Free Malware Removal Forum

[c_thevarge]

Please view my HighjackThis log. I am not sure what is wrong with my computer. When I try and download an attachment through my email account with msn hotmail, a widow appears that says:

IE cannot download from 65.54.224...
IE was not able to open this internet site. The requested site is either unavailable or cannot be found. Please try again later.

I have scanned my computer with Avast and Symantec, they both said that I was not infected. I have also used Spybot, with no results.

Logfile of HijackThis v1.99.1
Scan saved at 4:50:02 PM, on 15/06/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\DRIVERS\dcfssvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pctspk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\ezSP_Px.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [ADinf32] "C:\Program Files\ADinf\APEEEKCB.EXE" "-a"
O4 - HKCU\..\Run: [AD_SCHED] "C:\Program Files\Common Files\ADT Shared\Scheduler\ADSched.exe"
O4 - HKCU\..\Run: [AD_AGENT] "C:\Program Files\ADinf\AD_AGENT.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .adp: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId= ... lcid=0x409
O16 - DPF: {64BF0FA0-FEBF-11D3-AAE7-00C04F6EA180} (LDBC Map Viewer) - http://ldbcweb.landdata.gov.bc.ca:8001/ ... elease.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D02A0920-C646-4DD8-B81D-BE2CD0F297AE}: NameServer = 204.174.64.1 204.174.65.1
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINNT\System32\DRIVERS\dcfssvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

[NonSuch]

Hello, and welcome to the forums!

Actually, your HijackThis log looks pretty clean. There are a couple of things we can remove, but I doubt if they have anything at all to do with your problem...

Please scan with HijackThis and place a check mark next to the following entries. Then, with all other programs/windows closed, click "Fix checked."

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

Exit HijackThis when finished.

Let's do a little cleaning up...

First, download, install, and run CCleaner (so the scans won't take as long because CCleaner will clear out temporary files) *NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!

Download CCleaner from here to clean temp files from your computer.

• Double click on the file to start the installation of the program.
• Select your language and click OK, then next.
• Read the license agreement and click I Agree.
• Click next to use the default install location. Click Install then finish to complete installation.
• Double click the CCleaner shortcut on the desktop to start the program.
• On the Windows tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
• If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
• Click Run Cleaner to run the program.
• Caution : It is not recommended to use the "Issues" tab unless you are very familiar with the registry as it has been known to find legitimate items.
• After it has completed its process, click Exit.

Please download Ewido Security Suite

• Install ewido security suite
• When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu."
• Launch ewido, there should be a big E icon on your desktop, double-click it.
• The program will prompt you to update click the OK button
• The program will now go to the main screen
  
  You will need to update ewido to the latest definition files.
  
  
• On the left hand side of the main screen click update
• Click on Start
  
  The update will start and a progress bar will show the updates being installed.
  
  Once the updates are installed do the following:
  
  
• Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Then, run Ewido.
• Click on scanner
• Make sure the following boxes are checked before scanning:
  • Binder
  • Crypter
  • Archives
• Click on Start Scan
• Let the program scan the machine
  
  While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "clean," then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.
  
  Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
  
  
• Click Save report
• Save the report to your desktop

Reboot into normal mode.

Then, please run this online virus scan:
ActiveScan


Save the results from ActiveScan, and reboot when finished.


Next, see the instructions here for downloading Ad-aware SE Personal v 1.06 and configuring it to run a scan.

Please post the log from Ewido, the log from ActiveScan, and a new HiJackThis log into this topic.

[c_thevarge]

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:02:39 PM, 03/07/2005
+ Report-Checksum: 66615491

+ Date of database: 04/07/2005
+ Version of scan engine: v3.0

+ Duration: 124 min
+ Scanned Files: 43081
+ Speed: 5.77 Files/Second
+ Infected files: 0
+ Removed files: 0
+ Files put in quarantine: 0
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
D:\

+ Scan result:
No infected files found!

::Report End


---------------------------
ActiveScan Report
---------------------------

Scan finished
Scan report
No viruses have been found!

System Files Messages
Scanned Yes 87103 1
Infected - 0 0
Suspicious - 0 0
Disinfected 0 0


-----------------------------
HijackThis Log Report
-----------------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:08:06 PM, on 04/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\DRIVERS\dcfssvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pctspk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\ezSP_Px.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [ADinf32] "C:\Program Files\ADinf\APEEEKCB.EXE" "-a"
O4 - HKCU\..\Run: [AD_SCHED] "C:\Program Files\Common Files\ADT Shared\Scheduler\ADSched.exe"
O4 - HKCU\..\Run: [AD_AGENT] "C:\Program Files\ADinf\AD_AGENT.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .adp: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId= ... lcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {64BF0FA0-FEBF-11D3-AAE7-00C04F6EA180} (LDBC Map Viewer) - http://ldbcweb.landdata.gov.bc.ca:8001/ ... elease.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINNT\System32\DRIVERS\dcfssvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


--------------------------
Ad-Aware SE Build 1.06r1
--------------------------
Logfile Created on:July 4, 2005 5:27:47 PM
Using definitions file:SE1R52 30.06.2005

References detected during the scan:
Alexa(TAC index:5):1 total references
Tracking Cookie(TAC index:3):1 total references

Ad-Aware SE Settings
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


04/07/2005 5:27:47 PM - Scan started. (Full System Scan)

Listing running processes

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 148
ThreadCreationTime : 04/07/2005 11:35:10 PM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 172
ThreadCreationTime : 04/07/2005 11:35:16 PM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 192
ThreadCreationTime : 04/07/2005 11:35:18 PM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 220
ThreadCreationTime : 04/07/2005 11:35:20 PM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 232
ThreadCreationTime : 04/07/2005 11:35:20 PM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 412
ThreadCreationTime : 04/07/2005 11:35:25 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 440
ThreadCreationTime : 04/07/2005 11:35:27 PM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [aswupdsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 500
ThreadCreationTime : 04/07/2005 11:35:30 PM
BasePriority : Normal

#:9 [ashserv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 520
ThreadCreationTime : 04/07/2005 11:35:30 PM
BasePriority : High
FileVersion : 4, 6, 652, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright (c) 2005 ALWIL Software
OriginalFilename : aswServ.exe

#:10 [dcfssvc.exe]
FilePath : C:\WINNT\System32\DRIVERS\
ProcessID : 548
ThreadCreationTime : 04/07/2005 11:35:32 PM
BasePriority : Normal
FileVersion : 1.1.4100.0
ProductVersion : 3.2.0400.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
LegalCopyright : Copyright (C) Eastman Kodak Co. 2000-1
OriginalFilename : DcFsSvc.exe

#:11 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 564
ThreadCreationTime : 04/07/2005 11:35:32 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:12 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 588
ThreadCreationTime : 04/07/2005 11:35:34 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:13 [ptssvc.exe]
FilePath : C:\Program Files\KODAK\KODAK Picture Transfer Software\
ProcessID : 628
ThreadCreationTime : 04/07/2005 11:35:35 PM
BasePriority : Normal
FileVersion : 2.0.0300
ProductVersion : 2.0.0300
ProductName : KODAK PTS service
CompanyName : KODAK
FileDescription : ptssvc
InternalName : ptssvc
LegalCopyright : Copyright © 2001 Eastman Kodak Company
OriginalFilename : ptssvc.exe

#:14 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 696
ThreadCreationTime : 04/07/2005 11:35:35 PM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:15 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 672
ThreadCreationTime : 04/07/2005 11:35:36 PM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:16 [stisvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 764
ThreadCreationTime : 04/07/2005 11:35:38 PM
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright (C) Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:17 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ProcessID : 848
ThreadCreationTime : 04/07/2005 11:35:39 PM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright (C) Microsoft Corp. 1995-1999

#:18 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 864
ThreadCreationTime : 04/07/2005 11:35:39 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:19 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1072
ThreadCreationTime : 04/07/2005 11:37:41 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:20 [pctspk.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1396
ThreadCreationTime : 04/07/2005 11:37:45 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : pctvoice Application
FileDescription : pctvoice MFC Application
InternalName : pctvoice
LegalCopyright : Copyright (C) 2001
OriginalFilename : pctvoice.EXE

#:21 [ashdisp.exe]
FilePath : C:\PROGRA~1\ALWILS~1\Avast4\
ProcessID : 1404
ThreadCreationTime : 04/07/2005 11:37:45 PM
BasePriority : Normal
FileVersion : 4, 6, 652, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright (c) 2005 ALWIL Software
OriginalFilename : aswDisp.exe

#:22 [ezsp_px.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1412
ThreadCreationTime : 04/07/2005 11:37:46 PM
BasePriority : Normal

#:23 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Acrobat 6.0\Distillr\
ProcessID : 1432
ThreadCreationTime : 04/07/2005 11:37:47 PM
BasePriority : Normal
FileVersion : 6.0.0.2003051500
ProductVersion : 6.0.0.0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe

#:24 [backweb-7288971.exe]
FilePath : C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\
ProcessID : 1080
ThreadCreationTime : 04/07/2005 11:37:47 PM
BasePriority : Normal

#:25 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1460
ThreadCreationTime : 04/07/2005 11:42:55 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:26 [ashmaisv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1116
ThreadCreationTime : 04/07/2005 11:47:02 PM
BasePriority : Normal

#:27 [ashwebsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 424
ThreadCreationTime : 04/07/2005 11:47:04 PM
BasePriority : Normal


Memory scan result:
New critical objects: 0
Objects found so far: 0

Started registry scan

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-1844237615-813497703-839522115-500\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
New critical objects: 1
Objects found so far: 1


Started deep registry scan

Deep registry scan result:
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan

Tracking cookie scan result:
New critical objects: 0
Objects found so far: 1


Deep scanning and examining files (C:)

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\guest\Cookies\guest@mediaplex[1].txt

Disk Scan Result for C:\
New critical objects: 0
Objects found so far: 2


Deep scanning and examining files (D:)

Disk Scan Result for D:\
New critical objects: 0
Objects found so far: 2


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".

Hosts file scan result:
1 entries scanned.
New critical objects:0
Objects found so far: 2


Performing conditional scans...

Conditional scan result:
New critical objects: 0
Objects found so far: 2

5:38:50 PM Scan Complete

Summary Of This Scan
Total scanning time:00:11:02.773
Objects scanned:79154
Objects identified:2
Objects ignored:0
New critical objects:2

[NonSuch]

Hello,

Your logs are clean. Ad-aware found a couple of tracking cookies and Alexa, just minor stuff, and that's all. Your ewido log is squeaky clean as are the results of your Panda ActiveScan. Your HijackThis log looks good too.

Perhaps you should contact MSN Hotmail Technical Support as MSN Hotmail has of late been reported to have a number of problems associated with attachments. This may be related to the problems you're experiencing.

There's a topic on Hotmail attachments at FreedomList...
http://www.freedomlist.com/forum/viewto ... sc&start=0

This topic begins in December '04 and continues through June for some eight pages. Perhaps there's something there that may shed some light on your situation.

In any event, here's the information we usually post to folks whose system is clean. I believe you'll find it to be useful.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
   You can find instructions on how to enable and re enable system restore here:
   Managing Windows Millennium System Restore
   or
   Windows XP System Restore Guide
   re-enable system restore with instructions from tutorial above
   
2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
   
   
   1. From within Internet Explorer click on the Tools menu and then click on Options.
   2. Click once on the Security tab
   3. Click once on the Internet icon so it becomes highlighted.
   4. Click once on the Custom Level button.
      
      
      
      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialise and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
   5. Next press the Apply button and then the OK to exit the Internet Properties page.
3. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone anti virus programs:
   Computer Safety On line - Anti-Virus
   
4. Update your Anti Virus Software - It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
   
5. Use a Firewall - I cannot stress how important it is that you use a firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. For an article on firewalls and a listing of some available ones see the link below:
   Computer Safety On line - Software Firewalls
   
6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer always has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
   This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
   Instructions for - Spybot S & D and Ad-aware
   
8. Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
   Instructions for - Spybot S & D and Ad-aware
   
9. Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
   Computer Safety on line - Anti-Malware
   
10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Best of luck to you.

[NonSuch]

Glad we could be of assistance.

As this issue appears to be resolved, this topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.