Ran Ad-Aware, SpyBot, Kaspersky, Panda, HiJack This

Unknown
edited December 2007 in Spyware & Virus Removal
I'm mainly having a problem with Internet Explorer pop-ups. I also have some problems when I actually start up my computer.

I tried posting with the Panda, Kaspersky and HiJack This logs but it said my post was too long so I took out the Panda log. Let me know if you need it.

Kaspersky:
KASPERSKY ONLINE SCANNER REPORT
Friday, November 23, 2007 10:37:27 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/11/2007
Kaspersky Anti-Virus database records: 464783

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
K:\
L:\
M:\
N:\
O:\
P:\

Scan Statistics:
Total number of scanned objects: 122868
Number of viruses found: 27
Number of infected objects: 79
Number of suspicious objects: 0
Duration of the scan process: 01:51:01

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Documents\kaspersky 6.0.2.614en +++working key till 2008 +++.rar/Kav6.02 Setup.exe/nzm.exe Infected: Backdoor.Win32.Rbot.byg skipped
C:\Documents and Settings\All Users\Documents\kaspersky 6.0.2.614en +++working key till 2008 +++.rar/Kav6.02 Setup.exe Infected: Backdoor.Win32.Rbot.byg skipped
C:\Documents and Settings\All Users\Documents\kaspersky 6.0.2.614en +++working key till 2008 +++.rar RAR: infected - 2 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iw2camh9.Default User\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iw2camh9.Default User\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iw2camh9.Default User\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iw2camh9.Default User\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iw2camh9.Default User\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iw2camh9.Default User\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\log\plugin142.trace Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\iw2camh9.Default User\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\iw2camh9.Default User\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\iw2camh9.Default User\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\iw2camh9.Default User\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\Jukebox\Portables.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\gos1DA.tmp Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\Owner\Local Settings\Temp\hsperfdata_Owner\1824 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\JET3B98.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\k11u78.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bto skipped
C:\Documents and Settings\Owner\Local Settings\Temp\k11u78.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Owner\Local Settings\Temp\stany.exe Infected: Trojan-Dropper.Win32.Agent.chq skipped
C:\Documents and Settings\Owner\Local Settings\Temp\win1CE.tmp.exe Infected: not-virus:Hoax.Win32.Renos.hx skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8XMJSX6J\17PHolmes[1].cmt Infected: Trojan-Downloader.Win32.Agent.fhv skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8XMJSX6J\17PHolmes[2].cmt Infected: Trojan-Downloader.Win32.Agent.fhv skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8XMJSX6J\image18[1].gif Infected: not-virus:Hoax.Win32.Renos.hx skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8XMJSX6J\k11u78[1].exe/data0006 Infected: Trojan-Downloader.Win32.VB.bto skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8XMJSX6J\k11u78[1].exe NSIS: infected - 1 skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8XMJSX6J\stany[1].exe Infected: Trojan-Dropper.Win32.Agent.chq skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HT7A3CSY\image2[1].gif Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZH5Z20F0\image27[1].gif Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZH5Z20F0\setup[1].htm Infected: Trojan-Downloader.HTML.Agent.ao skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZH5Z20F0\Ventilation-Direct[1].htm Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Music\The Sims 2 - University\Sims2 University.exe/username.exe Infected: Trojan-Downloader.Win32.Small.ya skipped
C:\Documents and Settings\Owner\My Documents\My Music\The Sims 2 - University\Sims2 University.exe/shell32.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
C:\Documents and Settings\Owner\My Documents\My Music\The Sims 2 - University\Sims2 University.exe SetupFactory: infected - 2 skipped
C:\Documents and Settings\Owner\My Documents\setup_ares.exe/data0020/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\Documents and Settings\Owner\My Documents\setup_ares.exe/data0020/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
C:\Documents and Settings\Owner\My Documents\setup_ares.exe/data0020/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Documents and Settings\Owner\My Documents\setup_ares.exe/data0020/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Documents and Settings\Owner\My Documents\setup_ares.exe/data0020/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Documents and Settings\Owner\My Documents\setup_ares.exe/data0020 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Documents and Settings\Owner\My Documents\setup_ares.exe/data0021 Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped
C:\Documents and Settings\Owner\My Documents\setup_ares.exe NSIS: infected - 7 skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Intuit\QuickBooks Point of Sale 4.0\data\My company\qbpos.db Object is locked skipped
C:\Program Files\Intuit\QuickBooks Point of Sale 4.0\data\My company\qbpos.log Object is locked skipped
C:\Program Files\Intuit\QuickBooks Point of Sale 4.0\data\My company\SvrMsgs20071123QBPR YESEL my company.log Object is locked skipped
C:\Program Files\Intuit\QuickBooks Point of Sale 4.0\practice\Al's Sports Hut\qbpos.db Object is locked skipped
C:\Program Files\Intuit\QuickBooks Point of Sale 4.0\practice\Al's Sports Hut\qbpos.log Object is locked skipped
C:\Program Files\Intuit\QuickBooks Point of Sale 4.0\practice\Al's Sports Hut\SvrMsgs20071123QBPP YESEL Al's Sports Hut.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\012F54BB Infected: not-a-virus:AdWare.Win32.Wintol.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\11E74805 Infected: not-a-virus:AdWare.Win32.Wintol.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\1F3F41D4 Infected: not-a-virus:AdWare.Win32.Wintol.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\1F426BD0 Infected: not-a-virus:AdWare.Win32.Wintol.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\22510683 Infected: not-a-virus:AdWare.Win32.Wintol.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\2CC10D44 Infected: not-a-virus:AdWare.Win32.Wintol.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\308B6591 Infected: not-a-virus:AdWare.Win32.Wintol.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\35016328 Infected: not-a-virus:AdWare.Win32.Wintol.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\354C620B Infected: not-a-virus:AdWare.Win32.Wintol.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\3A9B1AF5 Infected: not-a-virus:AdWare.Win32.Wintol.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\4BBE6131 Infected: not-a-virus:AdWare.Win32.Wintol.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F2D36EB Infected: not-a-virus:AdWare.Win32.Wintol.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\52E22771 Infected: not-a-virus:AdWare.Win32.Wintol.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\5EBB3346 Infected: not-a-virus:AdWare.Win32.Wintol.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\601E03B2 Infected: not-a-virus:AdWare.Win32.Wintol.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\6A5D5CAE Infected: not-a-virus:AdWare.Win32.Wintol.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\6E4137BB Infected: not-a-virus:AdWare.Win32.Wintol.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\771A782A Infected: not-a-virus:AdWare.Win32.Wintol.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\780B0AC4 Infected: not-a-virus:AdWare.Win32.Wintol.p skipped
C:\Program Files\Windows TaskAd\WinProject.dll Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
C:\Program Files\Windows TaskAd\WinSched.exe Infected: not-a-virus:AdWare.Win32.WinAD skipped
C:\RECYCLER\S-1-5-21-2463801172-1586169336-1442986866-1003\Dc605.exe/data0008 Infected: not-a-virus:Monitor.Win32.IKL.35 skipped
C:\RECYCLER\S-1-5-21-2463801172-1586169336-1442986866-1003\Dc605.exe/data0009 Infected: not-a-virus:Monitor.Win32.Amplusnet.d skipped
C:\RECYCLER\S-1-5-21-2463801172-1586169336-1442986866-1003\Dc605.exe/data0011 Infected: not-a-virus:Monitor.Win32.IKL.35 skipped
C:\RECYCLER\S-1-5-21-2463801172-1586169336-1442986866-1003\Dc605.exe NSIS: infected - 3 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1218\A0036744.exe Infected: Trojan-Downloader.Win32.VB.bto skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1218\A0036748.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1218\A0036757.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1219\A0036983.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1220\A0036994.exe Infected: not-a-virus:Monitor.Win32.IKL.35 skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1220\A0036995.exe Infected: not-a-virus:Monitor.Win32.IKL.35 skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1220\A0036997.exe Infected: not-a-virus:Monitor.Win32.Amplusnet.d skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1220\A0037003.exe Infected: Trojan-Downloader.Win32.Agent.fhv skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1220\A0037004.exe Infected: not-virus:Hoax.Win32.Renos.hx skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1220\A0037022.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1220\A0037024.dll Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1220\A0037026.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1220\A0037028.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1221\A0037053.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1221\A0037054.dll Infected: Trojan-Downloader.Win32.Small.gkh skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1221\A0037067.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1221\A0037068.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1221\A0037069.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1221\A0037070.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1222\A0037074.dll Infected: Trojan-Downloader.Win32.Small.gkh skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1222\A0037099.exe Infected: Trojan-Downloader.Win32.Small.gll skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1222\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\mrofinu1000106.exe Infected: Trojan-Downloader.Win32.Agent.fhv skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{61CA4FD0-D639-4566-98D5-079D51800325}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\core.cache.dsk Object is locked skipped
C:\WINDOWS\system32\drivers\core.sys Object is locked skipped
C:\WINDOWS\system32\jkkigfd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apx skipped
C:\WINDOWS\system32\ldcore.dll Infected: Trojan-Downloader.Win32.Small.gkh skipped
C:\WINDOWS\system32\mj45j73n.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINDOWS\system32\shell32.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\asat0000.tmp Object is locked skipped
C:\WINDOWS\Temp\asat0001.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1222\change.log Object is locked skipped

Scan process completed.


HiJack This:
Logfile of HijackThis v1.99.1
Scan saved at 10:40:26 PM, on 11/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Cool\X_cool.exe
C:\Program Files\HiJackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{DF-FB-B9-92-ZN}] C:\Documents and Settings\Owner\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [zadedwrk] rundll32.exe "C:\Program Files\pmhmfity\ngrenohw.dll",Init
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Cool - Auto Update.lnk = C:\Program Files\Cool\cool.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\T0CHD001.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\System32\QBPOSProtocol.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: QBPOS Database Manager (QBPOSDBServices) - Intuit Inc. - C:\Program Files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

I appreciate all your help!

Comments

  • chryssi2001chryssi2001 far away
    edited November 2007
    Hello PalBoat,

    I apologise for the delay.
    If you still need help please following the steps below and post a new HijackThis log in this thread.

    There is some infection hiding in your log.
    Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to: C:\Program Files\HijackThis\HijackThis.exe

    Right-click on HijackThis.exe & select Rename to scanner.exe and post back a new Hijackthis log.
  • TroganTrogan London, UK
    edited December 2007
    Whilst we appreciate that you may be busy, it has been 7 days or more since we heard from you. This topic is now closed.

    Infections can change and fresh instructions will now need to be given. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

    If you are not the user who started this thread, you must start your own Thread instead (grin)
This discussion has been closed.