Consistent spyware alerts

I have been recently getting spyware alerts on the machine from some program that I did not install and run. But it seems to have got into my start-up and I am not able to spot it as well. It gives consistent spyware alerts. Also, the machine doesnt come up successfully on safe mode. I have attached the hijackthis log file below.


---------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 03:44:42, on 11/06/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PCD32\Client32.exe
C:\PROGRA~1\CYBERA~1\casvc.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\progra~1\notes\ntmulti.exe
C:\PROGRA~1\NavNT\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gd.db.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe "
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [CyberArmorLoader] pcsldr.exe
O4 - HKLM\..\Run: [PC-Duo System Snapshot] C:\PCD32\CLBOOT32.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://gd.db.com
O15 - Trusted Zone: http://www.msn.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online for Web Applications) - http://rctoolbox2.uk.db.com/llclient/dbrasclassic/winxp/AXXPEE.dll
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://dbrasweb-hh1.uk.db.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {6E10F5D1-B3E1-4BC2-8E6F-DD859F10F66F} (CAgentLauncher Class) - http://rctoolbox2.uk.db.com/dbras-compliance/cgagent/web/ie/CGAgentATL.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B2FB195-3A7B-4768-AB73-AD8A4F02BEAF}: NameServer = 192.168.1.1,61.1.96.71
O20 - AppInit_DLLs: cahooknt.dll
O23 - Service: Client32 - Productive Computer Insight Ltd - C:\PCD32\Client32.exe
O23 - Service: CyberArmor Run Service (CyberArmorRunService) - Unknown owner - C:\PROGRA~1\CYBERA~1\casvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\progra~1\notes\ntmulti.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

------------------------------------------------------------

Please suggest what needs to be done on this.

 

Hi, sivagi.

I found thread from about a year ago where you had TeMerc help you resolve malware issues.

After that malware problem was resolved, TeMerc stated in post #26 of that thread,

It appears to me you have not patched your Windows XP to SP2. My own HJT Log states "Platform: Windows XP SP2 (WinNT 5.01.2600)" anyway and your recent HJT log does not include the "SP2 ".

If you have not patched your Windows XP installation, is there some reason why you have not done so?

EDIT: By the way, if you need to get SP2, here's a link.

• Microsoft: Order Windows XP Service Pack 2 on CD

 

Yes, I did follow all the steps suggested last time and when installing XP SP2 encountered some errors and hence could not proceed with the installation. I will try it once and post a reply here with the details.

 

I suggest you wait to update to SP2 until after your computer is clean again.

 

Havent received any further response. Could somebody help please?