Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Wanted!


  • Please log in to reply
10 replies to this topic

#1 imef2k

imef2k

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 13 January 2007 - 07:18 AM

Hi,
I have run both Ad-Aware SE & Spybot Search & Destroy, but both report a clean computer.

Every now and again my IE browser pops up a web page (always an indecent site!). Very worrying as my kids use the computer most of the time.

I also get a popup window trying to dial-up on my modem which fortunately isn't connected as I use DSL.

I have sometimes seen a progam named "it_01311.exe" or something like that running in Task Manager when I get the problem.

Norton Antivirus shows me Virus Alerts after it says it has successfully removed a "Downloader" and "Backdoor.Rustock.B" virus nearly everyday!

My Hijack log is shown below. Please Help!

====================================================================

Logfile of HijackThis v1.99.1
Scan saved at 11:57:42, on 13/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\winsys.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\AOL 7.0\aoltray.exe
C:\Program Files\BT Voyager\BT Voyager Wireless\WLM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\palmOne\Hotsync.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\temp\HijackThis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: BT Voyager Wireless Utility.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://mia.bt.com/dana-cached/setup/JuniperSetupSP1.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



=====================================================================

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 13 January 2007 - 01:37 PM

1 Download this file :

http://download.bleepingcomputer.com/sUBs/...aB/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall


========================
Download Superantispyware

http://www.superantispyware.com/superantis...efreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 imef2k

imef2k
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 14 January 2007 - 10:51 AM

1 Download this file :

http://download.bleepingcomputer.com/sUBs/...aB/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall


========================
Download Superantispyware

http://www.superantispyware.com/superantis...efreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.



My Combofix log is shown below:

=====================================================================
"james" - 07-01-14 12:18:02 Service Pack 1
ComboFix 07-01-14.2 - Running from: "C:\temp"

((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))


2007-01-13 16:17 <DIR> d-------- C:\Program Files\quicksnooker
2007-01-13 10:14 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-02 21:02 12,288 --a------ C:\WINDOWS\winsys.exe
2006-12-22 22:20 29,696 --------- C:\WINDOWS\SYSTEM32\DRIVERS\rndismpx.sys
2006-12-22 22:20 12,032 --------- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023x.sys
2006-12-22 21:39 <DIR> d-------- C:\Program Files\TomTom HOME
2006-12-17 18:44 <DIR> d-------- C:\DOCUME~1\james\Application Data\Ulead Systems
2006-12-17 18:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Ulead Systems


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-14 12:06 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-13 10:14 -------- d-------- C:\DOCUME~1\james\Application Data\lavasoft
2007-01-05 19:28 28672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys
2006-12-23 09:31 2508 --a------ C:\DOCUME~1\james\Application Data\$_hpcst$.hpc
2006-12-22 22:20 -------- d-------- C:\Program Files\microsoft activesync
2006-12-22 21:39 -------- d--h----- C:\Program Files\installshield installation information
2006-12-22 15:59 -------- d---s---- C:\DOCUME~1\james\Application Data\microsoft
2006-12-09 19:27 48040 --a------ C:\DOCUME~1\james\Application Data\gdipfontcachev1.dat
2006-12-02 10:28 -------- d-------- C:\Program Files\ea sports


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"DwlClient"="C:\\Program Files\\Common Files\\Dell\\EUSW\\Support.exe"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"nwiz"="nwiz.exe /install"
"MsgCenterExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\RealOneMessageCenter.exe\" -osboot"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"TomTomHOME.exe"="\"C:\\Program Files\\TomTom HOME\\TomTomHOME.exe\" -s"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"1"="C:\\WINDOWS\\winsys.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.bodybuilding.com/fun/christina2abig.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ http://www.pepsi.co.uk/thefa/images/pagete...ontent_tile.gif

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source REG_SZ http://www.pepsi.co.uk/thefa/images/downlo...footy_thumb.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source REG_SZ http://www.pepsi.co.uk/images/navigation/back_tile.gif

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job

Completion time: 07-01-14 12:27:12

=====================================================================

My Hijackthis Log afer ComboFix run is shown below :
=====================================================================
Logfile of HijackThis v1.99.1
Scan saved at 12:31:22, on 14/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\winsys.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\AOL 7.0\aoltray.exe
C:\Program Files\BT Voyager\BT Voyager Wireless\WLM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\palmOne\Hotsync.exe
C:\temp\HijackThis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: BT Voyager Wireless Utility.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://mia.bt.com/dana-cached/setup/JuniperSetupSP1.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


=====================================================================

My SuperAntiSpyware log is below:
=====================================================================
SUPERAntiSpyware Scan Log
Generated 01/14/2007 at 02:32 PM

Application Version : 3.4.1000

Core Rules Database Version : 3164
Trace Rules Database Version: 1176

Scan type : Complete Scan
Total Scan Time : 01:38:20

Memory items scanned : 389
Memory threats detected : 0
Registry items scanned : 5133
Registry threats detected : 0
File items scanned : 104606
File threats detected : 229

Adware.Tracking Cookie
C:\Documents and Settings\james\Cookies\james@toplist[1].txt
C:\Documents and Settings\james\Cookies\james@www.mlclick[1].txt
C:\Documents and Settings\james\Cookies\james@ad.zanox[1].txt
C:\Documents and Settings\james\Cookies\james@Sport_Football[1].txt
C:\Documents and Settings\james\Cookies\james@cgi-bin[9].txt
C:\Documents and Settings\james\Cookies\james@tradedoubler[1].txt
C:\Documents and Settings\james\Cookies\james@2o7[1].txt
C:\Documents and Settings\james\Cookies\james@www.screensavers[1].txt
C:\Documents and Settings\james\Cookies\james@c5[1].txt
C:\Documents and Settings\james\Cookies\james@m1.webstats4u[2].txt
C:\Documents and Settings\james\Cookies\james@www.burstnet[2].txt
C:\Documents and Settings\james\Cookies\james@mb[5].txt
C:\Documents and Settings\james\Cookies\james@data2.perf.overture[2].txt
C:\Documents and Settings\james\Cookies\james@doubleclick[1].txt
C:\Documents and Settings\james\Cookies\james@drivecleaner[2].txt
C:\Documents and Settings\james\Cookies\james@interclick[1].txt
C:\Documents and Settings\james\Cookies\james@statcounter[2].txt
C:\Documents and Settings\james\Cookies\james@adopt.euroclick[1].txt
C:\Documents and Settings\james\Cookies\james@roiservice[2].txt
C:\Documents and Settings\james\Cookies\james@hitbox[2].txt
C:\Documents and Settings\james\Cookies\james@ads.cartoonnetwork[1].txt
C:\Documents and Settings\james\Cookies\james@www.vibrantmedia[2].txt
C:\Documents and Settings\james\Cookies\james@a[1].txt
C:\Documents and Settings\james\Cookies\james@try.starware[1].txt
C:\Documents and Settings\james\Cookies\james@fastclick[2].txt
C:\Documents and Settings\james\Cookies\james@adtech[2].txt
C:\Documents and Settings\james\Cookies\james@s[1].txt
C:\Documents and Settings\james\Cookies\james@website[1].txt
C:\Documents and Settings\james\Cookies\james@bannersng.yell[1].txt
C:\Documents and Settings\james\Cookies\james@dealtime[1].txt
C:\Documents and Settings\james\Cookies\james@adrevenue[1].txt
C:\Documents and Settings\james\Cookies\james@adbrite[1].txt
C:\Documents and Settings\james\Cookies\james@kanoodle[1].txt
C:\Documents and Settings\james\Cookies\james@ehg-newegg.hitbox[1].txt
C:\Documents and Settings\james\Cookies\james@mb[3].txt
C:\Documents and Settings\james\Cookies\james@13377361[1].txt
C:\Documents and Settings\james\Cookies\james@atwola[1].txt
C:\Documents and Settings\james\Cookies\james@tacoda[1].txt
C:\Documents and Settings\james\Cookies\james@stat.onestat[2].txt
C:\Documents and Settings\james\Cookies\james@www.jackpotmadness[1].txt
C:\Documents and Settings\james\Cookies\james@ad1.emediate[2].txt
C:\Documents and Settings\james\Cookies\james@cgi-bin[3].txt
C:\Documents and Settings\james\Cookies\james@cts.metricsdirect[1].txt
C:\Documents and Settings\james\Cookies\james@server.cpmstar[1].txt
C:\Documents and Settings\james\Cookies\james@partypoker[2].txt
C:\Documents and Settings\james\Cookies\james@cgi-bin[6].txt
C:\Documents and Settings\james\Cookies\james@burstnet[2].txt
C:\Documents and Settings\james\Cookies\james@cgi-bin[2].txt
C:\Documents and Settings\james\Cookies\james@xiti[1].txt
C:\Documents and Settings\james\Cookies\james@ads.uknetguide.co[2].txt
C:\Documents and Settings\james\Cookies\james@mb[1].txt
C:\Documents and Settings\james\Cookies\james@partner2profit[2].txt
C:\Documents and Settings\james\Cookies\james@rspb[1].txt
C:\Documents and Settings\james\Cookies\james@atdmt[2].txt
C:\Documents and Settings\james\Cookies\james@mediametrics.mpsa[2].txt
C:\Documents and Settings\james\Cookies\james@autocar[1].txt
C:\Documents and Settings\james\Cookies\james@ads.neowin[1].txt
C:\Documents and Settings\james\Cookies\james@www.drivecleaner[1].txt
C:\Documents and Settings\james\Cookies\james@ads.technologyguide[2].txt
C:\Documents and Settings\james\Cookies\james@ads.ims[2].txt
C:\Documents and Settings\james\Cookies\james@r-kimedia.co[1].txt
C:\Documents and Settings\james\Cookies\james@64317882[1].txt
C:\Documents and Settings\james\Cookies\james@54391702[1].txt
C:\Documents and Settings\james\Cookies\james@webstats.thefa[1].txt
C:\Documents and Settings\james\Cookies\james@cgi-bin[7].txt
C:\Documents and Settings\james\Cookies\james@de[1].txt
C:\Documents and Settings\james\Cookies\james@ads.freeonlinegames[1].txt
C:\Documents and Settings\james\Cookies\james@admarketplace[1].txt
C:\Documents and Settings\james\Cookies\james@v7.stats.load[2].txt
C:\Documents and Settings\james\Cookies\james@sales.liveperson[1].txt
C:\Documents and Settings\james\Cookies\james@stats.manticoretechnology[1].txt
C:\Documents and Settings\james\Cookies\james@614779[1].txt
C:\Documents and Settings\james\Cookies\james@hit.stat[1].txt
C:\Documents and Settings\james\Cookies\james@1066674121[1].txt
C:\Documents and Settings\james\Cookies\james@1071197720[1].txt
C:\Documents and Settings\james\Cookies\james@fcstats.bcentral[2].txt
C:\Documents and Settings\james\Cookies\james@tribalfusion[2].txt
C:\Documents and Settings\james\Cookies\james@ad.ent.tbn[1].txt
C:\Documents and Settings\james\Cookies\james@ads.goyk[2].txt
C:\Documents and Settings\james\Cookies\james@tracker.affistats[2].txt
C:\Documents and Settings\james\Cookies\james@advert.runescape[1].txt
C:\Documents and Settings\james\Cookies\james@adopt.specificclick[2].txt
C:\Documents and Settings\james\Cookies\james@stats.drivecleaner[2].txt
C:\Documents and Settings\james\Cookies\james@adv.surinter[2].txt
C:\Documents and Settings\james\Cookies\james@i.screensavers[1].txt
C:\Documents and Settings\james\Cookies\james@h.starware[1].txt
C:\Documents and Settings\james\Cookies\james@image.masterstats[1].txt
C:\Documents and Settings\james\Cookies\james@anat.tacoda[1].txt
C:\Documents and Settings\james\Cookies\james@itxt.vibrantmedia[1].txt
C:\Documents and Settings\james\Cookies\james@adserver.aol[2].txt
C:\Documents and Settings\james\Cookies\james@adverts.digitalspy.co[2].txt
C:\Documents and Settings\james\Cookies\james@smileycentral[2].txt
C:\Documents and Settings\james\Cookies\james@ads.newgrounds[1].txt
C:\Documents and Settings\james\Cookies\james@revsci[2].txt
C:\Documents and Settings\james\Cookies\james@ad.cibleclick[2].txt
C:\Documents and Settings\james\Cookies\james@adecn[1].txt
C:\Documents and Settings\james\Cookies\james@1068980963[1].txt
C:\Documents and Settings\james\Cookies\james@morrisons[1].txt
C:\Documents and Settings\james\Cookies\james@audit.median[1].txt
C:\Documents and Settings\james\Cookies\james@ads.realtechnetwork[2].txt
C:\Documents and Settings\james\Cookies\james@adopt.hbmediapro[2].txt
C:\Documents and Settings\james\Cookies\james@optimost[1].txt
C:\Documents and Settings\james\Cookies\james@cgi-bin[10].txt
C:\Documents and Settings\james\Cookies\james@bizrate[1].txt
C:\Documents and Settings\james\Cookies\james@ads.addesktop[2].txt
C:\Documents and Settings\james\Cookies\james@jokes[1].txt
C:\Documents and Settings\james\Cookies\james@www.clash-media[2].txt
C:\Documents and Settings\james\Cookies\james@112.2o7[2].txt
C:\Documents and Settings\james\Cookies\james@myoffers[1].txt
C:\Documents and Settings\james\Cookies\james@cgi-bin[1].txt
C:\Documents and Settings\james\Cookies\james@www.w3counter[1].txt
C:\Documents and Settings\james\Cookies\james@tracking.dc-storm[1].txt
C:\Documents and Settings\james\Cookies\james@anad.tacoda[1].txt
C:\Documents and Settings\james\Cookies\james@login.tracking101[2].txt
C:\Documents and Settings\james\Cookies\james@www.smartadserver[1].txt
C:\Documents and Settings\james\Cookies\james@tracker.netklix[2].txt
C:\Documents and Settings\james\Cookies\james@nextag.co[1].txt
C:\Documents and Settings\james\Cookies\james@ads.contactmusic[1].txt
C:\Documents and Settings\james\Cookies\james@e-2dj6whkyejcpgdp.stats.esomniture[2].txt
C:\Documents and Settings\james\Cookies\james@mb[2].txt
C:\Documents and Settings\james\Cookies\james@43836137[1].txt
C:\Documents and Settings\james\Cookies\james@cz4.clickzs[2].txt
C:\Documents and Settings\james\Cookies\james@e-2dj6wgkywjd5skq.stats.esomniture[2].txt
C:\Documents and Settings\james\Cookies\james@advertising[1].txt
C:\Documents and Settings\james\Cookies\james@t4.trackalyzer[1].txt
C:\Documents and Settings\james\Cookies\james@cgi-bin[5].txt
C:\Documents and Settings\james\Cookies\james@www.advertisemore[2].txt
C:\Documents and Settings\james\Cookies\james@tracking.webdiversity.co[1].txt
C:\Documents and Settings\james\Cookies\james@ad[1].txt
C:\Documents and Settings\james\Cookies\james@indextools[1].txt
C:\Documents and Settings\james\Cookies\james@countercentral[2].txt
C:\Documents and Settings\james\Cookies\james@ad.adocean[2].txt
C:\Documents and Settings\james\Cookies\james@roi[1].txt
C:\Documents and Settings\james\Cookies\james@thoughtsmedia.us.intellitxt[1].txt
C:\Documents and Settings\james\Cookies\james@dealtime.co[1].txt
C:\Documents and Settings\james\Cookies\james@mediastay.directtrack[2].txt
C:\Documents and Settings\james\Cookies\james@tracker.wholinked[1].txt
C:\Documents and Settings\james\Cookies\james@cgi-bin[8].txt
C:\Documents and Settings\james\Cookies\james@tracking.summitmedia.co[1].txt
C:\Documents and Settings\james\Cookies\james@1066157644[2].txt
C:\Documents and Settings\james\Cookies\james@ads.cnn[2].txt
C:\Documents and Settings\james\Cookies\james@ad.weblogy[1].txt
C:\Documents and Settings\james\Cookies\james@diy[2].txt
C:\Documents and Settings\james\Cookies\james@yadro[1].txt
C:\Documents and Settings\james\Cookies\james@directtrack[1].txt
C:\Documents and Settings\james\Cookies\james@nokia[2].txt
C:\Documents and Settings\james\Cookies\james@local[1].txt
C:\Documents and Settings\james\Cookies\james@yieldmanager[2].txt
C:\Documents and Settings\james\Cookies\james@Football[2].txt
C:\Documents and Settings\james\Cookies\james@pbh.adbureau[2].txt
C:\Documents and Settings\james\Cookies\james@ads.iambic[1].txt
C:\Documents and Settings\james\Cookies\james@1064505351[1].txt
C:\Documents and Settings\james\Cookies\james@tracker.roitesting[2].txt
C:\Documents and Settings\james\Cookies\james@ads.aol.co[2].txt
C:\Documents and Settings\james\Cookies\james@casalemedia[2].txt
C:\Documents and Settings\james\Cookies\james@ehg-tigerdirect2.hitbox[1].txt
C:\Documents and Settings\james\Cookies\james@stuff[1].txt
C:\Documents and Settings\james\Cookies\james@192[1].txt
C:\Documents and Settings\james\Cookies\james@media.fastclick[1].txt
C:\Documents and Settings\james\Cookies\james@adv.webmd[1].txt
C:\Documents and Settings\james\Cookies\james@e61-viral-en[1].txt
C:\Documents and Settings\james\Cookies\james@stat.dealtime[1].txt
C:\Documents and Settings\james\Cookies\james@sitestats.tiscali.co[1].txt
C:\Documents and Settings\james\Cookies\james@1068052837[1].txt
C:\Documents and Settings\james\Cookies\james@sexyfootballbabes[1].txt
C:\Documents and Settings\james\Cookies\james@1071231053[1].txt
C:\Documents and Settings\james\Cookies\james@www.precisioncounter[2].txt
C:\Documents and Settings\james\Cookies\james@mediaplex[1].txt
C:\Documents and Settings\james\Cookies\james@msnportal.112.2o7[1].txt
C:\Documents and Settings\james\Cookies\james@keywordmax[1].txt
C:\Documents and Settings\femi\Cookies\femi@2o7[1].txt
C:\Documents and Settings\femi\Cookies\femi@ad.yieldmanager[2].txt
C:\Documents and Settings\femi\Cookies\femi@ad.zanox[1].txt
C:\Documents and Settings\femi\Cookies\femi@ad1.emediate[1].txt
C:\Documents and Settings\femi\Cookies\femi@adbrite[2].txt
C:\Documents and Settings\femi\Cookies\femi@adknowledge[2].txt
C:\Documents and Settings\femi\Cookies\femi@adopt.hbmediapro[2].txt
C:\Documents and Settings\femi\Cookies\femi@adprofile[1].txt
C:\Documents and Settings\femi\Cookies\femi@adrevenue[2].txt
C:\Documents and Settings\femi\Cookies\femi@ads.admiral[1].txt
C:\Documents and Settings\femi\Cookies\femi@ads.cnn[1].txt
C:\Documents and Settings\femi\Cookies\femi@ads.mediaturf[1].txt
C:\Documents and Settings\femi\Cookies\femi@ads.pricerunner[1].txt
C:\Documents and Settings\femi\Cookies\femi@ads.technologyguide[1].txt
C:\Documents and Settings\femi\Cookies\femi@ads.telegraph.co[1].txt
C:\Documents and Settings\femi\Cookies\femi@ads1.itadnetwork.co[1].txt
C:\Documents and Settings\femi\Cookies\femi@adv.surinter[1].txt
C:\Documents and Settings\femi\Cookies\femi@adv.webmd[2].txt
C:\Documents and Settings\femi\Cookies\femi@advertising[1].txt
C:\Documents and Settings\femi\Cookies\femi@adverts.digitalspy.co[1].txt
C:\Documents and Settings\femi\Cookies\femi@atwola[1].txt
C:\Documents and Settings\femi\Cookies\femi@banner.coza[1].txt
C:\Documents and Settings\femi\Cookies\femi@banners.sys-con[2].txt
C:\Documents and Settings\femi\Cookies\femi@bannersng.yell[1].txt
C:\Documents and Settings\femi\Cookies\femi@burstnet[2].txt
C:\Documents and Settings\femi\Cookies\femi@c3.gostats[2].txt
C:\Documents and Settings\femi\Cookies\femi@clicktorrent[1].txt
C:\Documents and Settings\femi\Cookies\femi@countercentral[2].txt
C:\Documents and Settings\femi\Cookies\femi@dealtime.co[1].txt
C:\Documents and Settings\femi\Cookies\femi@hypertracker[1].txt
C:\Documents and Settings\femi\Cookies\femi@indextools[1].txt
C:\Documents and Settings\femi\Cookies\femi@itxt.vibrantmedia[2].txt
C:\Documents and Settings\femi\Cookies\femi@mediamgr.ugo[2].txt
C:\Documents and Settings\femi\Cookies\femi@roiservice[1].txt
C:\Documents and Settings\femi\Cookies\femi@sales.liveperson[1].txt
C:\Documents and Settings\femi\Cookies\femi@saletrack.co[1].txt
C:\Documents and Settings\femi\Cookies\femi@serials[2].txt
C:\Documents and Settings\femi\Cookies\femi@superstats[1].txt
C:\Documents and Settings\femi\Cookies\femi@tacoda[1].txt
C:\Documents and Settings\femi\Cookies\femi@toplist[2].txt
C:\Documents and Settings\femi\Cookies\femi@tracking.dc-storm[1].txt
C:\Documents and Settings\femi\Cookies\femi@tracking.summitmedia.co[1].txt
C:\Documents and Settings\femi\Cookies\femi@www.burstnet[1].txt
C:\Documents and Settings\femi\Cookies\femi@www.dgm2[2].txt
C:\Documents and Settings\femi\Cookies\femi@www.utmedia.co[2].txt
C:\Documents and Settings\femi\Cookies\femi@xiti[1].txt
C:\Documents and Settings\james\Cookies\james@lt_stats[2].txt
C:\Documents and Settings\jon\Cookies\jon@toplist[1].txt
C:\Documents and Settings\tom\Cookies\tom@ad.yieldmanager[2].txt
C:\Documents and Settings\tom\Cookies\tom@advert.runescape[1].txt
C:\Documents and Settings\tom\Cookies\tom@belnk[1].txt
C:\Documents and Settings\tom\Cookies\tom@bizrate[2].txt
C:\Documents and Settings\tom\Cookies\tom@data4.perf.overture[1].txt
C:\Documents and Settings\tom\Cookies\tom@dist.belnk[2].txt
C:\Documents and Settings\tom\Cookies\tom@popularscreensavers[1].txt
C:\Documents and Settings\tom\Cookies\tom@starware[2].txt
C:\Documents and Settings\tom\Cookies\tom@www.dgm2[1].txt
C:\Documents and Settings\tom\Cookies\tom@www.screensavers[1].txt

Unclassified.Unknown Origin
C:\PROGRAM FILES\EUROPRESS\ART ATTACK\FREE.RAW

=====================================================================

My HijackThis Log after running SUPERAntiSpyware is below:
=====================================================================
Logfile of HijackThis v1.99.1
Scan saved at 15:17:41, on 14/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\winsys.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AOL 7.0\aoltray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\BT Voyager\BT Voyager Wireless\WLM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\notepad.exe
C:\temp\HijackThis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: BT Voyager Wireless Utility.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://mia.bt.com/dana-cached/setup/JuniperSetupSP1.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


=====================================================================

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 14 January 2007 - 11:06 AM

Add remove programs - remove if present WinSpy

===========================

IE - Block Third party cookies
1. Click on the Tools button on the Internet Explorer tool bar.
2. Highlight and click on Internet options at the bottom of the Tools menu.
3. Select the Privacy Tab of the Internet Options menu.
4. Select the Advanced... button at the bottom of the screen.
5. Select override automatic cookie handling button.
6. To block third party cookies select block under "Third-party cookies".
7. Select "always allow session cookies".
8. Click on the OK button at the bottom of the screen.


=========================

Delete this file

C:\WINDOWS\winsys.exe
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 imef2k

imef2k
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 14 January 2007 - 03:44 PM

Add remove programs - remove if present WinSpy

===========================

IE - Block Third party cookies
1. Click on the Tools button on the Internet Explorer tool bar.
2. Highlight and click on Internet options at the bottom of the Tools menu.
3. Select the Privacy Tab of the Internet Options menu.
4. Select the Advanced... button at the bottom of the screen.
5. Select override automatic cookie handling button.
6. To block third party cookies select block under "Third-party cookies".
7. Select "always allow session cookies".
8. Click on the OK button at the bottom of the screen.


=========================

Delete this file

C:\WINDOWS\winsys.exe



I have performed all the actions as advised. Here is my HijackThis Log.

===================================================================
Logfile of HijackThis v1.99.1
Scan saved at 20:37:56, on 14/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\AOL 7.0\aoltray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BT Voyager\BT Voyager Wireless\WLM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\palmOne\Hotsync.exe
C:\temp\HijackThis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: BT Voyager Wireless Utility.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://mia.bt.com/dana-cached/setup/JuniperSetupSP1.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


===================================================================

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 14 January 2007 - 03:48 PM

how are things?
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 imef2k

imef2k
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 14 January 2007 - 05:21 PM

how are things?


I havent experienced anymore virus alerts or pop up dialler windows. Thanks very much for your help.
I am very grateful!

#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 14 January 2007 - 05:23 PM

Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#9 imef2k

imef2k
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 14 January 2007 - 06:07 PM

Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam


All actions performed as advised.

#10 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 14 January 2007 - 06:10 PM

Good to go!
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#11 imef2k

imef2k
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 15 January 2007 - 05:13 AM

Good to go!


Thank you. Much appreciated!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users