Hi,
this afternoon Norton asked whether I wanted to allow kernels88.exe access to a DNS server, I googled kernels88.exe to find out what it was and read that it could effect task manager. Told Norton to block all connections. Checked my task manager and got this message: "task manager has been disabled by your administrator." When I restart my laptop normally it has my usual two users, however when I started in safe mode I found that a password protected 'administrator' user profile has been created. Have run S&D which removed 73 problems but has not solved tsk mngr problem. Not sure what to do next, please advise,
thanks in advance,

Logfile of HijackThis v1.99.1
Scan saved at 18:18:39, on 24/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\Program Files\sony\vaio update 2\VAIOUpdt.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\System32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User2\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.equinoxsolutions.com:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ProsperaSoftware_WhenUSave_Installer] C:\Program Files\ProsperaSoftware_WhenUSave_Installer\ProsperaSoftware_WhenUSave_Installer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/04653b4824d567562920/netzip/RdxIE601.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe

Incident Status Location

Adware:adware/transponder Not disinfected c:\windows\lastgood\inf\speer.PNF
Virus:trj/torpig.a Disinfected Operating system
Adware:adware/popuper Not disinfected c:\syst.exe
Adware:adware/wupd Not disinfected Windows Registry
Dialer:dialer.dgi Not disinfected hkey_local_machine\software\Mpb
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179}
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3w93xqvr.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3w93xqvr.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3w93xqvr.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3w93xqvr.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3w93xqvr.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3w93xqvr.default\cookies.txt[.xiti.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\John\Cookies\john@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\John\Cookies\john@2o7[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\John\Cookies\john@adopt.hbmediapro[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\John\Cookies\john@ads.addynamix[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\John\Cookies\john@ads.pointroll[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\John\Cookies\john@adtech[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\John\Cookies\john@adultfriendfinder[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\John\Cookies\john@as-eu.falkag[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\John\Cookies\john@bs.serving-sys[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\John\Cookies\john@ccbill[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\John\Cookies\john@cgi-bin[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\John\Cookies\john@cs.sexcounter[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\John\Cookies\john@go[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\John\Cookies\john@paycounter[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\John\Cookies\john@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\John\Cookies\john@realmedia[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\John\Cookies\john@serving-sys[2].txt
Spyware:Cookie/Clicktracks Not disinfected C:\Documents and Settings\John\Cookies\john@stats1.clicktracks[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\John\Cookies\john@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\John\Cookies\john@tribalfusion[2].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\John\Cookies\john@weborama[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\John\Cookies\john@webpower[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\John\Cookies\john@yadro[2].txt
Adware:Adware/Zango Not disinfected C:\Documents and Settings\John\Local Settings\Temp\18026.tmp
Adware:Adware/Ourxin Not disinfected C:\Documents and Settings\John\Local Settings\Temp\3fe7.$$$
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\John\Local Settings\Temp\Cookies\john@adopt.hbmediapro[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John\Local Settings\Temp\Cookies\john@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\John\Local Settings\Temp\Cookies\john@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\John\Local Settings\Temp\Cookies\john@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\John\Local Settings\Temp\Cookies\john@mediaplex[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\John\Local Settings\Temp\Cookies\john@offeroptimizer[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\John\Local Settings\Temp\Cookies\john@questionmarket[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\John\Local Settings\Temp\Cookies\john@xmts[2].txt
Dialer:Dialer.EGC Not disinfected C:\Documents and Settings\John\Local Settings\Temp\delwbi.tmp
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\User2\Cookies\user2@112.2o7[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\User2\Cookies\user2@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\User2\Cookies\user2@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\User2\Cookies\user2@ad.yieldmanager[2].txt

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\User2\Cookies\user2@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\User2\Cookies\user2@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\User2\Cookies\user2@ads.pointroll[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\User2\Cookies\user2@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\User2\Cookies\user2@advertising[2].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\User2\Cookies\user2@adviva[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\User2\Cookies\user2@anm.co[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\User2\Cookies\user2@atdmt[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\User2\Cookies\user2@azjmp[2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\User2\Cookies\user2@bfast[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\User2\Cookies\user2@bluestreak[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\User2\Cookies\user2@bs.serving-sys[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\User2\Cookies\user2@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\User2\Cookies\user2@casalemedia[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\User2\Cookies\user2@ccbill[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\User2\Cookies\user2@com[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\User2\Cookies\user2@counter.hitslink[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\User2\Cookies\user2@cs.sexcounter[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\User2\Cookies\user2@ct.360i[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\User2\Cookies\user2@doubleclick[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\User2\Cookies\user2@drivecleaner[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\User2\Cookies\user2@fastclick[2].txt
Spyware:Cookie/GangbangSquad Not disinfected C:\Documents and Settings\User2\Cookies\user2@gangbangsquad[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\User2\Cookies\user2@go[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\User2\Cookies\user2@hg1.hitbox[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\User2\Cookies\user2@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\User2\Cookies\user2@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\User2\Cookies\user2@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\User2\Cookies\user2@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\User2\Cookies\user2@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\User2\Cookies\user2@realmedia[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\User2\Cookies\user2@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\User2\Cookies\user2@serving-sys[1].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\User2\Cookies\user2@spylog[2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\User2\Cookies\user2@stat.onestat[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\User2\Cookies\user2@statcounter[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\User2\Cookies\user2@stats.drivecleaner[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\User2\Cookies\user2@statse.webtrendslive[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\User2\Cookies\user2@tradedoubler[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\User2\Cookies\user2@tribalfusion[2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\User2\Cookies\user2@valueclick[2].txt

Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\User2\Cookies\user2@weborama[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\User2\Cookies\user2@www.myaffiliateprogram[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\User2\Cookies\user2@xiti[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\User2\Local Settings\Temp\Cookies\user2@ad.yieldmanager[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\User2\Local Settings\Temp\Cookies\user2@adtech[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\User2\Local Settings\Temp\Cookies\user2@atdmt[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\User2\Local Settings\Temp\Cookies\user2@casalemedia[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\User2\Local Settings\Temp\Cookies\user2@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\User2\Local Settings\Temp\Cookies\user2@fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\User2\Local Settings\Temp\Cookies\user2@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\User2\Local Settings\Temp\Cookies\user2@questionmarket[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\User2\Local Settings\Temp\Cookies\user2@tradedoubler[2].txt
Adware:Adware/Adsmart Not disinfected C:\system.exe
Virus:Trj/Torpig.DQ Disinfected C:\WINDOWS\system32\msasvc.exe
Virus:Trj/Cimuz.DD Disinfected C:\WINDOWS\system32\ws25.exe

Hello John and welcome to the forum. This junk is going to be a little tricky since it is not showing in the HJT log. No doubt it is bad, here is the Google:
http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLG,GGLG:2006-16,GGLG:en&q=kernels88%2eexe+ and BleepingComputer which I trust. http://www.bleepingcomputer.com/startups/System-16566.html
I ask you to work with me as I tend to be a little cautious about what I remove remotely like this. I am also giving you a lot to do, work at your pace, just do the instructions in the numbered order.

1) Spyware Doctor <<< turn this off, it may block the changes we must make: From within Spyware Doctor, click the "OnGuard" button on the left side. Uncheck "Activate OnGuard".

2) You will need to search to locate this item, but it is probably running from here: C:\Windows\System32\kernels88.exe before you search, enable all files and folder so you can find it.
How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.

2) Now use search companion (might take a while) and search for kernels88.exe Once you have the location, then use one or more of these free online scans to make sure it is bad:
I would also like you to check for this item: kernels88.dll if you find that one, scan it also, and if it scans bad use the tool to delete them both.
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/flash/index_en.html

Post that information for me also, once you have confimed then use this tool I am adding this: kernels88.exe to the tool, if it turns out it is located in another place, you will have to change the location in the tool. If the .dll shows up, you can enter them both into the tool before you reboot to delete them. If you have questions, post them.

3) How to use the Delete on Reboot tool
http://www.bleepingcomputer.com/tutorials/tutorial42.html#delreb
Start Hijackthis
Click on the Config button
Click on the Misc Tools button
Click on the button labeled Delete a file on reboot...
A new window will open asking you to select the file that you would like to delete on reboot. Navigate to the file: C:\WINDOWS\SYSTEM32\kernels88.exe and click on it once, and then click on the Open button.
You will now be asked if you would like to reboot your computer to delete the file. Click on the Yes button if you would like to reboot now.

4) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

5) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

(first item is damaged and not working right if at all, download it again once we finish if you use it)
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O4 - HKLM\..\Run: [ProsperaSoftware_WhenUSave_Installer] C:\Program Files\ProsperaSoftware_WhenUSave_Installer\ProsperaSoftware_WhenUSave_Installer.e
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/04653b48...p/RdxIE601.cab

Close all programs but HJT and all browser windows, then click on "Fix Checked"

6) RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\Program Files\ProsperaSoftware_WhenUSave_Installer\ <<< delete that folder

7) Please follow the instructions here and delete all of those cookies you are storing that showed in Panda so we do not have to look at them again in the AVG Anti-Spyware scan.
Clean your Cache and Cookies in IE: Close all instances of Outlook Express and Internet Explorer
Go to Control Panel > Internet Options > General tab
Click the "Delete Cookies" button
Next to it, Click the "Delete Files" button
When prompted, place a check in: "Delete all offline content", click OK* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed): Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

8) Follow the instructions in his link, make sure you delete or at least quarantine anything located and save the scan report to post.
http://forums.security-central.us/showthread.php?t=3165

9) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Post the scan results from AVG Anti-Spyware, a new HJT log the information from the online scans, and any comments you think will help. Tell me how the computer is running now.

Thanks

Hello,
thank you for the welcome, after following your initial instructions re. folders I had partial success, a point by point account of which follows (thank you very much for your time and help):

1) Removed Sptware Doctor

2 3) Search Companion did not find anything under kernels88.exe/dll

5) Done

6) Item not present

7) done

8) Found a worm related to ipv6mon.dll, this was causing error message a while ago when I clicked on desktop item - "can't load library from memory" or similar - I stopped error message by renaming file and thought problem was solved.

C:\System Volume Information\_restore{5135C13D-89D1-4FCA-891A-CEEA5677D0A0}\RP527\A0288773.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{5135C13D-89D1-4FCA-891A-CEEA5677D0A0}\RP542\A0292989.exe -> Adware.SaveNow : Cleaned.
C:\Documents and Settings\John\Local Settings\Temp\18026.tmp -> Adware.Solution : Cleaned.
C:\system.exe -> Downloader.Small.dul : Cleaned.
C:\System Volume Information\_restore{5135C13D-89D1-4FCA-891A-CEEA5677D0A0}\RP590\A0320155.exe -> Logger.BZub.ib : Cleaned.
C:\WINDOWS\system32\ipv6monl.dll.old -> Logger.BZub.ib : Cleaned.
C:\Documents and Settings\John\Cookies\john@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\John\Cookies\john@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John\Cookies\john@meetupcom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John\Cookies\john@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John\Cookies\john@sonyeurope.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User2\Cookies\user2@sonyeurope.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John\Cookies\john@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\John\Cookies\john@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\John\Cookies\john@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\User2\Local Settings\Temp\Cookies\user2@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\John\Local Settings\Temp\Cookies\john@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\John\Local Settings\Temp\Cookies\john@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\User2\Local Settings\Temp\Cookies\user2@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\User2\Local Settings\Temp\Cookies\user2@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.301:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3w93xqvr.default\cookies.txt -> TrackingCookie.Co : Cleaned.
C:\Documents and Settings\John\Cookies\john@ads.guardian.co[1].txt -> TrackingCookie.Co : Cleaned.
C:\Documents and Settings\User2\Cookies\user2@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\John\Local Settings\Temp\Cookies\john@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\User2\Cookies\user2@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\User2\Local Settings\Temp\Cookies\user2@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\John\Cookies\john@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\John\Cookies\john@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\John\Cookies\john@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\User2\Local Settings\Temp\Cookies\user2@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\John\Cookies\john@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\John\Local Settings\Temp\Cookies\john@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\User2\Cookies\user2@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\User2\Local Settings\Temp\Cookies\user2@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\John\Cookies\john@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\John\Cookies\john@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\John\Cookies\john@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\John\Local Settings\Temp\Cookies\john@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\User2\Local Settings\Temp\Cookies\user2@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.203:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3w93xqvr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\John\Cookies\john@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\John\Cookies\john@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\John\Cookies\john@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\John\Cookies\john@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.236:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3w93xqvr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.237:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3w93xqvr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.238:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3w93xqvr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.239:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3w93xqvr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\John\Cookies\john@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\User2\Local Settings\Temp\Cookies\user2@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\John\Cookies\john@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\John\Cookies\john@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\John\Cookies\john@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\John\Cookies\john@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\John\Cookies\john@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\User2\Local Settings\Temp\Cookies\user2@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\John\Local Settings\Temp\3fe7.$$$ -> Trojan.Sinowal.az : Cleaned.
C:\System Volume Information\_restore{5135C13D-89D1-4FCA-891A-CEEA5677D0A0}\RP590\A0320153.dll -> Trojan.Sinowal.bh : Cleaned.
C:\System Volume Information\_restore{5135C13D-89D1-4FCA-891A-CEEA5677D0A0}\RP590\A0320154.exe -> Trojan.Sinowal.bh : Cleaned.
C:\3456346345643.exe -> Worm.Zhelatin.ak : Cleaned.
C:\System Volume Information\_restore{5135C13D-89D1-4FCA-891A-CEEA5677D0A0}\RP590\A0320141.exe -> Worm.Zhelatin.ak : Cleaned.
C:\syst.exe -> Worm.Zhelatin.ak : Cleaned.

9) Done, removed 635.194mb

Logfile of HijackThis v1.99.1
Scan saved at 09:36:56, on 25/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\Program Files\sony\vaio update 2\VAIOUpdt.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\System32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.equinoxsolutions.com:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe

Good morning John, thanks for returning your information. Looking at your comments, I will resond only when I think one is needed.

1) You said removed Spyware Doctor? I asked you turn it off? It is a good program and if you purchased it you should put it back.

3) Makes you wonder what Norton reported then, have you received any reports recently from Norton concerning this item? From the way you described what occured:

this afternoon Norton asked whether I wanted to allow kernels88.exe access to a DNS server, That sounds like it was trying to get out, but it may have been trying to get in an Noton blocked it? If you are sure you allowed time for search companion to look, and you followed the instructions to show all hidden files and folders (if it is hidden search companion might not find it)
and I have seen it take ten minutes or more for the search to complete, then I would say it is not on your computer.

8)
Found a worm related to ipv6mon.dll, this item appears to be valid, see this: http://www.programchecker.com/file/4735.aspx and this: http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLG,GGLG:2006-16,GGLG:en&q=ipv6mon%2edll
Anytime you have a file you do know know, use an online scan to identify it, here is a free one:
http://virusscan.jotti.org/


"can't load library from memory" or similar You might want to look through this information for possible solutions.
http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLG,GGLG:2006-16,GGLG:en&q=can%27t+load+library+from+memory

AVG Anti-Spyware: most of that is stuff in your system restore files and cookies. The junk in SR can not get back on the computer unless you do a System Restore, so do not, we will clean those before we finish.
AVG did find one trojan and cleaned it.

Your HJT log is clean of malware, I suggest you do this: System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

Run another Panda scan and if there is anything in it you do not understand, post the results, otherwise you are good to go.

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

Hi,
sorry it has been so long, I am writing my dissertation and have a deadline looming so cannot give this problem the attention I would like to for at least a few days. It seems to me that there is still some attention needed, I will Write properly as soon as I can. Thank you very much for all your help,
John.
:red:

It seems this member may have issues other than malware? Since they appear to be clean of malware, and have indicated the presently have no time to deal with the issues, I am closing this topic.

Thanks