Many unknown files running in the background

[whyMeNow?]

Greetings!

Norton Anti-Virus caught a virus the other day and since then, I have been getting pop-ups and Norton's auto-protection statistics is always scanning "funny filenames" even when I am not doing anything with the computer.

I ran Blacklight, AproposFix and HiJack... not sure what to do now... I will post the logs here:

Blacklight

03/03/06 22:40:00 [Info]: BlackLight Engine 1.0.33 initialized
03/03/06 22:40:00 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/03/06 22:40:00 [Note]: 7019 4
03/03/06 22:40:00 [Note]: 7005 0
03/03/06 22:40:04 [Note]: 7006 0
03/03/06 22:40:04 [Note]: 7011 2000
03/03/06 22:40:04 [Note]: FSRAW library version 1.7.1015
03/03/06 22:44:10 [Note]: 7007 0

AproposFix

Log of AproposFix v1.1

************

Running from directory:
C:\Documents and Settings\Herm\Desktop\aproposfix\aproposfix

************



Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!

HiJackThis with Uninstall Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:54:47 PM, on 03/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\temp\BTseed\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Network -p -pn "" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

ACE Mega CoDecS Pack
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Photoshop 6.0
AFPL Ghostscript 8.50
AFPL Ghostscript Fonts
Ahead Nero - Burning Rom
ALPS Touch Pad Driver
AOL You've Got Pictures Screensaver
ArcSoft Multimedia Email
ArcSoft PhotoImpression 5
aspi
a-squared Free 1.6.5
ATI Control Panel
ATI Display Driver
BitComet 0.62
Broadcom Management Programs 2
CA eTrust PestPatrol
CCHelp
CCScore
CDex extraction audio
Check Point VPN-1 SecureClient NG_AI_R56
Conexant D110 MDC V.9x Modem
Creative WebCam Center
Creative WebCam Instant Driver (1.01.02.0729)
Creative WebCam Instant User's Guide (English)
Dell Driver Reset Tool
Dell Media Experience
Dell Support 5.0.0 (630)
Digital Line Detect
ESSAdpt
ESSANUP
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
Google Talk (remove only)
GSview 4.6
HijackThis 1.99.1
hp LaserJet 1010 Series
ICQ Toolbar
ICQ 5
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer 7 Beta 2 Preview
Internet Explorer Default Page
Java 2 Runtime Environment, SE v1.4.2_03
Kodak EasyShare software
KSU
LaserJet 1020 series
Learn2 Player (Uninstall Only)
LiveUpdate 2.0 (Symantec Corporation)
Macromedia Flash Player 8
Mathcad 11
MATLAB Family of Products Release 14
mCore
mDrWiFi
Messenger Beta
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office 2000 Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Windows Journal Viewer
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (1.0.7)
mPfMgr
mPfWiz
mProSafe
mSSO
mToolkit
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mXML
My Way Search Assistant
mZConfig
NetWaiting
NJStar Communicator
Nortel Networks Multimedia PC Client
Notifier
OrderReminder HP LaserJet 1020
OTtBP
PowerDVD 5.5
QuickSet
RadLight APE DirectShow filter (remove only)
Real Alternative 1.41
Security Task Manager 1.6f
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
SFR
SFR2
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy 1.4
Symantec AntiVirus
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Viewpoint Media Player
Winamp3 (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip
ZoneAlarm

What should be my next step here?

Thanks in advance!

[whyMeNow?]

I tried running ewido and here is the log... will this help?

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:33:42 PM, 04/03/2006
+ Report-Checksum: FD9A6CDE

+ Scan result:

:mozilla.9:C:\Data\Skule\nSci Year 4\ECF Remains\.mozilla\asdf\h0lxnosa.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.8:C:\Data\Skule\nSci Year 4\ECF Remains\.mozilla\asfd\3g90zaed.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.9:C:\Data\Skule\nSci Year 4\ECF Remains\.mozilla\asfd\3g90zaed.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.10:C:\Data\Skule\nSci Year 4\ECF Remains\.mozilla\asfd\3g90zaed.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.12:C:\Data\Skule\nSci Year 4\ECF Remains\.mozilla\asfd\3g90zaed.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.13:C:\Data\Skule\nSci Year 4\ECF Remains\.mozilla\asfd\3g90zaed.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.14:C:\Data\Skule\nSci Year 4\ECF Remains\.mozilla\asfd\3g90zaed.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.7:C:\Data\Skule\nSci Year 4\ECF Remains\.mozilla\default\ybiwxwb8.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.8:C:\Data\Skule\nSci Year 4\ECF Remains\.mozilla\default\ybiwxwb8.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.13:C:\Data\Skule\nSci Year 4\ECF Remains\.mozilla\default\ybiwxwb8.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.16:C:\Data\Skule\nSci Year 4\ECF Remains\.mozilla\default\ybiwxwb8.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.21:C:\Data\Skule\nSci Year 4\ECF Remains\.mozilla\default\ybiwxwb8.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.28:C:\Data\Skule\nSci Year 4\ECF Remains\.mozilla\default\ybiwxwb8.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.29:C:\Data\Skule\nSci Year 4\ECF Remains\.mozilla\default\ybiwxwb8.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.33:C:\Data\Skule\nSci Year 4\ECF Remains\.mozilla\default\ybiwxwb8.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.34:C:\Data\Skule\nSci Year 4\ECF Remains\.mozilla\default\ybiwxwb8.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.35:C:\Data\Skule\nSci Year 4\ECF Remains\.mozilla\default\ybiwxwb8.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.36:C:\Data\Skule\nSci Year 4\ECF Remains\.mozilla\default\ybiwxwb8.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.45:C:\Data\Skule\nSci Year 4\ECF Remains\.mozilla\default\ybiwxwb8.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.46:C:\Data\Skule\nSci Year 4\ECF Remains\.mozilla\default\ybiwxwb8.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.50:C:\Data\Skule\nSci Year 4\ECF Remains\.mozilla\default\ybiwxwb8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Herm\Application Data\Mozilla\Firefox\Profiles\zy70th7f.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
C:\Documents and Settings\Herm\Cookies\herm@techrepublic.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Herm\Local Settings\Temp\ddl1A.tmp.exe -> Downloader.Small.cli : Cleaned with backup
C:\Documents and Settings\Herm\Local Settings\Temp\ddl1C.tmp.exe -> Dialer.Agent.z : Cleaned with backup


::Report End

[whyMeNow?]

Some files such as LPK.dll webcheck.dll seem to be running intermittently. Rundll32.exe and msiexec.exe are examples of processes I don't used to see in task manager. I also notice in "services", there are some very strange services; one example is a Remote Procedure Call (RPC) of which the startup type is greyed-out. When I change the IE options to confirmation required before running scripts, the pop-up dialogue box asking if I would like to run scripts pops up every few seconds... please help me out here...

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:00:22 AM, on 05/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\temp\BTseed\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Network -p -pn "" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

And the uninstall list:

ACE Mega CoDecS Pack
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Photoshop 6.0
AFPL Ghostscript 8.50
AFPL Ghostscript Fonts
Ahead Nero - Burning Rom
ALPS Touch Pad Driver
AOL You've Got Pictures Screensaver
ArcSoft Multimedia Email
ArcSoft PhotoImpression 5
aspi
a-squared Free 1.6.5
ATI Control Panel
ATI Display Driver
BitComet 0.62
Broadcom Management Programs 2
CA eTrust PestPatrol
CCHelp
CCScore
CDex extraction audio
Check Point VPN-1 SecureClient NG_AI_R56
Conexant D110 MDC V.9x Modem
Creative WebCam Center
Creative WebCam Instant Driver (1.01.02.0729)
Creative WebCam Instant User's Guide (English)
Dell Driver Reset Tool
Dell Media Experience
Dell Support 5.0.0 (630)
Digital Line Detect
ESSAdpt
ESSANUP
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
ewido anti-malware
Google Talk (remove only)
GSview 4.6
HijackThis 1.99.1
hp LaserJet 1010 Series
ICQ Toolbar
ICQ 5
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer 7 Beta 2 Preview
Internet Explorer Default Page
Java 2 Runtime Environment, SE v1.4.2_03
Kodak EasyShare software
KSU
LaserJet 1020 series
Learn2 Player (Uninstall Only)
LiveUpdate 2.0 (Symantec Corporation)
Macromedia Flash Player 8
Mathcad 11
MATLAB Family of Products Release 14
mCore
mDrWiFi
Messenger Beta
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office 2000 Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Windows Journal Viewer
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (1.0.7)
mPfMgr
mPfWiz
mProSafe
mSSO
mToolkit
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mXML
My Way Search Assistant
mZConfig
NetWaiting
NJStar Communicator
Nortel Networks Multimedia PC Client
Notifier
OrderReminder HP LaserJet 1020
OTtBP
PowerDVD 5.5
QuickSet
RadLight APE DirectShow filter (remove only)
Real Alternative 1.41
Security Task Manager 1.6f
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
SFR
SFR2
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy 1.4
Symantec AntiVirus
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Viewpoint Media Player
Winamp3 (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip
ZoneAlarm

I know something is wrong but I don't know what it is.

[LonnyRJones]

Hi whyMeNow, Welcome

Your logs look ok, i see ie 7 beta is installed, it is probably the reason your seeing odd things.

You might check a bulletin board where there are more beta testers
such as http://groups.google.com/groups/sear...ew&qt_s=Search

Good luck

[whyMeNow?]

Thank you for reply LonnyRJones...

I find that zone alarm has been blocking outgoint traffic to destination DNS such as kh.l, z1.adserver hop.clickbank.net, orac, www. So this is due to IE7?

[LonnyRJones]

Other opinions might help

Dont depend on any one antivirus program go get preferably two free onlines
Now and weekly or bi-weekly
Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.
Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Save the report and post it back here please if there are any that it is unable to deal with.

[tashi]

How's it going whyMeNow?

[tashi]

Due to lack of a response this topic will be archived.
If you need it re-opened please send me a pm and provide a link to the thread.