uninstall the following from Add/Remove programs:

Viewpoint Media Player

=====

Please do an online scan with Panda ActiveScan

- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the Panda scan report, along with a new HijackThis Log

merrylegs

Doesn't Zone Alarm have problems, though? I know Norman does have some sort of internet protection thing, and it has run fine for the past year with the Windows firewall. Should I give the others a go?

Trogan

I don't think Zone Alarm has any problems...well, not that I know of and I am using it too. I havn't tried the others, but you can give them a go and see how you like them. Make sure you disable Windows Firewall after.

merrylegs

I've heard that it causes problems with many other softwares.. lol. Oh well. I'm downloading updates for the Panda ActiveScan now. I'll just let it run over dinner and post the log after.

Trogan

I'll be here when your ready.

merrylegs

Thank you so much for all your help! And oh, is it normal to have two occurances of Windows Media Encoder 9 Series, Windows Media Format 11 runtime and Windows Media Player 11?

Trogan

Yes it normal!

merrylegs

Active Scan log:


Incident Status Location

Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Buzztone Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[www.buzztone.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.2o7.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.spylog.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.com.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.did-it.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.gostats.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.tucows.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[.zedo.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[server.iad.liveperson.net/hc/53320982]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt[www.myaffiliateprogram.com/]

merrylegs

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:07:39 PM, on 9/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Norman\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\Program Files\Norman\bin\ZLH.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\unbreakable\Desktop\Programs\hijackthis\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pc-ap.fujitsu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pc-ap.fujitsu.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DispSwitchLauncher] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157670051523
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

NVC also keeps informing me that it's found this trogan: dialer.alwj. Any idea what it is? Google hasn't thrown up anything useful.

Trogan

Hi merrylegs, can you tell me the location of the file Norman found please? Let me know in your next post.

I still don't see a Firewall installed. If you are happy with Windows Firewall, then you can carry on using it, but please note that it only blocks incoming traffic and not outgoing.

Panda found Cookies, which are generally harmless. Doing the following should remove them:

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!

Double-click ATF Cleaner.exe to open it.

Under Main select the following:

[*]Windows Temp
[*]Current User Temp
[*]All Users Temp
[*]Cookies
[*]Temporary Internet Files
[*]Prefetch
[*]Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

=====

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)

• Scan Options:

Scan Archives
Scan Mail Bases

[*]Click OK
[*]Now under select a target to scan:

Select

My Computer

[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.

• Now click on the Save as Text button:

[*]Save the file to your desktop.

Please post the Kaspersky log, along with a new HijackThis log. Also, let me know about Norman.

merrylegs

In most instances, it's found in C:\Documents and Settings\unbreakable\Local Settings\Temporary Internet Files\Content.IE5\_________, though once it was found in C:\WINDOWS\Temp. NVC moved them to quarantine.

I think I'll stick with the Windows firewall for now, but I might try some other one later on. Is it detrimental to only have it block incoming traffic?

Trogan

Blocking incoming traffic is very important, because anything malicious that attempts to get onto your computer will be blocked. Windows Firewall should be activated if there is no other Firewall presented, however, people have questioned if it is good at doing its job.

The Firewalls I listed block incoming and outgoing traffic, and provide better protection than Windows Firewall.

merrylegs

I supposed I should have phrased it differently... is it important to have outgoing content filtered?

Kaspersky log:

---

KASPERSKY ONLINE SCANNER REPORT
Saturday, September 23, 2006 11:48:54 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/09/2006
Kaspersky Anti-Virus database records: 210950

---

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 82873
Number of viruses found: 3
Number of infected objects: 20 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:51:14

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cert8.db Object is locked skipped
C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\flashgot.log Object is locked skipped
C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\history.dat Object is locked skipped
C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\key3.db Object is locked skipped
C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\parent.lock Object is locked skipped
C:\Documents and Settings\unbreakable\Application Data\Thunderbird\Profiles\9d8fmo6i.default\Mail\Local Folders\Inbox.sbd\Bittersweet Delight/[From "britwebber15@yahoo.com" <britwebber15@yahoo.com>][Date Sun, 30 Oct 2005 08:19:01 -0800 (PST)]/text/[From "symmetriax@hotmail.com" <symmetriax@hotmail.com>][Date Thu, 15 Dec 2005 08:42:24 -0800 (PST)]/text/[From "saida-karim@hotmail.com" <saida-karim@hotmail.com>][Date Tue, 24 Jan 2006 20:30:03 -0800 (PST)]/text/[From "Amira Karim Basturk" <saida-karim@hotmail.com>][Date Wed, ... ... /[From "bsbd ... /[From bittersweet.delight@gmail.com][Date Sat, 15 Feb 2003 03:42: ... /message.exe Infected: Net-Worm.Win32.Mytob.u skipped
C:\Documents and Settings\unbreakable\Application Data\Thunderbird\Profiles\9d8fmo6i.default\Mail\Local Folders\Inbox.sbd\Bittersweet Delight/[From "britwebber15@yahoo.com" <britwebber15@yahoo.com>][Date Sun, 30 Oct 2005 08:19:01 -0800 (PST)]/text/[From "symmetriax@hotmail.com" <symmetriax@hotmail.com>][Date Thu, 15 Dec 2005 08:42:24 -0800 (PST)]/text/[From "saida-karim@hotmail.com" <saida-karim@hotmail.com>][Date Tue, 24 Jan 2006 20:30:03 -0800 (PST)]/text/[From "Amira Karim Basturk" <saida-karim@hotmail.com>][Date Wed, ... ... /[From "bsbd ... /[From bittersweet.delight@gmail.com][Date Sat, 15 Feb 2003 03:42:09 +0800]/UNNAMED Infected: Net-Worm.Win32.Mytob.u skipped
C:\Documents and Settings\unbreakable\Application Data\Thunderbird\Profiles\9d8fmo6i.default\Mail\Local Folders\Inbox.sbd\Bittersweet Delight/[From "britwebber15@yahoo.com" <britwebber15@yahoo.com>][Date Sun, 30 Oct 2005 08:19:01 -0800 (PST)]/text/[From "symmetriax@hotmail.com" <symmetriax@hotmail.com>][Date Thu, 15 Dec 2005 08:42:24 -0800 (PST)]/text/[From "saida-karim@hotmail.com" <saida-karim@hotmail.com>][Date Tue, 24 Jan 2006 20:30:03 -0800 (PST)]/text/[From "Amira Karim Basturk" <saida-karim@hotmail.com>][Date Wed, ... ... /[From "bsbduck@hotmail.com" <bsbduck@hotmail.com>][Date Fri, 25 Aug 2006 06:54:33 -0700 (PDT)]/text Infected: Net-Worm.Win32.Mytob.u skipped
C:\Documents and Settings\unbreakable\Application Data\Thunderbird\Profiles\9d8fmo6i.default\Mail\Local Folders\Inbox.sbd\Bittersweet Delight/[From "britwebber15@yahoo.com" <britwebber15@yahoo.com>][Date Sun, 30 Oct 2005 08:19:01 -0800 (PST)]/text/[From "symmetriax@hotmail.com" <symmetriax@hotmail.com>][Date Thu, 15 Dec 2005 08:42:24 -0800 (PST)]/text/[From "saida-karim@hotmail.com" <saida-karim@hotmail.com>][Date Tue, 24 Jan 2006 20:30:03 -0800 (PST)]/text/[From "Amira Karim Basturk" <saida-karim@hotmail.com>][Date Wed, ... /[From "mi ... /[From "~ crislyn ~" <cbarnuevo@gmail.com>][Date Fri, 25 Aug 2006 04:49:04 +0800]/UNNAMED Infected: Net-Worm.Win32.Mytob.u skipped
C:\Documents and Settings\unbreakable\Application Data\Thunderbird\Profiles\9d8fmo6i.default\Mail\Local Folders\Inbox.sbd\Bittersweet Delight/[From "britwebber15@yahoo.com" <britwebber15@yahoo.com>][Date Sun, 30 Oct 2005 08:19:01 -0800 (PST)]/text/[From "symmetriax@hotmail.com" <symmetriax@hotmail.com>][Date Thu, 15 Dec 2005 08:42:24 -0800 (PST)]/text/[From "saida-karim@hotmail.com" <saida-karim@hotmail.com>][Date Tue, 24 Jan 2006 20:30:03 -0800 (PST)]/text/[From "Amira Karim Basturk" <saida-karim@hotmail.com>][Date Wed, ... /[From "misha_bsb@ ... /[From stronger@lonelytears.com][Date Thu, 3 Aug 2006 12:52:21 +0200 (CEST)]/text Infected: Net-Worm.Win32.Mytob.u skipped
C:\Documents and Settings\unbreakable\Application Data\Thunderbird\Profiles\9d8fmo6i.default\Mail\Local Folders\Inbox.sbd\Bittersweet Delight/[From "britwebber15@yahoo.com" <britwebber15@yahoo.com>][Date Sun, 30 Oct 2005 08:19:01 -0800 (PST)]/text/[From "symmetriax@hotmail.com" <symmetriax@hotmail.com>][Date Thu, 15 Dec 2005 08:42:24 -0800 (PST)]/text/[From "saida-karim@hotmail.com" <saida-karim@hotmail.com>][Date Tue, 24 Jan 2006 20:30:03 -0800 (PST)]/text/[From "Amira Karim Basturk" <saida-karim@hotmail.com>][Date Wed, ... /[From "misha_bsb@hotmail.com" <misha_bsb@hotmail.com>][Date Tue, 1 Aug 2006 02:25:59 -0700 (PDT)]/text Infected: Net-Worm.Win32.Mytob.u skipped
C:\Documents and Settings\unbreakable\Application Data\Thunderbird\Profiles\9d8fmo6i.default\Mail\Local Folders\Inbox.sbd\Bittersweet Delight/[From "britwebber15@yahoo.com" <britwebber15@yahoo.com>][Date Sun, 30 Oct 2005 08:19:01 -0800 (PST)]/text/[From "symmetriax@hotmail.com" <symmetriax@hotmail.com>][Date Thu, 15 Dec 2005 08:42:24 -0800 (PST)]/text/[From "saida-karim@hotmail.com" <saida-karim@hotmail.com>][Date Tue, 24 Jan 2006 20:30:03 -0800 (PST)]/text/[From "Amira Karim Basturk" <saida-karim@hotmail.com>][Date Wed, 25 Ja ... /[Fro ... /[From "fran@gulla.de" <fran@gulla.de>][Date Tue, 23 May 2006 10:59:56 -0700 (PDT)]/text Infected: Net-Worm.Win32.Mytob.u skipped
C:\Documents and Settings\unbreakable\Application Data\Thunderbird\Profiles\9d8fmo6i.default\Mail\Local Folders\Inbox.sbd\Bittersweet Delight/[From "britwebber15@yahoo.com" <britwebber15@yahoo.com>][Date Sun, 30 Oct 2005 08:19:01 -0800 (PST)]/text/[From "symmetriax@hotmail.com" <symmetriax@hotmail.com>][Date Thu, 15 Dec 2005 08:42:24 -0800 (PST)]/text/[From "saida-karim@hotmail.com" <saida-karim@hotmail.com>][Date Tue, 24 Jan 2006 20:30:03 -0800 (PST)]/text/[From "Amira Karim Basturk" <saida-karim@hotmail.com>][Date Wed, 25 Ja ... /[From "KRO" <webm ... /[From sarah@one-voice.net][Date Sun, 9 Apr 2006 07:25:56 -0400 (EDT)]/text Infected: Net-Worm.Win32.Mytob.u skipped
C:\Documents and Settings\unbreakable\Application Data\Thunderbird\Profiles\9d8fmo6i.default\Mail\Local Folders\Inbox.sbd\Bittersweet Delight/[From "britwebber15@yahoo.com" <britwebber15@yahoo.com>][Date Sun, 30 Oct 2005 08:19:01 -0800 (PST)]/text/[From "symmetriax@hotmail.com" <symmetriax@hotmail.com>][Date Thu, 15 Dec 2005 08:42:24 -0800 (PST)]/text/[From "saida-karim@hotmail.com" <saida-karim@hotmail.com>][Date Tue, 24 Jan 2006 20:30:03 -0800 (PST)]/text/[From "Amira Karim Basturk" <saida-karim@hotmail.com>][Date Wed, 25 Ja ... /[From "KRO" <webmaster@kristinrichardsononline.net>][Date Mon, 3 Apr 2006 19:04:49 +0200]/UNNAMED Infected: Net-Worm.Win32.Mytob.u skipped
C:\Documents and Settings\unbreakable\Application Data\Thunderbird\Profiles\9d8fmo6i.default\Mail\Local Folders\Inbox.sbd\Bittersweet Delight/[From "britwebber15@yahoo.com" <britwebber15@yahoo.com>][Date Sun, 30 Oct 2005 08:19:01 -0800 (PST)]/text/[From "symmetriax@hotmail.com" <symmetriax@hotmail.com>][Date Thu, 15 Dec 2005 08:42:24 -0800 (PST)]/text/[From "saida-karim@hotmail.com" <saida-karim@hotmail.com>][Date Tue, 24 Jan 2006 20:30:03 -0800 (PST)]/text/[From "Amira Karim Basturk" <saida-karim@hotmail.com>][Date Wed, 25 Jan 2006 17:24:40 +0000]/html/[From <lena0111@nana.co.il>][Date Mon, 27 Mar 2006 07:58:16 +0200]/UNNAMED Infected: Net-Worm.Win32.Mytob.u skipped
C:\Documents and Settings\unbreakable\Application Data\Thunderbird\Profiles\9d8fmo6i.default\Mail\Local Folders\Inbox.sbd\Bittersweet Delight/[From "britwebber15@yahoo.com" <britwebber15@yahoo.com>][Date Sun, 30 Oct 2005 08:19:01 -0800 (PST)]/text/[From "symmetriax@hotmail.com" <symmetriax@hotmail.com>][Date Thu, 15 Dec 2005 08:42:24 -0800 (PST)]/text/[From "saida-karim@hotmail.com" <saida-karim@hotmail.com>][Date Tue, 24 Jan 2006 20:30:03 -0800 (PST)]/text/[From "Amira Karim Basturk" <saida-karim@hotmail.com>][Date Wed, 25 Jan 2006 17:24:40 +0000]/html Infected: Net-Worm.Win32.Mytob.u skipped
C:\Documents and Settings\unbreakable\Application Data\Thunderbird\Profiles\9d8fmo6i.default\Mail\Local Folders\Inbox.sbd\Bittersweet Delight/[From "britwebber15@yahoo.com" <britwebber15@yahoo.com>][Date Sun, 30 Oct 2005 08:19:01 -0800 (PST)]/text/[From "symmetriax@hotmail.com" <symmetriax@hotmail.com>][Date Thu, 15 Dec 2005 08:42:24 -0800 (PST)]/text/[From "saida-karim@hotmail.com" <saida-karim@hotmail.com>][Date Tue, 24 Jan 2006 20:30:03 -0800 (PST)]/text Infected: Net-Worm.Win32.Mytob.u skipped
C:\Documents and Settings\unbreakable\Application Data\Thunderbird\Profiles\9d8fmo6i.default\Mail\Local Folders\Inbox.sbd\Bittersweet Delight/[From "britwebber15@yahoo.com" <britwebber15@yahoo.com>][Date Sun, 30 Oct 2005 08:19:01 -0800 (PST)]/text/[From "symmetriax@hotmail.com" <symmetriax@hotmail.com>][Date Thu, 15 Dec 2005 08:42:24 -0800 (PST)]/text Infected: Net-Worm.Win32.Mytob.u skipped
C:\Documents and Settings\unbreakable\Application Data\Thunderbird\Profiles\9d8fmo6i.default\Mail\Local Folders\Inbox.sbd\Bittersweet Delight/[From "britwebber15@yahoo.com" <britwebber15@yahoo.com>][Date Sun, 30 Oct 2005 08:19:01 -0800 (PST)]/text Infected: Net-Worm.Win32.Mytob.u skipped
C:\Documents and Settings\unbreakable\Application Data\Thunderbird\Profiles\9d8fmo6i.default\Mail\Local Folders\Inbox.sbd\Bittersweet Delight Mail Berkeley mbox: infected - 14 skipped
C:\Documents and Settings\unbreakable\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\unbreakable\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\unbreakable\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\unbreakable\Local Settings\Application Data\Microsoft\Windows Live Contacts\trashed_emotions@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\unbreakable\Local Settings\Application Data\Microsoft\Windows Live Contacts\trashed_emotions@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\unbreakable\Local Settings\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\unbreakable\Local Settings\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\unbreakable\Local Settings\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\unbreakable\Local Settings\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\unbreakable\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\unbreakable\Local Settings\History\History.IE5\MSHist012006092320060924\index.dat Object is locked skipped
C:\Documents and Settings\unbreakable\Local Settings\Temp\~DF3114.tmp Object is locked skipped
C:\Documents and Settings\unbreakable\Local Settings\Temp\~DF3139.tmp Object is locked skipped
C:\Documents and Settings\unbreakable\Local Settings\Temp\~DF74CD.tmp Object is locked skipped
C:\Documents and Settings\unbreakable\Local Settings\Temp\~DF74F1.tmp Object is locked skipped
C:\Documents and Settings\unbreakable\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\unbreakable\ntuser.dat Object is locked skipped
C:\Documents and Settings\unbreakable\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Softex\OmniPass\btype0.dat Object is locked skipped
C:\Program Files\Softex\OmniPass\btype2.dat Object is locked skipped
C:\Program Files\Softex\OmniPass\btype256.dat Object is locked skipped
C:\Program Files\Softex\OmniPass\btype259.dat Object is locked skipped
C:\Program Files\Softex\OmniPass\btype3.dat Object is locked skipped
C:\Program Files\Softex\OmniPass\btype4.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{191EFAE2-F01C-4319-8B8E-CA26F4907F8D}\RP32\A0004226.dll Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{191EFAE2-F01C-4319-8B8E-CA26F4907F8D}\RP32\A0004244.ini Object is locked skipped
C:\System Volume Information\_restore{191EFAE2-F01C-4319-8B8E-CA26F4907F8D}\RP32\change.log Object is locked skipped
C:\VundoFix Backups\winstr32.dll.bad Infected: Packed.Win32.Klone.g skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Help\Ipv6.chm Object is locked skipped
C:\WINDOWS\I386\NTDSBCLI.DL_ Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\dllcache\mrinfo.exe Object is locked skipped
C:\WINDOWS\system32\oobe\error\toobusy.htm Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Backstreet Videos\2006\Never Gone Tour 2006\2006-01-28 - Entertainment Centre, Brisbane, Australia\2006-01-28 - Brisbane - I'll Never Break Your Heart (Lauren).wmv Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{191EFAE2-F01C-4319-8B8E-CA26F4907F8D}\RP32\change.log Object is locked skipped

Scan process completed.

merrylegs

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:52:19 PM, on 9/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Norman\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\Program Files\Norman\bin\ZLH.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\unbreakable\Desktop\Programs\hijackthis\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pc-ap.fujitsu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pc-ap.fujitsu.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DispSwitchLauncher] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157670051523
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

Trogan

I supposed I should have phrased it differently... is it important to have outgoing content filtered?

Well, yes! Outgoing traffic is anything on your PC that tries to connect to the internet such as chat programs, anti-virus + firewall programs, but more important blocks that malicious file that trys to do something bad to your computer by getting access to the internet.

=====

Can I get you to run this scan please:

You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode!

Please download Ewido to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

• Install Ewido by double clicking the installer.
• Follow the prompts. Make sure that Launch Ewido is checked.
• On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.
    Note: If the Update now option is grayed out, follow the steps below.
    • Click on Update on the toolbar.
    • Under Manual update, click on the Start Update button.
    • Wait until you see the Update succesfull message.
• Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.

Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

Once in Safe Mode:

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.

• Click on Scanner on the toolbar.
• Click on the Settings tab.
  • Under How to act?
    • Click on Recommended Action and choose Quarantine from the popup menu.
  • Under How to scan?
    • All checkboxes should be ticked.
  • Under Possibly unwanted software:
    • All checkboxes should be ticked.
  • Under Reports:
    • Select Automatically generate report after every scan and uncheck Only if threats were found.
  • Under What to scan?
    • Select Scan every file.
• Click on the Scan tab.
• Click on Complete System Scan to start the scan process.
• Let the program scan the machine.
• When the scan has finished, follow the instructions below.
  IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
  • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button. (3)
    
• When done, click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
• Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.

Reboot back into Normal Mode, and post a new HJT log, along with the Ewido log.

merrylegs

---

ewido anti-spyware - Scan Report

---

+ Created at: 10:37:30 AM 9/24/2006

+ Scan result:



:mozilla.322:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.302:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.377:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.270:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.273:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.274:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.275:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.184:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.185:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.338:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.339:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.140:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.141:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.240:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.399:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.335:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.336:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.337:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.355:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.356:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.357:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.358:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.235:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.236:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.497:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
:mozilla.846:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.847:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.820:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.234:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.934:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
:mozilla.231:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.232:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.233:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.621:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.214:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.215:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.216:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.217:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.633:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.634:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.662:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.439:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.440:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.296:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.297:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.298:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.299:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.300:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.374:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.313:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
:mozilla.243:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.244:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.245:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.246:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.247:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.248:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.249:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.250:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.251:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.252:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.253:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.254:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.255:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.256:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.257:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.258:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.259:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.260:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.261:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.262:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.264:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.696:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.697:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.698:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.699:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.716:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup (quarantined).
:mozilla.142:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.220:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.221:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.222:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.223:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.224:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.225:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.738:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.85:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.780:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.781:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.782:C:\Documents and Settings\unbreakable\Application Data\Mozilla\Firefox\Profiles\k064hqq9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\VundoFix Backups\winstr32.dll.bad -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

merrylegs

Logfile of HijackThis v1.99.1
Scan saved at 11:04:39 AM, on 9/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ewido\guard.exe
C:\Program Files\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\Program Files\Norman\bin\ZLH.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ewido\ewido.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\unbreakable\Desktop\Programs\hijackthis\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pc-ap.fujitsu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pc-ap.fujitsu.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DispSwitchLauncher] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\Ewido\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157670051523
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\Ewido\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

Trogan

Your log is clean. How are things?

merrylegs

Working fine. Thanks for all the help!

Trogan

Your welcome!

I'll mark this resolved.