When i scan my pc with spybot S&D it always gets to a set of files called coolwwwsearch.service and coolwwwsearch.feat2dll which take forever to scan, I would like to know what i can do about this and other unwanted programs on my PC. Thanks in advance.

Here's my hijack this logfile:

Logfile of HijackThis v1.99.1
Scan saved at 10:44:39 AM, on 7/18/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\taskmgr.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=5.0&bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=5.0&bm=ho_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BAEB7A5-E3FD-4B23-9D87-62B36EDC2163}: NameServer = 68.237.161.12 71.242.0.12
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Hello opium,

Welcome to Safer Networking Forums :)

To allay your fears, there is no CWS on your computer. What is happening is Spybot S&D is searching for any files related to CWS, and there are a lot of them. It takes a longer time to go through them on my computer as well. ;)

You have a couple of lines of clutter we can get rid of with HijackThis, and you have a task to perform after. :)

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Your Java is way out of date, which leaves your computer vulnerable to infection.

Updating Java:

Go to Start > Control Panel double-click > add/remove programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
It should have a coffee cup next to it:
Select it and click Remove.
Then Download and install the newest version from here:

http://www.java.com/en/download/manual.jsp (http://www.java.com/en/download/manual.jsp)

After you complete that task, use 'Control Panel > Add/Remove Programs' to remove ALL earlier versions of Sun java. You remain vulnerable as long as these remain on your system.

In your reply, please post a new HijackThis log and let me know how your computer is running. :)

Thanks,
tea

Thanks Teacup61,
I followed your instructions and they worked without any snags. I still have a few questions first of all what is this? O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe another thing is that while I run Norton Kaspersky, and teatimer (which causes my pc to run extreamly slow) every time i run a scan I always find some new adware and 5-20 new viruses on my pc (the virus scan is performed using Kaspersky). My last question is, is there a program that doesn't take up to much of a computers cpu that can defend it against viruses and spy/adware so I don't have to run Kaspersky, Teatimer and Norton?

Thanks in advance.

Hello again,

File ati2evxx.exe is installed with the ATI graphics card drivers. This process is known as ATI Hotkey Poller and is perfectly legit. :)

Could you save the report from Kaspersky and post it here please?

I asked for a new HijackThis log. Could I see it please? ;)

Thanks,
tea

Hi Tea,
Sorry I didn't include a hijack this scan. My pc is acting funny sometimes I can't log on at all to my account. The following is a hijack this scan followed by a kaspersky scan. Another thing is that some this called network monitor keeps poping up from spybot. Computer is running terriblely, I also installed the new java program.
Hijack this scan:
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [implib] rundll32.exe C:\WINDOWS\System32\implib.dll,start
O4 - HKLM\..\Run: [keyboard] c:\\kybrdaca_6.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmac_6.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: awtqp - awtqp.dll (file missing)
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\dAdim.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\aHA\command.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Kaspersky:
deleted: adware not-a-virus:AdWare.Win32.Look2Me.ab Running module: rundll32.exe\jvro0793e.dll
deleted: adware not-a-virus:AdWare.Win32.Look2Me.ab Running module: C:\WINDOWS\system32\jvro0793e.dll
deleted: adware not-a-virus:AdWare.Win32.Look2Me.ab Running module: rundll32.exe\issecsvc.dll
deleted: adware not-a-virus:AdWare.Win32.Look2Me.ab Running module: explorer.exe\issecsvc.dll
deleted: Trojan program Trojan-Clicker.Win32.VB.nh Running module: c:\\dfndrdd_6.exe
deleted: adware not-a-virus:AdWare.Win32.CommAd.a File: C:\WINDOWS\aHA\command.exe/UPX
deleted: adware not-a-virus:AdWare.Win32.Look2Me.ab Running module: c:\windows\system32\pzofmap.dll
not found: Trojan program Trojan-Clicker.Win32.VB.nh File: C:\dfndrdd_6.exe
deleted: adware not-a-virus:AdWare.Win32.Look2Me.ab File: C:\Installer2.exe
deleted: Trojan program Trojan-Downloader.Win32.Small.buy File: C:\MTE3NDI6ODoxNg.exe/UPX
deleted: adware not-a-virus:AdWare.Win32.Look2Me.ab File: C:\warebundle2.exe
deleted: Trojan program Trojan-Downloader.Win32.Adload.ch File: C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\dotdr.exe
deleted: Trojan program Trojan-Downloader.Win32.ConHook.ad File: C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\ww32.exe/data.rar\dotrm.dll
deleted: Trojan program Trojan-Downloader.Win32.Adload.ch File: C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\ww32.exe/data.rar\dotdr.exe
deleted: adware not-a-virus:AdWare.Win32.CommAd.a File: C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Local Settings\Temp\cmdinst.exe/data0001/UPX
deleted: Trojan program Trojan-Downloader.Win32.ConHook.ad File: C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Local Settings\Temp\tmp0002f61e
deleted: adware not-a-virus:AdWare.Win32.CommAd.a File: C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Local Settings\Temporary Internet Files\Content.IE5\7X95MXO6\installer[1].exe/data0001/UPX
deleted: Trojan program Trojan-Downloader.Win32.Small.buy File: C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Local Settings\Temporary Internet Files\Content.IE5\7X95MXO6\MTE3NDI6ODoxNg[1].exe/UPX
deleted: Trojan program Trojan-Clicker.Win32.VB.nh File: C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Local Settings\Temporary Internet Files\Content.IE5\PLZCXE87\dfndrdd_6[1].exe
deleted: adware not-a-virus:AdWare.Win32.Look2Me.ab File: C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Local Settings\Temporary Internet Files\Content.IE5\PLZCXE87\installer[1].exe
deleted: Trojan program Trojan-Downloader.Win32.ConHook.ad File: C:\Program Files\Norton AntiVirus\Quarantine\5D332F8C.dll/CryptFF
deleted: adware not-a-virus:AdWare.Win32.CommAd.a File: C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Local Settings\Temporary Internet Files\Content.IE5\7X95MXO6\installer[1].exe
deleted: adware not-a-virus:AdWare.Win32.CommAd.a File: C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Local Settings\Temporary Internet Files\Content.IE5\PLZCXE87\installer[1].exe/data0001/UPX

Hello again,

You have a lot going on there. If I'm to accurately help you I need to see the complete logs, please.:)

Thnk you,
tea

Sorry for my bad grammer in my last post, I was trying to type before my system locked up again. Thanks it's appriciated.

It's all right.:) One thing you can do right now is to disable either Kaspersky or Norton. Running both at the same time is NOT helping your situation. Post the logs for me and we'll start getting rid of this garbage,k? ;)

Alright, disabling norton definitly helped a ton. What do you mean by logfiles? Another question I have is how do you get the kaspersky logfile, and what is it? Do you mean everything under events, because when I try to copy that kaspersky locks up on me. Another thing is that after kaspersky does lock up there is no way to stop it, if I try to close it a message appears telling me that the system has locked this program, and I can't close it with task manager, which leaves me with a system restart.

In case one of the logfiles u meant was i hijack this then here it is, this is the whole logfile.
Logfile of HijackThis v1.99.1
Scan saved at 3:28:43 PM, on 7/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F4471372-F846-44DB-AFEE-3F2DC46D37A8} - C:\Program Files\Movie Maker\mewokycot.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

What do you mean by then Kaspersky report, because I can't get a text file that is the minimum post size for this forum. Most of the text files are over 8mb.

Did you mean the online Kaspersky scan or the actual program scan report, because I'm using the program and not the online service.

I think I know what you meant, is this it?

p.s. there's a hijack this log on the previous page.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 19, 2006 6:13:22 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 19/07/2006
Kaspersky Anti-Virus database records: 196013
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 48835
Number of viruses found: 2
Number of infected objects: 6 / 0
Number of suspicious objects: 6
Duration of the scan process: 01:33:41

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0436_ids_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\043f_File_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0444_Web_Monitoring_eventcritlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0444_Web_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\report.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5278064b1a9dec1a43aac859211f21f5_c6c4b425-29d7-455c-aea1-d4bd74621834 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\muvee Technologies\030410\0102\0102\values Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/drsmartload849a6.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/drsmartload46a6.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip/drsmartload45a6.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Application Data\Mozilla\Firefox\Profiles\r5fjgopf.default\cert8.db Object is locked skipped
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Application Data\Mozilla\Firefox\Profiles\r5fjgopf.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Application Data\Mozilla\Firefox\Profiles\r5fjgopf.default\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Application Data\Mozilla\Firefox\Profiles\r5fjgopf.default\history.dat Object is locked skipped
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Application Data\Mozilla\Firefox\Profiles\r5fjgopf.default\key3.db Object is locked skipped
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Application Data\Mozilla\Firefox\Profiles\r5fjgopf.default\parent.lock Object is locked skipped
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Local Settings\Application Data\Mozilla\Firefox\Profiles\r5fjgopf.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Local Settings\Application Data\Mozilla\Firefox\Profiles\r5fjgopf.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Local Settings\Application Data\Mozilla\Firefox\Profiles\r5fjgopf.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Local Settings\Application Data\Mozilla\Firefox\Profiles\r5fjgopf.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Local Settings\History\History.IE5\MSHist012006071920060720\index.dat Object is locked skipped
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Local Settings\Temp\~DF64E6.tmp Object is locked skipped
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Levko.YOUR-FULKL1OH2Q\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Verizon Online\SupportCenter\log\mpbtn.log Object is locked skipped
C:\Program Files\Verizon Online\SupportCenter\SmartBridge\AlertFilter.log Object is locked skipped
C:\Program Files\Verizon Online\SupportCenter\SmartBridge\log\httpclient.log Object is locked skipped
C:\Program Files\Verizon Online\SupportCenter\SmartBridge\SmartBridge.log Object is locked skipped
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP24\A0031038.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP24\A0031038.exe/data.rar Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP24\A0031038.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP24\A0031054.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP24\A0031054.exe/data.rar Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP24\A0031054.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP24\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

Scan process completed.

Im posting In order to speed things up

You still havent posted an entire Hijackthis log in one post
Make a new one and be sure to post the entire log this time, please .

There is some wierd virus on my pc, all the 500 others I had went away after the first kaspersky scan. This virus however keeps installing trojan downloaders by creating instalation files labled ww32 in c/documents and setting/ any windows user name. Every time Kaspersky gets rid of this virus it keeps coming back.

Here are Hijackthis log (first) and my kaspersky online scan report (second).
Logfile of HijackThis v1.99.1
Scan saved at 5:07:58 PM, on 7/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Lev\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.kaspersky.com/scanforvirus
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F4471372-F846-44DB-AFEE-3F2DC46D37A8} - C:\Program Files\Movie Maker\mewokycot.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [implib] rundll32.exe C:\WINDOWS\System32\implib.dll,start
O4 - HKLM\..\Run: [keyboard] c:\\kybrdaca_6.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BAEB7A5-E3FD-4B23-9D87-62B36EDC2163}: NameServer = 68.237.161.12 71.242.0.12
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe




-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, July 20, 2006 5:05:12 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 20/07/2006
Kaspersky Anti-Virus database records: 196280
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 48023
Number of viruses found: 2
Number of infected objects: 7 / 0
Number of suspicious objects: 6
Duration of the scan process: 01:44:39

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\04c7_File_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\04cb_Web_Monitoring_eventcritlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\04cb_Web_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\report.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5278064b1a9dec1a43aac859211f21f5_c6c4b425-29d7-455c-aea1-d4bd74621834 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f827e88d8849944b18201ba78154434a_c6c4b425-29d7-455c-aea1-d4bd74621834 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\muvee Technologies\030410\0102\0102\values Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/drsmartload849a6.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/drsmartload46a6.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip/drsmartload45a6.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\Lev\Application Data\Mozilla\Firefox\Profiles\ro9h2xp8.default\cert8.db Object is locked skipped
C:\Documents and Settings\Lev\Application Data\Mozilla\Firefox\Profiles\ro9h2xp8.default\history.dat Object is locked skipped
C:\Documents and Settings\Lev\Application Data\Mozilla\Firefox\Profiles\ro9h2xp8.default\key3.db Object is locked skipped
C:\Documents and Settings\Lev\Application Data\Mozilla\Firefox\Profiles\ro9h2xp8.default\parent.lock Object is locked skipped
C:\Documents and Settings\Lev\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Lev\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Lev\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Lev\Local Settings\Application Data\Mozilla\Firefox\Profiles\ro9h2xp8.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Lev\Local Settings\Application Data\Mozilla\Firefox\Profiles\ro9h2xp8.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Lev\Local Settings\Application Data\Mozilla\Firefox\Profiles\ro9h2xp8.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Lev\Local Settings\Application Data\Mozilla\Firefox\Profiles\ro9h2xp8.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Lev\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lev\Local Settings\History\History.IE5\MSHist012006072020060721\index.dat Object is locked skipped
C:\Documents and Settings\Lev\Local Settings\Temp\~DF725B.tmp Object is locked skipped
C:\Documents and Settings\Lev\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lev\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Lev\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Lev\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Verizon Online\SupportCenter\log\mpbtn.log Object is locked skipped
C:\Program Files\Verizon Online\SupportCenter\SmartBridge\AlertFilter.log Object is locked skipped
C:\Program Files\Verizon Online\SupportCenter\SmartBridge\log\httpclient.log Object is locked skipped
C:\Program Files\Verizon Online\SupportCenter\SmartBridge\SmartBridge.log Object is locked skipped
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP19\A0023095.exe Infected: Trojan-Downloader.Win32.VB.aid skipped
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP20\A0026370.exe Infected: Trojan-Downloader.Win32.VB.aid skipped
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP21\A0026761.exe Infected: Trojan-Downloader.Win32.VB.aid skipped
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP22\A0028131.exe Infected: Trojan-Downloader.Win32.VB.aid skipped
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP23\A0029498.exe Infected: Trojan-Downloader.Win32.VB.aid skipped
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP24\A0029868.exe Infected: Trojan-Downloader.Win32.VB.aid skipped
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP24\A0031449.exe Infected: Trojan-Downloader.Win32.VB.aid skipped
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP25\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

Scan process completed.

One more thing, this is urelated to my virus situation. My Kaspersky has blocked my firefox browser, does anyone know how to unblock it?

opium

Hi, respond in this thread, don't start new topics please.
Thanks

Hello again,

Thanks for the full log. :)

Please download, install, and update Ewido anti-spyware (http://www.ewido.net/en/download/)


Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Close ewido. Do not run it yet.


Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {F4471372-F846-44DB-AFEE-3F2DC46D37A8} - C:\Program Files\Movie Maker\mewokycot.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [keyboard] c:\\kybrdaca_6.exe
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".


In Safe Mode, load Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.


In your reply, please post the report from Ewido and a new FULL HijackThis log. Let me know how your computer is running.

Thanks,
tea

Hi, Tea
The Ewido programfound a virus downloader which might have been the source of my troubles. The wierd thing is that there's things like tracking cookies in accounts that I deleted a while ago. Another thing is that for some reason kaspersky is still blocking my firefox browser, do you know how to unblock it? Here are the Ewido report and my hijackthis logfile(full). Thanks in advance. In Ewido I hit take action and everything was deleted, except the virus downloader which was quarentined.

Logfile of HijackThis v1.99.1
Scan saved at 9:16:06 AM, on 7/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Lev\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.kaspersky.com/scanforvirus
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\pmnnn.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [implib] rundll32.exe C:\WINDOWS\System32\implib.dll,start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: pmnnn - pmnnn.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe



The ewido didn't fit so it's in the next post.

Hijackthis log in previous post
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:12:11 AM 7/21/2006

+ Scan result:



C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7X95MXO6\ac3[1].txt -> Adware.IEHelper : No action taken.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YB96D5IT\al3[1].txt -> Downloader.Small : No action taken.
:mozilla.120:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.121:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.131:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.45:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.46:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.47:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.48:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.56:C:\Documents and Settings\Bestalantka kakashka\Application Data\Mozilla\Firefox\Profiles\hf40tmo8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Bestalantka kakashka\Cookies\bestalantka kakashka@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Levko\Cookies\levko@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Levko\Cookies\levko@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Peska bestalantka\Cookies\peska bestalantka@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.26:C:\Documents and Settings\Lev\Application Data\Mozilla\Firefox\Profiles\ro9h2xp8.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.27:C:\Documents and Settings\Lev\Application Data\Mozilla\Firefox\Profiles\ro9h2xp8.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.12:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Levko\Cookies\levko@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.19:C:\Documents and Settings\Bestalantka kakashka\Application Data\Mozilla\Firefox\Profiles\hf40tmo8.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.20:C:\Documents and Settings\Bestalantka kakashka\Application Data\Mozilla\Firefox\Profiles\hf40tmo8.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.12:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.13:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.14:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.15:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.20:C:\Documents and Settings\Lev\Application Data\Mozilla\Firefox\Profiles\ro9h2xp8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.21:C:\Documents and Settings\Lev\Application Data\Mozilla\Firefox\Profiles\ro9h2xp8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.22:C:\Documents and Settings\Lev\Application Data\Mozilla\Firefox\Profiles\ro9h2xp8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.23:C:\Documents and Settings\Lev\Application Data\Mozilla\Firefox\Profiles\ro9h2xp8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.58:C:\Documents and Settings\Bestalantka kakashka\Application Data\Mozilla\Firefox\Profiles\hf40tmo8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.59:C:\Documents and Settings\Bestalantka kakashka\Application Data\Mozilla\Firefox\Profiles\hf40tmo8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.60:C:\Documents and Settings\Bestalantka kakashka\Application Data\Mozilla\Firefox\Profiles\hf40tmo8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.61:C:\Documents and Settings\Bestalantka kakashka\Application Data\Mozilla\Firefox\Profiles\hf40tmo8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.88:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.89:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.90:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.91:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Bestalantka kakashka\Cookies\bestalantka kakashka@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Levko\Cookies\levko@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.27:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.36:C:\Documents and Settings\Bestalantka kakashka\Application Data\Mozilla\Firefox\Profiles\hf40tmo8.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.38:C:\Documents and Settings\Lev\Application Data\Mozilla\Firefox\Profiles\ro9h2xp8.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Bestalantka kakashka\Cookies\bestalantka kakashka@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Levko\Cookies\levko@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.119:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.120:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.121:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.36:C:\Documents and Settings\Lev\Application Data\Mozilla\Firefox\Profiles\ro9h2xp8.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Lev\Cookies\lev@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.18:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.11:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.23:C:\Documents and Settings\Bestalantka kakashka\Application Data\Mozilla\Firefox\Profiles\hf40tmo8.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.44:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Bestalantka kakashka\Cookies\bestalantka kakashka@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Levko\Cookies\levko@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.127:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.128:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.129:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.34:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.35:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.36:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.37:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.38:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.39:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Levko\Cookies\levko@as-eu.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Levko\Cookies\levko@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@as-eu.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.160:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.161:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.55:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.56:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.57:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.60:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.22:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Hotlog : No action taken.
:mozilla.24:C:\Documents and Settings\Bestalantka kakashka\Application Data\Mozilla\Firefox\Profiles\hf40tmo8.default\cookies.txt -> TrackingCookie.Hotlog : No action taken.
C:\Documents and Settings\Peska bestalantka\Cookies\peska bestalantka@hotlog[1].txt -> TrackingCookie.Hotlog : No action taken.
C:\Documents and Settings\Levko\Cookies\levko@kmpads[1].txt -> TrackingCookie.Kmpads : No action taken.
:mozilla.40:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.41:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.42:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.43:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.17:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.39:C:\Documents and Settings\Lev\Application Data\Mozilla\Firefox\Profiles\ro9h2xp8.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.122:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.123:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.124:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.125:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.31:C:\Documents and Settings\Bestalantka kakashka\Application Data\Mozilla\Firefox\Profiles\hf40tmo8.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.32:C:\Documents and Settings\Bestalantka kakashka\Application Data\Mozilla\Firefox\Profiles\hf40tmo8.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.33:C:\Documents and Settings\Bestalantka kakashka\Application Data\Mozilla\Firefox\Profiles\hf40tmo8.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@revenue[2].txt -> TrackingCookie.Revenue : No action taken.
:mozilla.135:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.136:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.137:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.87:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Peska bestalantka\Cookies\peska bestalantka@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Levko\Cookies\levko@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.37:C:\Documents and Settings\Bestalantka kakashka\Application Data\Mozilla\Firefox\Profiles\hf40tmo8.default\cookies.txt -> TrackingCookie.Spylog : No action taken.
:mozilla.49:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Spylog : No action taken.
C:\Documents and Settings\Peska bestalantka\Cookies\peska bestalantka@spylog[1].txt -> TrackingCookie.Spylog : No action taken.
:mozilla.156:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.157:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.158:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.167:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@media.top-banners[1].txt -> TrackingCookie.Top-banners : No action taken.
:mozilla.25:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.26:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.28:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.29:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.30:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.31:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.32:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.33:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Levko\Cookies\levko@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.

C:\WINDOWS\system32\config\systemprofile\Cookies\system@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.31:C:\Documents and Settings\Lev\Application Data\Mozilla\Firefox\Profiles\ro9h2xp8.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.32:C:\Documents and Settings\Lev\Application Data\Mozilla\Firefox\Profiles\ro9h2xp8.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.94:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.95:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.96:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.97:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Lev\Cookies\lev@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.66:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.67:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.68:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.69:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@reduxads.valuead[2].txt -> TrackingCookie.Valuead : No action taken.
:mozilla.17:C:\Documents and Settings\Bestalantka kakashka\Application Data\Mozilla\Firefox\Profiles\hf40tmo8.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.25:C:\Documents and Settings\Peska bestalantka\Application Data\Mozilla\Firefox\Profiles\4vvd8vd4.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\Bestalantka kakashka\Cookies\bestalantka kakashka@yadro[2].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\Peska bestalantka\Cookies\peska bestalantka@yadro[2].txt -> TrackingCookie.Yadro : No action taken.
:mozilla.11:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.13:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.14:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.15:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.16:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Levko\Cookies\levko@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.67:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.68:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.69:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.70:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.71:C:\Documents and Settings\Levko\Application Data\Mozilla\Firefox\Profiles\325oga8u.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Levko\Cookies\levko@zedo[1].txt -> TrackingCookie.Zedo : No action taken.


::Report end

Ok that's all of it, the last three posts contain my Ewido report and my hijackthis log. The viruses have died down for now so the only thing I need to know is just how to stop kaspersky from blocking my firefox browser. Thanks in advance.

opium

Hi, respond in this thread, don't start new topics please.
Thanks

Sorry for starting the new thread, in the last post you said start a new one which i thought meant thread not post. Please be more specific, and again I apologize for this misunderstanding.

Tea,
In addition to the ewido report and hijackthis log (on the previous page) I have some more information. Apparently the virus downloader program is still active and is still downloading ww32.exe files onto the documents and settings folders of any user that logs on, however the file with the virus is inside something called dotrm.dll or something spelled like that.

Hi once again
We meant for you to get the Kaspersky online scan not install the program but now that you have it please (for now at least) uninstall norton antivirus.

Post a report from this tool if any FILES show
F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
Click the i accept button near the bottom of that page.
Download and run blacklite click > scan then > next, next again then exit
there will be a new txt near blacklite. post it please.
Important: If any files show Do not rename them YET.....legitimate files can be listed.

Rename your HijackThis.exe to hjt.exe run it scan save the log and post another please.

As the information requested has not been provided :spider: this topic has been archived.

If you need it re-opened please send me a pm and provide a link to the thread.

Applies only to the original topic starter.