Logfile of HijackThis v1.99.1
Scan saved at 9:23:36 AM, on 10/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\adirss.exe
C:\WINDOWS\system32\vhwnkbdn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Temp\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [adir] C:\WINDOWS\system32\adirss.exe
O4 - HKLM\..\Run: [vhwnkbdn] C:\WINDOWS\system32\vhwnkbdn.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [vhwnkbdn] C:\WINDOWS\system32\vhwnkbdn.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161872385809
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B140D6C-6588-4AA0-993D-28DCF579F03B}: NameServer = 170.56.58.53
O17 - HKLM\System\CS1\Services\Tcpip\..\{3B140D6C-6588-4AA0-993D-28DCF579F03B}: NameServer = 170.56.58.53
O17 - HKLM\System\CS2\Services\Tcpip\..\{3B140D6C-6588-4AA0-993D-28DCF579F03B}: NameServer = 170.56.58.53
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Incident Status Location

Virus:Trj/Agent.CXS Disinfected Operating system
Virus:trj/abwiz.a Disinfected Operating system
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[server.iad.liveperson.net/hc/79113249]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[server.iad.liveperson.net/hc/79113249]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.overture.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.bfast.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[statse.webtrendslive.com/S146939]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.atwola.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[server.iad.liveperson.net/hc/51301799]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.c.goclick.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\585f2gpn.default\cookies.txt[.server.iad.liveperson.net/hc/62672927]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@112.2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@ad.yieldmanager[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@bluestreak[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@burstnet[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@c.goclick[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@cgi-bin[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@did-it[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@dist.belnk[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@go[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@statcounter[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@www.burstbeacon[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@www.myaffiliateprogram[1].txt
Virus:Trj/Alanchum.IN Disinfected C:\Documents and Settings\Sandra\Local Settings\Temporary Internet Files\Content.IE5\9JNJHLCY\image1[1].gif
Virus:Trj/SpyBot.AFG Disinfected C:\WINDOWS\SYSTEM32\65.tmp
Virus:Trj/Agent.CVI Disinfected C:\WINDOWS\SYSTEM32\ert.dll
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\SYSTEM32\gcmpaaaa.exe
Virus:Trj/Alanchum.IN Disinfected C:\WINDOWS\SYSTEM32\image1.gif.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\ipw.dll
Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\jwnaaaaa.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\motxwcqc.exe
Virus:Trj/SrchSpy.G Disinfected C:\WINDOWS\SYSTEM32\pquhtaaa.exe
Virus:Trj/SrchSpy.G Disinfected C:\WINDOWS\SYSTEM32\stawflek.exe

Hello,

My previous posts were just the HJT log and the Panda Scan log. I should have included some background on what I've done so far:

- Downloaded latest Spybot S&D 1.4
- Ran Panda online scan
- Rebooted into safe mode, ran S&D, ran S&D again to ensure no more problems found
- Rebooted into normal mode and ran Hijackthis, posted HJT and Panda logs

I also just received the following email from RoadRunner:

Subject:ref AT0000002330402 -- Urgent - Complaint Received Concerning Unsolicited Email (Spam) From Your Computer

Dear Customer,

Please read this email completely as it pertains to your Road Runner account. It will explain why this complaint was issued and how to resolve this abuse issue. Road Runner has received a complaint of Spamming Abuse (Unsolicited Email) that has been recorded and logged as originating from a computer connected to your cable modem. We are aware that the majority of unwanted email is sent through infected or compromised computers with open proxies, backdoor viruses/trojans or unsecured mail servers. A portion of the complaint that this office recently received is listed below:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SpamCop V1.600 ]
This message is brief for your comfort. Please use links below for details.

Email from 66.68.114.238 / Tue, 24 Oct 2006 04:29:59 +0200
http://www.spamcop.net/w3m?i=z1982305905z7493014616c8c1ee99703d2f1fc54bdfz
66.68.114.238 is open proxy, see: http://www.spamcop.net/mky-proxies.html

[ Offending message ]
X-Account-Key: account1
Return-Path: <abbonati@altroconsumo.it>
Received: from modesty.xms.se ([195.198.212.1]) by arwen.xms.se
(Netscape Messaging Server 4.15) with ESMTP id J7MCC700.JTW;
Tue, 24 Oct 2006 04:31:19 +0200
Received: from cpe-66-68-114-238.austin.res.rr.com ([66.68.114.238])
by modesty.xms.se (Netscape Messaging Server 3.6) with ESMTP
id AAADCC for <x>; Tue, 24 Oct 2006 04:29:59 +0200
Message-ID: <0000______________________4442@Buddy>
From: "Philip" <abbonati@altroconsumo.it>
To: <x>
Subject: Disappointed with your sexual health?
Date: Mon, 23 Oct 2006 21:22:51 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="------------ms050807060906070203040308"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
etc.....

Before all this I checked the processes running in Windows Task Manager and saw iesniff.exe - I'm not sure if I managed to get rid of that or not. Please help!

Welcome to the forum

Start Hijackthis and place a check next to these items If there.
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [adir] C:\WINDOWS\system32\adirss.exe
O4 - HKLM\..\Run: [vhwnkbdn] C:\WINDOWS\system32\vhwnkbdn.exe
O4 - HKCU\..\Run: [vhwnkbdn] C:\WINDOWS\system32\vhwnkbdn.exe
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll

====================================
Hit fix checked and close Hijackthis.

Download Pocket Killbox to the desktop (version 2.0.0.648)
http://www.downloads.subratam.org/KillBox.exe
If you already have killbox ensure it is the latest version. ?
Start Killbox place a tick next to [x]Delete on reboot Press the ALL Files button
Copy this whole list into the windows clipboard, all the Bolded below.

C:\WINDOWS\SYSTEM32\65.tmp
C:\WINDOWS\SYSTEM32\ert.dll
C:\WINDOWS\SYSTEM32\gcmpaaaa.exe
C:\WINDOWS\SYSTEM32\image1.gif.exe
C:\WINDOWS\SYSTEM32\ipw.dll
C:\WINDOWS\SYSTEM32\jwnaaaaa.exe
C:\WINDOWS\SYSTEM32\motxwcqc.exe
C:\WINDOWS\SYSTEM32\pquhtaaa.exe
C:\WINDOWS\SYSTEM32\stawflek.exe
C:\WINDOWS\system32\vhwnkbdn.exe
C:\WINDOWS\system32\adirss.exe
c:\WINDOWS\system32\adir.dll

Back in Killbox go > file > paste from clipboard,
Click the red highlighted X button and say yes to the prompt to restart the pc.

Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.

Hi LonnyRJones,

Thanks so much for helping me out. :bigthumb: I did what you requested and here is my combofix listing:

Sandra - 06-10-31 21:14:46.06 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Sandra\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-31 to 2006-10-31 ))))))))))))))))))))))))))))))))))


2006-10-22 09:50 49,739 --a------ C:\WINDOWS\SYSTEM32\taskdir~.exe
2006-10-22 09:48 61 --a------ C:\WINDOWS\SYSTEM32\idhvhri.dll
2006-10-22 09:48 49,664 --a------ C:\WINDOWS\SYSTEM32\instcat.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-26 19:05 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-26 18:57 -------- d-------- C:\Program Files\Windows Media Player
2006-10-26 18:57 -------- d-------- C:\Program Files\Internet Explorer
2006-10-26 18:49 -------- d-------- C:\Program Files\Outlook Express
2006-10-26 01:18 -------- d-------- C:\Program Files\SpywareGuard
2006-10-26 01:14 -------- d-------- C:\Program Files\Norton Internet Security
2006-10-26 01:06 -------- d-------- C:\Program Files\Messenger
2006-10-26 00:57 -------- d-------- C:\Program Files\Google
2006-10-26 00:57 -------- d-------- C:\Program Files\Digital Line Detect
2006-10-26 00:57 -------- d-------- C:\Program Files\Dell Support
2006-09-12 23:01 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2006-08-25 09:45 617472 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll
2006-08-21 06:21 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2006-08-21 03:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
2006-08-16 05:58 100352 --a------ C:\WINDOWS\SYSTEM32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"RealPlayer"="\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\" /RunUPGToolCommandReBoot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"MMTray"="C:\\Program Files\\MUSICMATCH\\Musicmatch Jukebox\\mm_tray.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\instcat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061031-205242-932
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
backup-20061031-205242-827
O4 - HKLM\..\Run: [vhwnkbdn] C:\WINDOWS\system32\vhwnkbdn.exe
backup-20061031-205242-110
O4 - HKCU\..\Run: [vhwnkbdn] C:\WINDOWS\system32\vhwnkbdn.exe
backup-20061031-205242-652
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
backup-20061031-205242-431
O4 - HKLM\..\Run: [adir] C:\WINDOWS\system32\adirss.exe
backup-20061031-205242-141
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-10-31 21:16:36.96
C:\ComboFix.txt ... 06-10-31 21:16

Start Killbox place a tick next to [x]Delete on reboot Press the ALL Files button
Copy this whole list into the windows clipboard, all the Bolded below.

C:\WINDOWS\SYSTEM32\instcat.dll
C:\WINDOWS\SYSTEM32\taskdir~.exe
C:\WINDOWS\SYSTEM32\idhvhri.dll
C:\WINDOWS\System32\iesniff.exe

Back in Killbox go > file > paste from clipboard,
Click the red highlighted X button and say yes to the prompt to restart the pc.

Run Hijackthis scan place a check next to this items and click fix checked
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll

Post back with one more hijackthis log please.

Logfile of HijackThis v1.99.1
Scan saved at 8:12:23 AM, on 11/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Temp\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161872385809
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B140D6C-6588-4AA0-993D-28DCF579F03B}: NameServer = 170.56.58.53
O17 - HKLM\System\CS1\Services\Tcpip\..\{3B140D6C-6588-4AA0-993D-28DCF579F03B}: NameServer = 170.56.58.53
O17 - HKLM\System\CS2\Services\Tcpip\..\{3B140D6C-6588-4AA0-993D-28DCF579F03B}: NameServer = 170.56.58.53
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Looks good
After using the pc for a few hours(half a day or so) let us know if there are any problems

The PC seems to be running much better now but I noticed there's still an "Internet gateway" showing up under network connections. Did you see the email from RoadRunner I posted in my 3rd posting regarding a complaint about unsolicited email from my computer? I'm worried that my pc is being used for spamming.

What can I do?

Some more info:

This morning after reconnecting the troubled PC online, other PCs on my network had very slow outbound email (~2 hours). After disconnecting the network cable on the troubled PC, email is once again working normally on the other machines. I suspect that the troubled PC was flooding the outbound mail server. Is there some way to detect if the PC is being used for spamming?

P.S. The email from RoadRunner about spamming was in my 4th posting titled "Some background info", not the 3rd posting.

Thanks

I saw your comments about RoadRunner
instcat.dll was resposible for the email/spam, unless it returns there should be no problems.
I have had that infection on a test pc and it did not create any new items in network connections.
But if you feel it does not belong there you could make a windows system restore point and delete it.

I created a system restore point and tried to delete the internet gateway and got the following message:

Error Deleting Connection:The connection you selected cannot be deleted.

Then I tried to go into the windows firewall configuration and got the following message:

Due to an unidentified problem, Windows cannot display Windows Firewall settings.

I have another Windows PC connected to the same router (the one I'm using now) and the LAN connection shows no traffic except when I access a webpage, etc. but the suspect PC shows constant packet activity both sent and received (about 10 packets/second I think)

Something seems fishy...any ideas?

When only the effected pc is connected (and not being used) can you get a router log

Can " internet gateway" be disabled ?
Curious how many conections are listed ?

For that error http://windowsxp.mvps.org/sharedaccess.htm

I had already disabled the internet gateway when I looked at packet activity and it's been disabled ever since then (even though it won't allow me to delete the connection alltogether). I'm still able to get online with the gateway disabled. I'm not at the machine right now but there were only two connections under Network Connections - the gateway and the LAN connection. I'll try getting a router log with only the affected machine connected when I'm back at the machine.

Im Glad we could help
Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let one of us know via a PM (personal message).