Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Infection


  • Please log in to reply
8 replies to this topic

#1 Sentry

Sentry

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 27 February 2006 - 02:14 PM

Hi all,
I am having trouble with one of my computers i care for. I was told Win Fixer was on this machine but when i scanned w/ Hijack This i couldn't recognise any of the output. Log file:

Logfile of HijackThis v1.97.7
Scan saved at 9:34:08 AM, on 2/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Creative\8xxx\bbui.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\AOL\1127605587\ee\AOLHostManager.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\AOL\1127605587\ee\AOLServiceHost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\AOL\1127605587\ee\AOLServiceHost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youbet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\jkkll.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [bbui] C:\Program Files\Creative\8xxx\bbui.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127605587\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AOL Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_5_2/controls/ybrequest.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1441/ftp...23/cpbrkpie.cab
O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) - http://racing.youbet.com/wr_5_3/controls/YBUICtrl.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pointsoflight.webex.com/client/v_my...bex/ieatgpc.cab

I also was having trouble running Ad-Aware, i would start the scan. It would find 1 "bad" (i do not remember if it was a registry or not) then get a Blue screen error. I did notice the screen change attribute settings before the Blue screen. After the blues screen i would be anable to restart i would have to hard-shut-down. I also tried running Ad-aware in safe mode but safe mode would not run properly.

I managed to get spyBot Search and destroy to run properly and it just removed cookies but it did find DSO Exploits. Log file before Cookie removal:


--- Search result list ---
TargetNet: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


Advertising.com: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


Adviva: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


Avenue A, Inc.: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


BFast: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


Bluemountain: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


Commission Junction: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


CoolWWWSearch: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


CoreMetrics: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


CoreMetrics: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


CoreMetrics: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


DoubleClick: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1153549680-1551261152-3081962099-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitsLink: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


HitsLink: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


MediaPlex: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


SpyHunter popups: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


Travelocity: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


Travelocity: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


ValueClick: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)



--- Spybot - Search && Destroy version: 1.3 ---
2004-05-12 Includes\Cookies.sbi
2004-05-12 Includes\Dialer.sbi
2004-05-12 Includes\Hijackers.sbi
2004-05-12 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-12 Includes\Malware.sbi
2004-05-12 Includes\Revision.sbi
2004-05-12 Includes\Security.sbi
2004-05-12 Includes\Spybots.sbi
2004-05-12 Includes\Tracks.uti
2004-05-12 Includes\Trojans.sbi


--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player: Windows Media Update 828026
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885626
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)


--- Startup entries list ---
Located: HK_LM:Run, AdaptecDirectCD
command: C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
file: C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
size: 684032
MD5: bfa83b551abd8084b4623887d0e3b53c

Located: HK_LM:Run, ADUserMon
command: C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
file: C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
size: 147456
MD5: d6e82206798f57521805bbb46d79c3a8

Located: HK_LM:Run, AOLDialer
command: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
file: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
size: 496752
MD5: c470f57fb6c4b4df32d694ce0fd2b387

Located: HK_LM:Run, bbui
command: C:\Program Files\Creative\8xxx\bbui.exe
file: C:\Program Files\Creative\8xxx\bbui.exe
size: 258048
MD5: cf58308ac0485d974d1951fe55611ca4

Located: HK_LM:Run, CPQEASYACC
command: C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
file: C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
size: 32768
MD5: 553235e301a6498595720c9e225b9e54

Located: HK_LM:Run, Deskup
command: C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

Located: HK_LM:Run, DrvLsnr
command: C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
file: C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
size: 69632
MD5: 1b98eb0d40f74d0a8d153a52c2db993b

Located: HK_LM:Run, gcasServ
command: "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
file: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 473928
MD5: e8177b5150cab1509d2e9807c3f6366c

Located: HK_LM:Run, HostManager
command: C:\Program Files\Common Files\AOL\1127605587\ee\AOLHostManager.exe
file: C:\Program Files\Common Files\AOL\1127605587\ee\AOLHostManager.exe
size: 159832
MD5: f272c718d0a1608f04e66cad9af43d46

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 126976
MD5: 9ef0f0cc9b413783c0b79d850cdf10b3

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 155648
MD5: 27adecd949700806ea6d0bd632ceac67

Located: HK_LM:Run, Iomega Drive Icons
command: C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
file: C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
size: 86016
MD5: 8bb8b8d1150c344586c46752953c2da6

Located: HK_LM:Run, Pure Networks Port Magic
command: "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
file: C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
size: 99480
MD5: ba99c608a075c44026720d5383f3d75b

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: c341ccfbe98bc7df6e0b856bb9fc265a

Located: HK_LM:Run, SetRefresh
command: C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
file: C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
size: 485376
MD5: d38a601c00279a691e72daf74ac4963b

Located: HK_LM:Run, srmclean
command: C:\Cpqs\Scom\srmclean.exe

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
file: C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
size: 32873
MD5: 3f261a8554d95d66009863dcff1b2f72

Located: HK_LM:Run, UserFaultCheck
command: %systemroot%\system32\dumprep 0 -u
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 13922eb54890c77005268882629a31fe

Located: HK_LM:Run, vptray
command: C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
file: C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
size: 90112
MD5: 4b954730657f43b88a308c41fe570331

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: Startup (common), Acrobat Assistant.lnk
command: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
file: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
size: 217193
MD5: 78bfe3201ada2fe02d1e35d2488e5f55

Located: Startup (common), America Online 9.0 Tray Icon.lnk
command: C:\Program Files\America Online 9.0a\aoltray.exe
file: C:\Program Files\America Online 9.0a\aoltray.exe
size: 156784
MD5: d3e103e5b79a6e8ba5b58e0a7c21523b

Located: Startup (common), AOL Companion.lnk
command: C:\Program Files\AOL Companion\companion.exe
file: C:\Program Files\AOL Companion\companion.exe
size: 250992
MD5: 37560b8c0c1f9048747af7dede90f5ea

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: ACROIEHELPER.OCX
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 5/15/2003 12:47:54 AM
Date (last access): 2/27/2006 10:12:14 AM
Date (last write): 5/15/2003 12:47:54 AM
Filesize: 50376
Attributes: archive
MD5: 0C0E1B2BCAED8DF401BE94D538BCB412
CRC32: 1D771322
Version: 0.6.0.0

{3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} (ATLDistrib Object)
BHO name:
CLSID name: ATLDistrib Object
Path: C:\WINDOWS\system32\
Long name: jkkll.dll
Short name:
Date (created): 11/30/2005 7:05:18 AM
Date (last access): 2/27/2006 10:12:14 AM
Date (last write): 11/30/2005 7:05:24 AM
Filesize: 557108
Attributes: hidden sysfile
MD5: 1F684197D5AE8912A755D3FF8DB7D0F1
CRC32: 5482E616
Version: 255.255.255.255

{AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
BHO name:
CLSID name: AcroIEToolbarHelper Class
Path: C:\Program Files\Adobe\Acrobat 6.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 5/15/2003 1:03:46 AM
Date (last access): 2/27/2006 10:12:14 AM
Date (last write): 5/15/2003 1:03:46 AM
Filesize: 147456
Attributes: archive
MD5: 44BCFF08947790E74BD7CC7532D2B793
CRC32: 0C91890B
Version: 255.255.255.255



--- ActiveX list ---
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 1/12/2006 11:32:12 AM
Date (last access): 2/26/2006 2:00:34 AM
Date (last write): 1/12/2006 11:32:12 AM
Filesize: 543496
Attributes: archive
MD5: 0879BA2D2688BFBD6BB6DDCE3D26B201
CRC32: 2F243889
Version: 0.1.0.4

{670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control)
DPF name:
CLSID name: YouBet Secure Data Transfer Control
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ybreq.dll
Short name:
Date (created): 9/30/2004 2:31:22 PM
Date (last access): 2/27/2006 10:14:12 AM
Date (last write): 9/30/2004 2:31:22 PM
Filesize: 167936
Attributes: archive
MD5: 7F7513291503C3A5DA57E145F23B2BD2
CRC32: 42BE0002
Version: 0.2.0.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_01
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.2_01\bin\
Long name: NPJPI142_01.dll
Short name: NPJPI1~1.DLL
Date (created): 8/19/2067 5:23:36 PM
Date (last access): 2/26/2006 2:00:34 AM
Date (last write): 8/19/2003 5:23:34 PM
Filesize: 65642
Attributes: archive
MD5: 0B668A48CB4845F9D9D335D99C82504C
CRC32: B9AD4E66
Version: 0.1.0.4

{9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control)
DPF name:
CLSID name: cpbrkpie Control
Path: C:\WINDOWS\
Long name: cpbrkpie.ocx
Short name:
Date (created): 6/16/2004 9:53:30 AM
Date (last access): 2/26/2006 2:00:34 AM
Date (last write): 6/16/2004 9:53:30 AM
Filesize: 132712
Attributes: archive
MD5: 520F671BEC590D2E076A0DC95C519930
CRC32: D317C84E
Version: 0.3.0.1

{C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1)
DPF name:
CLSID name: YBUICtrl.FloatWnd.1
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ybuictrl.dll
Short name:
Date (created): 9/7/2004 10:23:56 AM
Date (last access): 2/27/2006 10:14:12 AM
Date (last write): 9/7/2004 10:23:56 AM
Filesize: 37960
Attributes: archive
MD5: 8999150A2147164A79082D8F53F4D491
CRC32: 317A35DB
Version: 0.1.0.0

{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_01
Path: C:\Program Files\Java\j2re1.4.2_01\bin\
Long name: NPJPI142_01.dll
Short name: NPJPI1~1.DLL
Date (created): 8/19/2067 5:23:36 PM
Date (last access): 2/27/2006 10:20:54 AM
Date (last write): 8/19/2003 5:23:34 PM
Filesize: 65642
Attributes: archive
MD5: 0B668A48CB4845F9D9D335D99C82504C
CRC32: B9AD4E66
Version: 0.1.0.4

{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
DPF name:
CLSID name: GpcContainer Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ieatgpc.dll
Short name:
Date (created): 12/30/2004 8:24:08 AM
Date (last access): 2/27/2006 10:14:12 AM
Date (last write): 12/30/2004 8:24:08 AM
Filesize: 62464
Attributes: archive
MD5: DE585A26C2F25C9EFDF42EF91BBD2758
CRC32: C81CF83B
Version: 0.1.0.0



--- Process list ---
Spybot - Search && Destroy process list report, 2/27/2006 10:20:52 AM

PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 184 (1828) C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
PID: 188 (1828) C:\Compaq\EAKDRV\EAUSBKBD.EXE
PID: 200 (1572) C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PID: 240 (1572) C:\Program Files\America Online 9.0a\aoltray.exe
PID: 248 (1572) C:\Program Files\AOL Companion\companion.exe
PID: 280 (2020) C:\Program Files\Common Files\AOL\1127605587\ee\AOLHostManager.exe
PID: 428 ( 4) \SystemRoot\System32\smss.exe
PID: 604 (1984) C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PID: 616 ( 912) C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
PID: 624 ( 428) csrss.exe
PID: 692 ( 428) \??\C:\WINDOWS\system32\winlogon.exe
PID: 736 ( 692) C:\WINDOWS\system32\services.exe
PID: 748 ( 692) C:\WINDOWS\system32\lsass.exe
PID: 912 ( 736) C:\WINDOWS\system32\svchost.exe
PID: 960 ( 736) svchost.exe
PID: 1052 ( 736) C:\WINDOWS\System32\svchost.exe
PID: 1100 ( 736) svchost.exe
PID: 1168 ( 736) svchost.exe
PID: 1208 ( 736) C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
PID: 1388 ( 280) C:\Program Files\Common Files\AOL\1127605587\ee\AOLServiceHost.exe
PID: 1404 ( 736) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PID: 1444 ( 736) C:\PROGRA~1\Iomega\System32\AppServices.exe
PID: 1540 ( 736) C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
PID: 1572 (1464) C:\WINDOWS\Explorer.EXE
PID: 1692 ( 736) C:\WINDOWS\system32\spoolsv.exe
PID: 1784 (1572) C:\WINDOWS\system32\igfxtray.exe
PID: 1792 (1572) C:\WINDOWS\system32\hkcmd.exe
PID: 1800 (1572) C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
PID: 1812 (1572) C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
PID: 1828 (1572) C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
PID: 1836 (1572) C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
PID: 1892 (1572) C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
PID: 1912 (1572) C:\Program Files\Creative\8xxx\bbui.exe
PID: 1920 (1572) C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
PID: 1940 (1572) C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
PID: 1984 (1572) C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
PID: 1992 (1572) C:\Program Files\QuickTime\qttask.exe
PID: 2028 (1572) C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
PID: 2044 (1572) C:\WINDOWS\system32\ctfmon.exe
PID: 2124 ( 736) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PID: 2156 ( 912) C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
PID: 2180 (1388) C:\Program Files\Common Files\AOL\1127605587\ee\AOLServiceHost.exe
PID: 2280 ( 736) C:\WINDOWS\wanmpsvc.exe
PID: 2460 ( 736) C:\Program Files\Iomega\AutoDisk\ADService.exe
PID: 3172 ( 736) alg.exe
PID: 36640 (36516) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 3868 ( 912) wmiprvse.exe


--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 2/27/2006 10:20:52 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://go.compaq.com/1Q00CDT/0409/bl8.asp
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.youbet.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://go.compaq.com/1Q00CDT/0409/bl8.asp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.compaq.com/1Q00CDT/0409/bl7.asp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{79FCBF16-DE9B-414D-AC18-D01CC488754B}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{79FCBF16-DE9B-414D-AC18-D01CC488754B}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{88C0F189-8154-43F5-8BE8-652D3846BA2C}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{88C0F189-8154-43F5-8BE8-652D3846BA2C}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5CB54BB1-9D17-438C-BF66-C047DBCC1D12}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5CB54BB1-9D17-438C-BF66-C047DBCC1D12}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1888CAFF-EAA5-4F77-80D0-D5985DE6A6FB}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1888CAFF-EAA5-4F77-80D0-D5985DE6A6FB}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{73F42A41-821A-4F85-A39D-9FBF5A1BDE5C}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{73F42A41-821A-4F85-A39D-9FBF5A1BDE5C}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C3C02175-C6FB-4554-B37F-431D9C44D365}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C3C02175-C6FB-4554-B37F-431D9C44D365}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

This log is after:


--- Search result list ---
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1153549680-1551261152-3081962099-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3


--- Spybot - Search && Destroy version: 1.3 ---
2004-05-12 Includes\Cookies.sbi
2004-05-12 Includes\Dialer.sbi
2004-05-12 Includes\Hijackers.sbi
2004-05-12 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-12 Includes\Malware.sbi
2004-05-12 Includes\Revision.sbi
2004-05-12 Includes\Security.sbi
2004-05-12 Includes\Spybots.sbi
2004-05-12 Includes\Tracks.uti
2004-05-12 Includes\Trojans.sbi


--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player: Windows Media Update 828026
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885626
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)


--- Startup entries list ---
Located: HK_LM:Run, AdaptecDirectCD
command: C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
file: C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
size: 684032
MD5: bfa83b551abd8084b4623887d0e3b53c

Located: HK_LM:Run, ADUserMon
command: C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
file: C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
size: 147456
MD5: d6e82206798f57521805bbb46d79c3a8

Located: HK_LM:Run, AOLDialer
command: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
file: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
size: 496752
MD5: c470f57fb6c4b4df32d694ce0fd2b387

Located: HK_LM:Run, bbui
command: C:\Program Files\Creative\8xxx\bbui.exe
file: C:\Program Files\Creative\8xxx\bbui.exe
size: 258048
MD5: cf58308ac0485d974d1951fe55611ca4

Located: HK_LM:Run, CPQEASYACC
command: C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
file: C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
size: 32768
MD5: 553235e301a6498595720c9e225b9e54

Located: HK_LM:Run, Deskup
command: C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

Located: HK_LM:Run, DrvLsnr
command: C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
file: C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
size: 69632
MD5: 1b98eb0d40f74d0a8d153a52c2db993b

Located: HK_LM:Run, gcasServ
command: "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
file: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 473928
MD5: e8177b5150cab1509d2e9807c3f6366c

Located: HK_LM:Run, HostManager
command: C:\Program Files\Common Files\AOL\1127605587\ee\AOLHostManager.exe
file: C:\Program Files\Common Files\AOL\1127605587\ee\AOLHostManager.exe
size: 159832
MD5: f272c718d0a1608f04e66cad9af43d46

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 126976
MD5: 9ef0f0cc9b413783c0b79d850cdf10b3

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 155648
MD5: 27adecd949700806ea6d0bd632ceac67

Located: HK_LM:Run, Iomega Drive Icons
command: C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
file: C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
size: 86016
MD5: 8bb8b8d1150c344586c46752953c2da6

Located: HK_LM:Run, Pure Networks Port Magic
command: "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
file: C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
size: 99480
MD5: ba99c608a075c44026720d5383f3d75b

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: c341ccfbe98bc7df6e0b856bb9fc265a

Located: HK_LM:Run, SetRefresh
command: C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
file: C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
size: 485376
MD5: d38a601c00279a691e72daf74ac4963b

Located: HK_LM:Run, srmclean
command: C:\Cpqs\Scom\srmclean.exe

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
file: C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
size: 32873
MD5: 3f261a8554d95d66009863dcff1b2f72

Located: HK_LM:Run, UserFaultCheck
comman

BC AdBot (Login to Remove)

 


#2 dahli

dahli

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 27 February 2006 - 06:32 PM

Hi and welcome,

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to track this thread (Options) so that you are notified when you receive a reply.

Please be patient with me during this time.
Steven

#3 dahli

dahli

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 28 February 2006 - 12:27 PM

Hello,

You are using an outdated version of HijackThis. Please delete your current version and download HijackThis. Double-click on the file you just downloaded. Click on the "Unzip" button to install. It will by default install to the directory - C:\PROGRAM FILES\HIJACKTHIS\

Run the new HijackThis and post a new log.
Steven

#4 Sentry

Sentry
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 28 February 2006 - 01:34 PM

Here is the new log:
Logfile of HijackThis v1.99.1
Scan saved at 10:27:52 AM, on 2/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Creative\8xxx\bbui.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Common Files\AOL\1127605587\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1127605587\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1127605587\ee\AOLServiceHost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youbet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [bbui] C:\Program Files\Creative\8xxx\bbui.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127605587\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_5_2/controls/ybrequest.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1441/ftp...23/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) - http://racing.youbet.com/wr_5_3/controls/YBUICtrl.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pointsoflight.webex.com/client/v_my...bex/ieatgpc.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

I was also able to run VundoFix between this log and the previous log which allowed me to enter safe mode and run Ad-aware in both safe mode and normal mode. I am however still getting DSO exploits in spyBot.

#5 dahli

dahli

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 28 February 2006 - 04:51 PM

Hello,

You are using an old version of Spybot also :thumbsup: - Please uninstall through Add/remove programs.

Download Spybot 1.4 from this site Spybot 1.4. Install the program, update the definitions file and run a scan. Fix all the entries, which are indicated in RED.

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on the "Free To Use ActiveScan" located on the top right hand corner
  • Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  • Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on See report then click Save report
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


Paste the Panda Scan report here together with a new HiJack This log. and any problems your system is having.

Edited by dahli, 05 March 2006 - 07:20 PM.

Steven

#6 Sentry

Sentry
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 28 February 2006 - 06:43 PM

Here are the new scans:
Logfile of HijackThis v1.99.1
Scan saved at 3:15:30 PM, on 2/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [bbui] C:\Program Files\Creative\8xxx\bbui.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127605587\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_5_2/controls/ybrequest.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1441/ftp...23/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) - http://racing.youbet.com/wr_5_3/controls/YBUICtrl.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pointsoflight.webex.com/client/v_my...bex/ieatgpc.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

here is the panda scan:


Incident Status Location

Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@112.2o7[2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ads.gorillanation[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ct.360i[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@did-it[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@entrepreneur[1].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@kount[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@web.tickle[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@yadro[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sy9uu1j3.default\cookies.txt[.com.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sy9uu1j3.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sy9uu1j3.default\cookies.txt[statse.webtrendslive.com/dcspmlfn66twkfocu55nbix84_4c4t]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sy9uu1j3.default\cookies.txt[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sy9uu1j3.default\cookies.txt[dcspmlfn66twkfocu55nbix84_4c4t]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@112.2o7[2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ads.gorillanation[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ct.360i[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@did-it[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@entrepreneur[1].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@kount[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@web.tickle[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@yadro[2].txt
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YPOF2TY5\WinFixer2006FreeInstall2[1].cab[UWFX6_0001_N68M1302NetInstaller.exe]
Adware:Adware/Coupons Not disinfected C:\WINDOWS\cpbrkpie.ocx


i did notice winfixer in the last line i am on my way to remove it. Hopefully it is the right decision as i have about 45 mins to commit to that decision. This machine needs to go into production tomorrow and i will not be able to work on it after i leave in 47 minutes :thumbsup: thank you for your help in advance.

#7 dahli

dahli

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 28 February 2006 - 07:00 PM

Please Download and Install Ewido --

1. Download Ewido security suite from http://download.ewido.net/ewido-setup.exe
2. After the download is complete, double click on the file to launch the install process.
3. During installation under the Additional Options menu, you will be asked if you want to "Install background guard (required for automatic updates)" and "Install scan via context menu". Please UNCHECK both of these options.
4. Once installation is complete, launch Ewido by double-clicking the big "E" icon on your desktop. The program will prompt you to update -- click the 'OK' button.
5. The program will now go to the main screen. On the left hand side of the main screen, click on Update and then click 'Start Update'. The update will start and a progress bar will show the updates being installed. After the updates are installed, you will see 'Update Successful' in the lower left corner.

Once the updates are installed do the following:

Please reboot into Safemode:
Turn on the computer.
Immediately begin tapping the F8 key (or F5 on some computers)
Use the arrow keys to highlight Safe Mode and press the Enter key.

When your computer is booted into Safe Mode, then continue.

6. Click on 'Scanner' (the 3rd bar from the top on the left) and Choose 'Settings'
7. Please make sure 'Scan Every File' is selected. Finally, please click 'OK'
8. On the main screen, please select 'Complete System Scan' and the scan should begin.
9. While the scan is in progress, you will be prompted to clean the first infected file it finds. Choose Remove, then put a check next to 'Perform action on all infections' in the the box. Doing this, enables the scan to proceed automatically until its completion. Click OK
10. When the scan is complete, click "Save Report". Your scan results will be saved in a textfile. Please submit that with your next post.

If Ewido "crashes" or "hangs" during the scan, try scanning again by doing this:

1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.

2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.

:!: Note: Ewido is a free trial product for 14 days. Since Ewido is a trial version, the realtime guard and automatic update will stop functioning after 14 days that is why we are not installing the guard so it will not interfere with the cleanup or the malware removal process. You can use Ewido as an on-demand scanner (recommended) but you will have to manually update the definition file each time you scan. If you decide to purchase Ewido, you can enable the 'Realtime Protect' and 'Automatic Update' functions by clicking on the 'Status' bar (Top left) and clicking on both items under "Your Security Status".

Post the Ewido log
Steven

#8 Sentry

Sentry
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 03 March 2006 - 12:31 PM

Here is the ewido log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 7:38:35 AM, 3/1/2006
+ Report-Checksum: 666A4FC2

+ Scan result:

HKU\S-1-5-21-1153549680-1551261152-3081962099-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} -> Adware.Virtumonde : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sy9uu1j3.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sy9uu1j3.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@genentech.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@imgserv.adbutler[1].txt -> TrackingCookie.Adbutler : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@reciperewards.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@rotator.dex.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@thunderbolt.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4cpajmcqaydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloendjmgoqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YPOF2TY5\WinFixer2006FreeInstall2[1].cab/UWFX6_0001_N68M1302NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ieatgpc.dll -> Adware.WebEx : Cleaned with backup


::Report End



The computer was in better shape when we sent it back into production if you think i need anything else don't hesitate to mention it. Implimentation would be a bit of a problem since i wouldn't have easy access to the box. Thank you for the help.

#9 dahli

dahli

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 03 March 2006 - 01:43 PM

We got the main infections eliminated. All that is left is "housekeeping". If it is too difficult to access it and it is running fine - you should be good to go.

Edited by dahli, 05 March 2006 - 07:19 PM.

Steven




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users